I have OpenSSL forgenrate the CA root file in my server and work fine. My question is, ?howto i say to Samba (configuration) for work with CA certificates? . I dont find information about this. Thanks. Saludos. --- Miguel El mar., 10 nov. 2020 a las 15:22, S?rgio Basto (<sergio at serjux.com>) escribi?:> On Tue, 2020-11-10 at 14:48 -0300, Miguel Angel Coa M. via samba wrote: > > Hi, I've Samba 4.11 running over Centos 7.x. I need setting Samba > > with > > certificate authority CA (similar to Windows Active Directory > > Certificate > > Services) ?is possible? . I found info about ssleay but y to old . > > I think easy-rsa does the job , you found it on epel 7 repos > > https://src.fedoraproject.org/rpms/easy-rsa for epel 7 , > > > > > Thanks. > > Saludos. > > --- > > Miguel. > -- > S?rgio M. B. > >
On Wed, 2020-11-11 at 08:56 -0300, Miguel Angel Coa M. via samba wrote:> I have OpenSSL forgenrate the CA root file in my server and work fine. My > question is, ?howto i say to Samba (configuration) for work with CA > certificates? . I dont find information about this.https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC> Thanks. > Saludos. > --- > Miguel > > > El mar., 10 nov. 2020 a las 15:22, S?rgio Basto (<sergio at serjux.com>) > escribi?: > > > On Tue, 2020-11-10 at 14:48 -0300, Miguel Angel Coa M. via samba > > wrote: > > > Hi, I've Samba 4.11 running over Centos 7.x. I need setting Samba > > > with > > > certificate authority CA (similar to Windows Active Directory > > > Certificate > > > Services) ?is possible? . I found info about ssleay but y to old > > > . > > > > I think easy-rsa does the job , you found it on epel 7 repos > > > > https://src.fedoraproject.org/rpms/easy-rsa for epel 7 , > > > > > > > > > Thanks. > > > Saludos. > > > --- > > > Miguel. > > -- > > S?rgio M. B. > > > >-- S?rgio M. B.
In the [global] section of your smb.conf: ??????? tls ca file = /path/to/cafile.crt ??????? tls verify peer = ca_and_name regards, Norbert On 15.11.2020 19:47, S?rgio Basto via samba wrote:> On Wed, 2020-11-11 at 08:56 -0300, Miguel Angel Coa M. via samba wrote: >> I have OpenSSL forgenrate the CA root file in my server and work fine. My >> question is, ?howto i say to Samba (configuration) for work with CA >> certificates? . I dont find information about this. > > https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC > > >> Thanks. >> Saludos. >> --- >> Miguel >> >> >> El mar., 10 nov. 2020 a las 15:22, S?rgio Basto (<sergio at serjux.com>) >> escribi?: >> >>> On Tue, 2020-11-10 at 14:48 -0300, Miguel Angel Coa M. via samba >>> wrote: >>>> Hi, I've Samba 4.11 running over Centos 7.x. I need setting Samba >>>> with >>>> certificate authority CA (similar to Windows Active Directory >>>> Certificate >>>> Services) ?is possible? . I found info about ssleay but y to old >>>> . >>> I think easy-rsa does the job , you found it on epel 7 repos >>> >>> https://src.fedoraproject.org/rpms/easy-rsa for epel 7 , >>> >>> >>> >>>> Thanks. >>>> Saludos. >>>> --- >>>> Miguel. >>> -- >>> S?rgio M. B. >>> >>>