[Samba] Auto generated certificates?

Harald Hannelius harald+samba at arcada.fi
Fri Nov 11 07:46:48 UTC 2022

On Wed, 9 Nov 2022, Rowland Penny via samba wrote:
> On 09/11/2022 12:29, Kees van Vloten via samba wrote:
>> You're right about kerberos, it sends encrypted data.
>> But reading the use-case: create, modify, delete, (etc.) accounts, I don't 
>> see how that can be done with kerberos alone.
> You can do most of those with samba-tool, the only problem would be 'modify'. 
> You can rename a user with samba-tool, but if want to just change an 
> attribute value, you will need to write a script around ldbsearch and 
> ldbmodify.

We are actually doing this right now, from PHP through SSH. But the overhead 
of starting a SSH-session, starting smb-tool and then doing the operation 
for every user is too much when we have thousands of users. We also have the 
need to create and remove hundreds of users every spring and autumn.

That's why we want to use a library in PHP and LDAP instead. If I understood 
my colleague correctly we can decrese the time for each operation at least 
one order of magnitude.


Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020

More information about the samba mailing list