[Samba] AD-level Certificate Authorities with samba?
Joachim Lindenberg
samba at lindenberg.one
Mon Dec 18 15:02:26 UTC 2023
I am using Letsencrypt certificates everywhere, including all samba domain members and internal services. Of course that requires internal names to have at least wildcard DNS-resolution for letsencrypt, and proxying port 80 to the relevant letsencrypt service. But it saves me from configuring trust anchors manually across all clients.
Joachim
-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Kees van Vloten via samba
Gesendet: Montag, 18. Dezember 2023 14:54
An: samba at lists.samba.org
Betreff: Re: [Samba] AD-level Certificate Authorities with samba?
Op 17-12-2023 om 17:54 schreef Michael Tokarev via samba:
> Hi!
>
> What's the way to have a domain-based certificate authority so that
> various TLS services can be enabled within a domain, including LDAPS
> and other similar services?
>
> The whole CA thing is already complex enough, microsoft has tools to
> do all this on their domain management collection (Active Directory
> Certificate Services). What's the way to do all this in/with samba-
> based AD?
I am using easyrsa to manage certificates, it does what it says, it is easy :-)
Copy the certs and keys to the right location and update smb.conf
accordingly: scp and some scripting will do the trick.
- Kees.
>
> Thanks,
>
> /mjt
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list