Hej, na klaro:
root@server:/etc/samba# cat smb.conf
# /etc/samba/smb.conf.setup
#
# Don't edit this file!!!
# Add your stuff in /etc/samba/smb.conf.admin.
#
# thomas@linuxmuster.net
# 20200818
#
[global]
workgroup = #MEINE-SCHULE#
realm = #MEINE-SCHULE.DE#
netbios name = SERVER
server role = active directory domain controller
dns forwarder = 10.16.1.254 # Das ist bei uns die OpnSense
registry shares = yes
host msdfs = yes
tls enabled = yes
tls keyfile = /etc/linuxmuster/ssl/server.key.pem
tls certfile = /etc/linuxmuster/ssl/server.cert.pem
tls cafile = /etc/linuxmuster/ssl/cacert.pem
tls verify peer = ca_and_name
ldap server require strong auth = no
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
spoolss:architecture = Windows x64
printing = cups
printcap name = cups
time server = yes
ntp signd socket directory = /run/samba/ntp_signd
[netlogon]
path = /var/lib/samba/sysvol/csg-tuebingen.de/scripts
read only = No
acl allow execute always = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[printers]
browseable = No
path = /var/spool/samba
printable = Yes
read only = No
[print$]
path = /var/lib/samba/printers
read only = No
# including custom admin stuff
include = /etc/samba/smb.conf.admin
Die drei Zeilen mit den Standard-Zertifikaten werden durch die /etc/samba/smb.conf.admin überschrieben.
root@server:/etc/samba# cat smb.conf.admin
# modified by linuxmuster-setup at 20200722190310
# /etc/samba/smb.conf.admin
#
# thomas@linuxmuster.net
# 20180713
#
# add here your custom admin stuff
#
[global]
tls keyfile = /etc/linuxmuster/ssl/server.le.privkey.pem
tls certfile = /etc/linuxmuster/ssl/server.le.fullchain.pem
tls cafile = /etc/linuxmuster/ssl/server.le.chain.pem