In our firm we need to migrate our existing infrastructure from Windows 2008R2 to Samba 4. To do this we already managed to add the Samba machine as a secondary domain controller. The next step would be to import the 2008R2 CA into Samba. I managed to export a .p12 file containing both the private and public keys and I tried to import them in the new DC in this way:
Generate the private key:
# openssl pkcs12 -in ca.p12 -nocerts -out priv.pem
# openssl rsa -in priv.pam -out priv.pem
Generate the public key:
# openssl pkcs12 -in ca.p12 -out privpub.pem
# openssl x509 -inform pem -in privpub.pem -pubkey -out pub.pem -outform pem
Move the keys in their final location:
# cp *.pem /var/lib/samba/private/tls
# chmod 600 /var/lib/samba/private/tls/priv.pem
Configure smb.conf:
tls enabled = yes
tls keyfile = tls/priv.pem
tls certfile = tls/pub.pem
tls cafile =
However, when I try to connect from a CentOS 6 client through LDAP:
# ldapsearch -x -d -1 -D ldapuser@mydomain.loc -W
I get this:
TLS: certificate [...] is not valid - error -8102:Certificate key usage inadequate for attempted operation..
Sorry if the question is dumb, but I'm not really into SSL certificates unfortunately
Thanks for any input
