[Samba] Auto generated certificates?

Harald Hannelius harald+samba at arcada.fi
Wed Nov 9 08:41:53 UTC 2022

On Tue, 8 Nov 2022, Rowland Penny via samba wrote:
> On 08/11/2022 08:47, Harald Hannelius via samba wrote:
>> I read that Samba creates self-signed certificates for itself when started 
>> the first time. These have a lifetime of 700 days. Does this mean that 
>> Samba will stop working 700 days after installing it unless I renew these 
>> myself manually?
>> Are there caveats in using our own self-signed certs with longer lifetimes 
>> or even "real" certificates?
>> Also, wouldn't it be good if all Samba certificates would have a Alternate 
>> Name of "DOMAIN" so when e.g. ldap-clients connect to the domain-address 
>> the certificate would match?
> The real question is: what are you using the certificates for ?

We would like to create, delete and modify accounts. Lock accounts, and 
change passwords via a PHP library.

It would be nice to use the ldaps port, just in case.

> If it is for ldap searches, then can I suggest you use kerberos instead, it 
> is even more secure.

A little concerned about data on the wire.


Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020

More information about the samba mailing list