Systems/Services/Samba
Jump to navigation
Jump to search
This information is out of date. Up-to-date IT information can be found here |
Creating SSL CA and certs
openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem openssl genrsa -out bob.key 2048 openssl genrsa -out dc01.key 2048 openssl req -new -key bob.key -out bob.csr openssl req -new -key dc01.key -out dc01.csr openssl x509 -req -in bob.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out bob.crt -days 500 openssl x509 -req -in dc01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out dc01.crt -days 500
Installing keys
Copy them into place (bob):
- /var/lib/samba/private/tls/bob.key
- /var/lib/samba/private/tls/bob.crt
- /var/lib/samba/private/tls/rootCA.pem
Tell samba to use them:
[global] tls enabled = yes tls keyfile = tls/bob.key tls certfile = tls/bob.crt tls cafile = tls/rootCA.pem
Tell Samba to stop expiring passwords
samba-tool domain passwordsettings set --max-pwd-age=0