[Samba] AD-level Certificate Authorities with samba?

Kees van Vloten keesvanvloten at gmail.com
Mon Dec 18 13:54:07 UTC 2023


Op 17-12-2023 om 17:54 schreef Michael Tokarev via samba:
> Hi!
>
> What's the way to have a domain-based certificate authority so that
> various TLS services can be enabled within a domain, including
> LDAPS and other similar services?
>
> The whole CA thing is already complex enough, microsoft has tools to
> do all this on their domain management collection (Active Directory
> Certificate Services).  What's the way to do all this in/with samba-
> based AD?

I am using easyrsa to manage certificates, it does what it says, it is 
easy :-)

Copy the certs and keys to the right location and update smb.conf 
accordingly: scp and some scripting will do the trick.

- Kees.

>
> Thanks,
>
> /mjt
>



More information about the samba mailing list