[Samba] DCs: TLS question

miguel medalha medalist at sapo.pt
Tue Jan 7 12:19:22 UTC 2025


> In a samba-domain at a customer we use the AD-DCs for authenticating 
> VPN-users.

> I export the ca.pem and cert.pem from /var/lib/samba/private/tls and 
> import them in the pfSense we use as VPN gateway.

> When the certs are close to expiry I rm the files from that directory 
> and let samba recreate all 3 files (CA, key, cert)

I also use OpenVPN with pfSense but I use the opposite method: create the
CA, key, and certificate in pfSense, export them and use them in Samba, with
the corresponding lines in the DC's smb.conf. For example:

tls cafile = tls/myca.crt
tls certfile = tls/mycertificate.crt
tls keyfile = tls/mykey.key

This way it is possible to have more control over the expiry dates of
certificates.





More information about the samba mailing list