Displaying 17 results from an estimated 17 matches for "easyrsa".
2016 Jul 03
1
Where is krb5.keytab or equivalent?
...till miss the gssapi module for dovecot.
Am 03.07.2016 um 19:42 schrieb Mark Foley:
> Achim,
>
> This is my most recent effort. If I cannot make progress from here I'm going to give this idea a rest.
>
> I used easy-rsa to create a cert. Files are:
>
> /etc/ssl/certs/OHPRS/easyrsa/ca.crt
> /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req
> /etc/ssl/certs/OHPRS/easyrsa/reqs/dovecot.req
> /etc/ssl/certs/OHPRS/easyrsa/private/ca.key
> /etc/ssl/certs/OHPRS/easyrsa/private/MAIL.key
> /etc/ssl/certs/OHPRS/easyrsa/issued/dovecot.crt
>
> $ openssl x509 -text -in /etc/...
2016 Jul 03
0
Where is krb5.keytab or equivalent?
Achim,
This is my most recent effort. If I cannot make progress from here I'm going to give this idea a rest.
I used easy-rsa to create a cert. Files are:
/etc/ssl/certs/OHPRS/easyrsa/ca.crt
/etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req
/etc/ssl/certs/OHPRS/easyrsa/reqs/dovecot.req
/etc/ssl/certs/OHPRS/easyrsa/private/ca.key
/etc/ssl/certs/OHPRS/easyrsa/private/MAIL.key
/etc/ssl/certs/OHPRS/easyrsa/issued/dovecot.crt
$ openssl x509 -text -in /etc/ssl/certs/OHPRS/easyrsa/issued/dov...
2016 Jul 02
0
Where is krb5.keytab or equivalent?
...g this message directly to you to spare the sambalist from my certificate trials.
> I'm hoping you'll still hang in there a bit longer, though I'm close to giving up on this
> whole thing myself.
>
> I used easy-rsa to create a cert. Files are:
>
> /etc/ssl/certs/OHPRS/easyrsa/ca.crt
> /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req
> /etc/ssl/certs/OHPRS/easyrsa/reqs/dovecot.req
> /etc/ssl/certs/OHPRS/easyrsa/private/ca.key
> /etc/ssl/certs/OHPRS/easyrsa/private/MAIL.key
> /etc/ssl/certs/OHPRS/easyrsa/issued/dovecot.crt
>
> $ openssl x509 -text -in /etc/...
2016 Jul 02
5
Where is krb5.keytab or equivalent?
OK, let me go through exactly what you did:
you:
> Here's the test (I must run mutt not telnet like i mentioned earlier to
> get the imap tickets).
>
> root at server:~# kinit achim
> Password for achim at DOMAIN.LOCAL:
> [I enter my password]
As root on AD/DC mail.hprs.local:
me:
$ kinit mark
Password for mark at HPRS.LOCAL:
[I enter my password]
you:
>
2023 Oct 25
1
Set same TLS Root CA cert on all Samba DC's?
...t server that uses TLS will create some certs, or use the
distro default snake-oil certs.
However in order to get secure communication, you need to have a common
ca-cert on all your machines (servers and clients) and generate a cert
and key pair for each server.
Openssl can do it, but I prefer EasyRSA, which uses openssl under the hood.
- Kees.
>
> Thanks
>
> On Wed, Oct 25, 2023 at 8:08?AM Kees van Vloten via samba <
> samba at lists.samba.org> wrote:
>
>> Op 25-10-2023 om 16:45 schreef Alex via samba:
>>> Hi!
>>>
>>> Is there a recomme...
2016 Apr 19
2
VPN suggestions centos 6, 7
...sary these days, but
>I keep it around because it doesn't hurt anything.
>
>The important bit is the extendedKeyUsage line; I'm pretty sure that
>an OpenVPN server needs the serverAuth extension. For instance, here
>is the X509 extensions configuration for a server used by EasyRSA:
>
> basicConstraints = CA:FALSE
> subjectKeyIdentifier = hash
> authorityKeyIdentifier = keyid,issuer:always
> extendedKeyUsage = serverAuth,clientAuth
> keyUsage = digitalSignature,keyEncipherment
>
>You can ask openssl to tell you the purpose of a certificate:
&...
2024 May 28
1
Security Implications of "ldap server require strong auth"?
...ot; in the
"Port" field.
For the certificates issues: either you create a CA, create the samba
certificates and add this CA to the trusted certificate storage in linux
or you just add the self-signed certificates to the trusted cert storage...
Id prefer the first, because things like EasyRSA or Hashicorp Vault make
it easy, but I dont know how big your deployment is and if its feasible
for something like that.
If you prefer: you can email me directly for more in-depth questions
regarding nextcloud + samba. :)
Have a nice day, Matthias.
