On Thu, 11 Sep 2025 09:25:30 +0200
Simon FONTENEAU via samba <samba at lists.samba.org> wrote:
> Hello everyone
>
> I published a small experimental project here:
>
> https://github.com/sfonteneau/adcs_python
>
> I thought this might interest you.
>
> I'm looking for contributors to help me a little.
>
> I am also open to advice and feedback.
>
> Simon Fonteneau
> Tranquilit
This is another of those things that is missing from Samba, so thanks
for starting this.
It could do with better instructions though, it wasn't until I looked
at docinstall.txt that I found any.
Which leads to further questions:
It appears that you install this on a DC, is this correct ?
If so, is it any DC, or should it be installed on a specific DC, the one
with the PDC_Emulator role for instance.
Or could it be that it should be installed on Unix domain member ?
I take it that whatever Unix machine it is installed on, you are using
msktutil to create a keytab, which sort of leans to it being installed
on a Unix domain member instead of a Samba DC, otherwise you could have
used samba-tool instead of msktutil. Now if this is a domain joined
machine, why do you need the keytab ? Couldn't you use the machines
ticket ? This would cover you for 'HTTP' via the 'host' SPN.
NOTE: you have a typo in docinstall.txt , 'kinit administor'
Rowland