samba - Feb 2023 - Samba Certificates with OpenVPN

I'm setting up a VPN using Samba's AD for user
authentication.  Everything seems to check out
on the PFsense side.  Authentication is reported
as successful, but when I try to connect to
the actual network, I get:

"Certificate does not have key usage extension."
"certificate verify failed"

Is this an issue with samba's self generated certificates
or I should I be looking elsewhere for the issue?

Thanks

On Mon, 2023-02-13 at 12:25 -0500, Marco Shmerykowsky via samba
wrote:
> I'm setting up a VPN using Samba's AD for user
> authentication.  Everything seems to check out
> on the PFsense side.  Authentication is reported
> as successful, but when I try to connect to
> the actual network, I get:
> 
> "Certificate does not have key usage extension."
> "certificate verify failed"
> 
> Is this an issue with samba's self generated certificates
> or I should I be looking elsewhere for the issue?
> 
> Thanks
Samba's self-generated certificates are really only a stop-gap for the
LDAP server.

If you have specific needs, please generate and sign your own
certificate.

This error, for example, would be as part of a design that avoids the
VPN client from impersonating the server, I think.?

Andrew Bartlett

-- 
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba