Commit 6d6aab11 authored by Jakob Lenfers's avatar Jakob Lenfers

Documentation update

parent 48eeb42c
# dehydrated-samba-hook
Hook to create DNS based LetsEncrypt certificates with [dehydrated](https://github.com/lukas2511/dehydrated) and a Samba AD DNS server.
\ No newline at end of file
Hook to create DNS based LetsEncrypt certificates with [dehydrated](https://github.com/lukas2511/dehydrated) and a Samba AD DNS server.
You'll need to create a user with DNS access and a keytab for that user to create kerberos tickets. The following worked for me, adapt paths and users as necessary:
```samba-tool user create dehydrated-service --random-password --description="User to add DNS entries for certificate creation with dehydrated"
samba-tool user setexpiry dehydrated-service --noexpiry
samba-tool group addmembers DnsAdmins dehydrated-service
samba-tool domain exportkeytab --principal=dehydrated-service@YOUR.DOMAIN /home/dehydrated/etc/dehydrated-service.keytab
chown dehydrated:root /home/dehydrated/etc/dehydrated-service.keytab
chmod 440 /home/dehydrated/etc/dehydrated-service.keytab
```
Set following variable next to the `samba.sh` into `samba.sh.conf`
```# username of the user to change DNS
SAMBA_PRINCIPAL=dehydrated-service@YOUR.DOMAIN
# your Samba-AD-DNS server
SAMBA_DNSSERVER=DC.YOUR.DOMAIN
# the domain under which the entries will be created
SAMBA_DOMAIN=YOUR.DOMAIN
# keytab to create the kerberos tickets
SAMBA_KEYTAB=/home/dehydrated/etc/dehydrated-service.keytab
# ticket cache, will be deleted after the script ran
SAMBA_TICKETCACHE=/home/dehydrated/tmp/ticket-cache
# wait for x seconds after deploying the challange to give the DNS time
SAMBA_DNSWAIT=180
```
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment