Hello, some short questions: For the pdc i have created new certificates and enabled tls in smb.conf, like... tls enabled = yes ??????? tls certfile = /var/lib/samba/private/tls/dc1-cert.pem ??????? tls keyfile = /var/lib/samba/private/tls/secure/dc1-privkey.pem ??????? tls cafile = /var/lib/samba/private/tls/interca.pem ??????? tls crlfile = /var/lib/samba/private/tls/interca.crl ??????? tls dhparams file = /var/lib/samba/private/tls/dc1dhparams.pem I proceeded according to the following tutorial: https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login How is the TLS configured on the member/secondary domain controllers? For each dc his own dh parameters? Is the rest of the configuration otherwise the same to the pdc? I found no informations about it and had some trouble with authentication first time i tried. regards