Systems/Services/Samba
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Creating SSL CA and certs
openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem openssl genrsa -out bob.key 2048 openssl genrsa -out dc01.key 2048 openssl req -new -key bob.key -out bob.csr openssl req -new -key dc01.key -out dc01.csr openssl x509 -req -in bob.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out bob.crt -days 500 openssl x509 -req -in dc01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out dc01.crt -days 500
Installing keys
Copy them into place (bob):
- /var/lib/samba/private/tls/bob.key
- /var/lib/samba/private/tls/bob.crt
- /var/lib/samba/private/tls/rootCA.pem
Tell samba to use them:
[global] tls enabled = yes tls keyfile = tls/bob.key tls certfile = tls/bob.crt tls cafile = tls/rootCA.pem
Tell Samba to stop expiring passwords
samba-tool domain passwordsettings set --max-pwd-age=0