[Samba] Enable TLS with own Certificates on Member DC

Hans Schulze h.schulze at labor-ostsachsen.de
Thu Sep 14 08:36:07 UTC 2023


some short questions: For the pdc i have created new certificates and 
enabled tls in smb.conf, like...

tls enabled = yes
         tls certfile = /var/lib/samba/private/tls/dc1-cert.pem
         tls keyfile = /var/lib/samba/private/tls/secure/dc1-privkey.pem
         tls cafile = /var/lib/samba/private/tls/interca.pem
         tls crlfile = /var/lib/samba/private/tls/interca.crl
         tls dhparams file = /var/lib/samba/private/tls/dc1dhparams.pem

I proceeded according to the following tutorial:


How is the TLS configured on the member/secondary domain controllers? 
For each dc his own dh parameters? Is the rest of the configuration 
otherwise the same to the pdc?

I found no informations about it and had some trouble with 
authentication first time i tried.


More information about the samba mailing list