Re: [Samba] dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
- Date: Mon, 14 Jan 2019 10:49:43 +0100
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
Thank you for sharing this very apriciated.
If i may, a few small suggestion, to make is little bit better to read/understand.
In this line:
samba-tool domain exportkeytab --principal=dehydrated-service@YOUR.DOMAIN /home/dehydrated/etc/dehydrated-service.keytab
@YOUR.DOMAIN could you change this to : @YOUR.REALM
Because of this. ( per example )
DNS domain = primary.dnsdomain.tld and for REALM = YOUR.REALM. ( 2 different things here dont mix them. )
YOUR.REALM is not the same as primary.dnsdomain.tld.
REALM domain = PRIMARY.DNSDOMAIN.TLD or better translated as : YOUR.REALM ( to keep some confusion away and in CAPS )
Even when (dnsdomain) primary.dnsdomain.tld has the same REALM DOMAIN PRIMARY.DNSDOMAIN.TLD ( == YOUR.REALM )
These are not the same things.
I suggest :
Since its running on the DC your updateing.
You should be able to use :
Keep REALM always in CAPS. Show the difference between the primary.dnsdomain.tld and REALMs.
Create that one on ramdisk.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> Jakob Lenfers via samba
> Verzonden: maandag 14 januari 2019 9:49
> Aan: Rowland Penny; samba@xxxxxxxxxxxxxxx
> Onderwerp: [Samba] dehydrated hook for LetsEncrypt certs and
> samba dns (was: samba-tool auth in scripts)
> Am 11.01.19 um 11:17 schrieb Jakob Lenfers via samba:
> > Yes, that worked. Thanks both of you!
> If anybody wants to use LetsEncrypt with Samba-DNS and dehydrated, you
> can check out my hook script:
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the