[Samba] Samba Certificates with OpenVPN
Andrew Bartlett
abartlet at samba.org
Tue Feb 14 02:45:45 UTC 2023
On Mon, 2023-02-13 at 12:25 -0500, Marco Shmerykowsky via samba wrote:
> I'm setting up a VPN using Samba's AD for user
> authentication. Everything seems to check out
> on the PFsense side. Authentication is reported
> as successful, but when I try to connect to
> the actual network, I get:
>
> "Certificate does not have key usage extension."
> "certificate verify failed"
>
> Is this an issue with samba's self generated certificates
> or I should I be looking elsewhere for the issue?
>
> Thanks
Samba's self-generated certificates are really only a stop-gap for the
LDAP server.
If you have specific needs, please generate and sign your own
certificate.
This error, for example, would be as part of a design that avoids the
VPN client from impersonating the server, I think.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
More information about the samba
mailing list