Marco Shmerykowsky PE
2022-Nov-03 19:03 UTC
[Samba] Samaba/Active Directory - Autogenerated self-signed cert
Question regarding Samba's autogenerated self-signed cert. I setup an OpenVPN connection using samba's Active Directory to authenticate users. I used the autogenerated self-signed certificates for that setup. The self signed cert has expired. Internally to the office, Samba appears to work fine. The VPN no longer connects due to the apparently expired cert. What's the best way to update the certs (delete the files in /car/lib/samba/private/tls & restart samba to re-auto-generate? Something else? Does doing that effect the ability for windows clients to authenticate on the local network? Thanks Marco
Lorenzo Milesi
2022-Nov-04 08:27 UTC
[Samba] Samaba/Active Directory - Autogenerated self-signed cert
> What's the best way to update the certs (delete the files > in /car/lib/samba/private/tls & restart samba to > re-auto-generate? Something else?I'm not an expert, but according to [1] it seems it's used for LDAP mainly (only?), so you can manage the certs manually or let Samba do it [1]?https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC#Using_the_Samba_autogenerated_self-signed_certificate_.28default.29 -- Lorenzo Milesi - lorenzo.milesi at yetopen.com CTO @ YetOpen Srl Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood Avenue - Suite 200 - Raleigh, NC 27612 - USA - Tel +39 0341 220 205 - info.it at yetopen.com | Phone +1 919-817-8106 - info.us at yetopen.com Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary -------- D.Lgs. 196/2003 e GDPR 679/2016 -------- Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information; pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible. Thank you.