Am 28.05.24 um 08:15 schrieb Bestattungen Vi...
2024 May 28
1
Security Implications of "ldap server require strong auth"?
...ld.
>
> For the certificates issues: either you create a CA, create the samba
> certificates and add this CA to the trusted certificate storage in linux
> or you just add the self-signed certificates to the trusted cert
> storage...
>
> Id prefer the first, because things like EasyRSA or Hashicorp Vault make
> it easy, but I dont know how big your deployment is and if its feasible
> for something like that.
>
> If you prefer: you can email me directly for more in-depth questions
> regarding nextcloud + samba. :)
>
> Have a nice day, Matthias.
>
> Am 28...
2020 Oct 10
10
Mail samba
Hi I am trying to authenticate my mail server with samba ad.
The only problem is that I don?t get it working.
root at dna:/data/CA/EasyRSA-v3.0.6# ldapsearch -x -h gaia.rompen.lokaal -D 'vmail' -W -b 'cn=users,dc=rompen,dc=lokaal'
Enter LDAP Password:
ldap_bind: Strong(er) authentication required (8)
additional info: BindSimple: Transport encryption required.
I can not read the ldap database. I think it is a certifi...
2016 Apr 18
2
VPN suggestions centos 6, 7
>
>
>Folks
>
>I would like to have my windows 7 laptop communicate with my home
>server via a VPN, in such a way that it appears to be "inside" my
>home network. It should not only let me appear to be at home for
>any external query, but also let me access my computers inside my home.
>
>I already have this working using M$'s PPTP using my home
2016 Apr 18
0
VPN suggestions centos 6, 7
...ctive may be unnecessary these days, but I
keep it around because it doesn't hurt anything.
The important bit is the extendedKeyUsage line; I'm pretty sure that
an OpenVPN server needs the serverAuth extension. For instance, here
is the X509 extensions configuration for a server used by EasyRSA:
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
extendedKeyUsage = serverAuth,clientAuth
keyUsage = digitalSignature,keyEncipherment
You can ask openssl to tell you the purpose of a certificate:
[bash]$ openssl x509 -noout -pur...
2023 Oct 25
1
Set same TLS Root CA cert on all Samba DC's?
And will Samba regenerate it's own server certs from that CA, or do I need
to externally generate & renew them with openssl?
Does anything else need to be done before or after replacing the certs in
Samba? This won't break server/domain trust with domain joined workstations?
Thanks
On Wed, Oct 25, 2023 at 8:08?AM Kees van Vloten via samba <
samba at lists.samba.org> wrote:
2023 Dec 17
3
AD-level Certificate Authorities with samba?
Hi!
What's the way to have a domain-based certificate authority so that
various TLS services can be enabled within a domain, including
LDAPS and other similar services?
The whole CA thing is already complex enough, microsoft has tools to
do all this on their domain management collection (Active Directory
Certificate Services). What's the way to do all this in/with samba-
based AD?
2016 Apr 19
0
VPN suggestions centos 6, 7
...ep
>> it around because it doesn't hurt anything.
>>
>> The important bit is the extendedKeyUsage line; I'm pretty sure that an
>> OpenVPN server needs the serverAuth extension. For instance, here is the
>> X509 extensions configuration for a server used by EasyRSA:
>>
>> basicConstraints = CA:FALSE
>> subjectKeyIdentifier = hash
>> authorityKeyIdentifier = keyid,issuer:always
>> extendedKeyUsage = serverAuth,clientAuth
>> keyUsage = digitalSignature,keyEncipherment
>>
>> You can ask openssl to t...
2024 May 28
1
Security Implications of "ldap server require strong auth"?
Am 28.05.2024 07:51, schrieb Christian Naumer via samba:
> Am 28.05.24 um 07:34 schrieb Bestattungen Vitt - Thomas Reitelbach via
> samba:
>>
>> Christian Naumer said, I can get Nextcloud to work without this
>> insecure parameter - I'll have to figure out how I could acceppt a
>> self-signed certificate on the side of apache2/php-ldap module.
>
> I
2021 May 24
1
TLS support in NUT
When writing the Internet-Draft (I-D) "UPS Management Protocol" [1], I was
required by IETF rules to include a "Security Considerations" chapter. This
meant saying clearly that the SSL provisions in NUT for secure communication are
now outdated and deprecated.
The IETF now insists on secure communication and this makes NUT's situation an
issue for the project.
In
2016 Jun 15
8
https and self signed
I followed the instructions here https://wiki.centos.org/HowTos/Https
Checking port 80 I get the file...
curl http://localhost/file.html
<HTML>
<FORM>
Working
</FORM>
</HTML>
Checking port 443 I get and error
curl https://localhost/file.html
curl: (60) Peer's certificate issuer has been marked as not trusted by the
user.
More details here: