[Samba] Auto generated certificates?
Harald Hannelius
harald+samba at arcada.fi
Wed Nov 9 08:41:53 UTC 2022
On Tue, 8 Nov 2022, Rowland Penny via samba wrote:
> On 08/11/2022 08:47, Harald Hannelius via samba wrote:
>>
>> I read that Samba creates self-signed certificates for itself when started
>> the first time. These have a lifetime of 700 days. Does this mean that
>> Samba will stop working 700 days after installing it unless I renew these
>> myself manually?
>>
>> Are there caveats in using our own self-signed certs with longer lifetimes
>> or even "real" certificates?
>>
>> Also, wouldn't it be good if all Samba certificates would have a Alternate
>> Name of "DOMAIN" so when e.g. ldap-clients connect to the domain-address
>> the certificate would match?
>>
> The real question is: what are you using the certificates for ?
We would like to create, delete and modify accounts. Lock accounts, and
change passwords via a PHP library.
It would be nice to use the ldaps port, just in case.
> If it is for ldap searches, then can I suggest you use kerberos instead, it
> is even more secure.
A little concerned about data on the wire.
--
Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
More information about the samba
mailing list