[Samba] DCs: TLS question
miguel medalha
medalist at sapo.pt
Tue Jan 7 12:19:22 UTC 2025
> In a samba-domain at a customer we use the AD-DCs for authenticating
> VPN-users.
> I export the ca.pem and cert.pem from /var/lib/samba/private/tls and
> import them in the pfSense we use as VPN gateway.
> When the certs are close to expiry I rm the files from that directory
> and let samba recreate all 3 files (CA, key, cert)
I also use OpenVPN with pfSense but I use the opposite method: create the
CA, key, and certificate in pfSense, export them and use them in Samba, with
the corresponding lines in the DC's smb.conf. For example:
tls cafile = tls/myca.crt
tls certfile = tls/mycertificate.crt
tls keyfile = tls/mykey.key
This way it is possible to have more control over the expiry dates of
certificates.
More information about the samba
mailing list