Systems/Services/Samba: Difference between revisions
From Pumping Station One
Amishhammer (talk | contribs) Created page with " == Creating SSL CA and certs == <pre> openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem openssl genrsa -out bob.ke..." |
No edit summary |
||
| (3 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
{{mbox |type=warning |text=This information is out of date. [[IT Infrastructure|Up-to-date IT information can be found here]] }} | |||
== Creating SSL CA and certs == | == Creating SSL CA and certs == | ||
| Line 12: | Line 13: | ||
openssl x509 -req -in dc01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out dc01.crt -days 500 | openssl x509 -req -in dc01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out dc01.crt -days 500 | ||
</pre> | </pre> | ||
== Installing keys == | |||
Copy them into place (bob): | |||
* /var/lib/samba/private/tls/bob.key | |||
* /var/lib/samba/private/tls/bob.crt | |||
* /var/lib/samba/private/tls/rootCA.pem | |||
Tell samba to use them: | |||
<pre> | |||
[global] | |||
tls enabled = yes | |||
tls keyfile = tls/bob.key | |||
tls certfile = tls/bob.crt | |||
tls cafile = tls/rootCA.pem | |||
</pre> | |||
== Tell Samba to stop expiring passwords == | |||
samba-tool domain passwordsettings set --max-pwd-age=0 | |||
