[Samba] AD-level Certificate Authorities with samba?

Joachim Lindenberg samba at lindenberg.one
Mon Dec 18 15:02:26 UTC 2023


I am using Letsencrypt certificates everywhere, including all samba domain members and internal services. Of course that requires internal names to have at least wildcard DNS-resolution for letsencrypt, and proxying port 80 to the relevant letsencrypt service. But it saves me from configuring trust anchors manually across all clients.
Joachim

-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Kees van Vloten via samba
Gesendet: Montag, 18. Dezember 2023 14:54
An: samba at lists.samba.org
Betreff: Re: [Samba] AD-level Certificate Authorities with samba?


Op 17-12-2023 om 17:54 schreef Michael Tokarev via samba:
> Hi!
>
> What's the way to have a domain-based certificate authority so that 
> various TLS services can be enabled within a domain, including LDAPS 
> and other similar services?
>
> The whole CA thing is already complex enough, microsoft has tools to 
> do all this on their domain management collection (Active Directory 
> Certificate Services).  What's the way to do all this in/with samba- 
> based AD?

I am using easyrsa to manage certificates, it does what it says, it is easy :-)

Copy the certs and keys to the right location and update smb.conf
accordingly: scp and some scripting will do the trick.

- Kees.

>
> Thanks,
>
> /mjt
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list