Commit 6d6aab11 authored by Jakob Lenfers's avatar Jakob Lenfers

Documentation update

parent 48eeb42c
# dehydrated-samba-hook
Hook to create DNS based LetsEncrypt certificates with [dehydrated]( and a Samba AD DNS server.
You'll need to create a user with DNS access and a keytab for that user to create kerberos tickets. The following worked for me, adapt paths and users as necessary:
```samba-tool user create dehydrated-service --random-password --description="User to add DNS entries for certificate creation with dehydrated"
samba-tool user setexpiry dehydrated-service --noexpiry
samba-tool group addmembers DnsAdmins dehydrated-service
samba-tool domain exportkeytab --principal=dehydrated-service@YOUR.DOMAIN /home/dehydrated/etc/dehydrated-service.keytab
chown dehydrated:root /home/dehydrated/etc/dehydrated-service.keytab
chmod 440 /home/dehydrated/etc/dehydrated-service.keytab
Set following variable next to the `` into ``
```# username of the user to change DNS
# your Samba-AD-DNS server
# the domain under which the entries will be created
# keytab to create the kerberos tickets
# ticket cache, will be deleted after the script ran
# wait for x seconds after deploying the challange to give the DNS time
\ No newline at end of file
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment