Difference between revisions of "Systems/Services/Samba"
Jump to navigation
Jump to search
Amishhammer (talk | contribs) |
|||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | {{mbox |type=warning |text=This information is out of date. [[IT Infrastructure|Up-to-date IT information can be found here]] }} | ||
== Creating SSL CA and certs == | == Creating SSL CA and certs == | ||
| Line 31: | Line 32: | ||
tls cafile = tls/rootCA.pem | tls cafile = tls/rootCA.pem | ||
</pre> | </pre> | ||
| + | |||
| + | == Tell Samba to stop expiring passwords == | ||
| + | samba-tool domain passwordsettings set --max-pwd-age=0 | ||
Latest revision as of 21:56, 13 September 2020
 | This information is out of date. Up-to-date IT information can be found here |
Creating SSL CA and certs
openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem openssl genrsa -out bob.key 2048 openssl genrsa -out dc01.key 2048 openssl req -new -key bob.key -out bob.csr openssl req -new -key dc01.key -out dc01.csr openssl x509 -req -in bob.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out bob.crt -days 500 openssl x509 -req -in dc01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out dc01.crt -days 500
Installing keys
Copy them into place (bob):
- /var/lib/samba/private/tls/bob.key
- /var/lib/samba/private/tls/bob.crt
- /var/lib/samba/private/tls/rootCA.pem
Tell samba to use them:
[global] tls enabled = yes tls keyfile = tls/bob.key tls certfile = tls/bob.crt tls cafile = tls/rootCA.pem
Tell Samba to stop expiring passwords
samba-tool domain passwordsettings set --max-pwd-age=0