Hello All, Currently working through this guide: https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login and it works just fine for the scope of the environment being used. But one thing I wanted to confirm, was when using 2 domain controllers, that another DC cert should be generated? If this is the case, then should the following from the openssl.cnf be changed: In my case I'm conducting the generation of the certificates on a separate server, crl.samdom.com This piece, I have the crp_default set to crl.samdom.com/samdom.crl set_crp_default = http://dc1.greatlakes.example.com/greatlakes.crl However this was ALSO set to crl.samdom.com instead of dc1.samdom.com and smart card functionality worked. Should I change this to dc1 and dc2 respectively when generating the DC certs on a multi-DC environment? set_dns = dc1.greatlakes.example.com Thanks, Ralph