[Samba] AD-level Certificate Authorities with samba?

Andrew Bartlett abartlet at samba.org
Mon Dec 18 00:37:46 UTC 2023


On Sun, 2023-12-17 at 19:54 +0300, Michael Tokarev via samba wrote:
> Hi!
> What's the way to have a domain-based certificate authority so
> thatvarious TLS services can be enabled within a domain,
> includingLDAPS and other similar services?
> The whole CA thing is already complex enough, microsoft has tools
> todo all this on their domain management collection (Active
> DirectoryCertificate Services).  What's the way to do all this
> in/with samba-based AD?

You run it the same as any other CA, outside Samba, and just replace
Samba's auto-generated certs.  Modern Samba versions even have a
smbcontrol signal to allow reload without a restart.
What we don't have is the certificate auto-enrolment stuff.
Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead                https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions


More information about the samba mailing list