Maryam Lahijani
2015-Jan-10 11:53 UTC
[Samba] Samba integration with Microsoft CA server 2012 R2
Hi I am new to this mailing list.we encounter a problem in our network,we have a samba 4 as an domain controller . for deploying dot1.x(IEE802.1x) in our network our firewall team run a windows CA Server 2012 R2 to work with EAP-ttls protocol. It generate a CA for domain controllers that should be imported in trusted certification authorities that i imported with rsat console in this directory . After that the dc (that here is samba 4) should send e request for CA server and the server issues a personal Ca with the name of dc and it comes in personal certificate.but even after restarting samba services it doesn't request from CA server and there is no way to issue and import that CA manually.IS there any way to force or push samba to request certificate from CA Server? sincerely yours Lahijani
Andrew Bartlett
2015-Jan-10 18:24 UTC
[Samba] Samba integration with Microsoft CA server 2012 R2
On Sat, 2015-01-10 at 15:23 +0330, Maryam Lahijani wrote:> Hi > > I am new to this mailing list.we encounter a problem in our network,we > have a samba 4 as an domain controller . for deploying dot1.x(IEE802.1x) > in our network our firewall team run a windows CA Server 2012 R2 to work > with EAP-ttls protocol. > > It generate a CA for domain controllers that should be imported in trusted > certification authorities that i imported with rsat console in this > directory . > > After that the dc (that here is samba 4) should send e request for CA > server and the server issues a personal Ca with the name of dc and it comes > in personal certificate.but even after restarting samba services it doesn't > request from CA server and there is no way to issue and import that CA > manually.IS there any way to force or push samba to request certificate > from CA Server?For Samba's LDAP server, the certificate private and public keys are controlled by smb.conf options pointing at files on disk. You have to create the files yourself, manually interacting with the CA. See man smb.conf for the tls * = parameters, starting at tls ca. -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba