Systems/Services/Samba

From Pumping Station One
Revision as of 14:38, 29 November 2017 by Bjo (talk | contribs)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Creating SSL CA and certs

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem
openssl genrsa -out bob.key 2048
openssl genrsa -out dc01.key 2048
openssl req -new -key bob.key -out bob.csr
openssl req -new -key dc01.key -out dc01.csr
openssl x509 -req -in bob.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out bob.crt -days 500
openssl x509 -req -in dc01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out dc01.crt -days 500


Installing keys

Copy them into place (bob):

  • /var/lib/samba/private/tls/bob.key
  • /var/lib/samba/private/tls/bob.crt
  • /var/lib/samba/private/tls/rootCA.pem

Tell samba to use them: 

[global]
	tls enabled  = yes
	tls keyfile  = tls/bob.key
	tls certfile = tls/bob.crt
	tls cafile   = tls/rootCA.pem

Tell Samba to stop expiring passwords

samba-tool domain passwordsettings set --max-pwd-age=0

Retrieved from "https://ps1.mywikis.wiki/w/index.php?title=Systems/Services/Samba&oldid=34856"