Web lists-archives.com

Re: [Samba] Samba and AD Certificate Services

Hai Pierro, 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Pietro Stäheli via samba
> Verzonden: vrijdag 15 februari 2019 10:48
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: [Samba] Samba and AD Certificate Services
> Hi folks,
> Does anybody have experience using ADCS in conjunction with Samba? I
> would like to create certificates using ADCS as a CA to create
> certificates to be deployed to servers running web applications. It
> would be very convenient to have joined Windows computers 
> automatically
> trust certificates issued my own CA instead of having to import
> certificates manually on every browser on every computer.

Your looking for this: 

Dont look at the "Smart Card Login" part but the pics here show perfeclty howto do this. 

> Is that scenario possible running only Samba? I can't find much in the
> way of documentation.

Hmm, there was more on the wiki.. I'll do a extra search.. 

> Am I correct in understanding that the certificates and keys in
> private/tls/ are only meant to enable StartTLS/LDAPS connections?
For samba yes, but if you add the RootCA to you computers then you can do with with what you want. 

Small tip of you want own certs.
 https://hohnstaedt.de/xca/ but you can use anything you like to generate certs. 
If you search good in the list, you wil find some user that make lets encrypt work also with dehydrated. 

> Pietro



To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba