Active Directory always creates self-signed certificate

Hi all,

I’ve been running this nethserver instance since Nethserver 7.0, so it has seen a few package ugprades. It’s running an AD as accounts provider. In the system I installed our company wildcard certificate.
Recently I’ve begun integrating a lot of other services with this AD and have realised that Samba is not picking up the SSL certificate. Instead it’s using a random self-signed one. I couldn’t find the certificate anywhere on the file system.

As far as I understood from reading some posts on installing your own certificates in Samba this should by now be automated to always use your central certificate. I also tried adding these lines to /var/lib/machines/nsdc/etc/samba/smb.conf, which didn’t change anything:

    tls enabled = yes
    # tls cafile = /var/lib/samba/private/tls/ca.pem
    tls certfile = /var/lib/samba/private/tls/cert.pem
    tls keyfile = /var/lib/samba/private/tls/key.pem

I’m at a loss on how to fix it. Any help appreciated!

Thanks and best,

The AD container always uses the self-signed certificate.

There is a detailed on how to circumvent the problem:

We tried to implement it in the core but we faced multiple limitations.
If you still have doubts, please ask :slight_smile:


Hi Giacomo,

I thought I had followed that, but there must have been some mistake somewhere. It seems to be working great now, thanks!

Should I mark this “bug” as closed?

1 Like

You can mark the post from @giacomo as post that solved your support question…

1 Like