[Samba] AD-level Certificate Authorities with samba?
Andrew Bartlett
abartlet at samba.org
Mon Dec 18 00:37:46 UTC 2023
On Sun, 2023-12-17 at 19:54 +0300, Michael Tokarev via samba wrote:
> Hi!
> What's the way to have a domain-based certificate authority so
> thatvarious TLS services can be enabled within a domain,
> includingLDAPS and other similar services?
> The whole CA thing is already complex enough, microsoft has tools
> todo all this on their domain management collection (Active
> DirectoryCertificate Services). What's the way to do all this
> in/with samba-based AD?
You run it the same as any other CA, outside Samba, and just replace
Samba's auto-generated certs. Modern Samba versions even have a
smbcontrol signal to allow reload without a restart.
What we don't have is the certificate auto-enrolment stuff.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list