From: David Mulder Date: Mon, 12 Jul 2021 21:18:04 +0000 (-0600) Subject: Update WHATSNEW for Certificate Auto Enrollment X-Git-Tag: tdb-1.4.5~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f813f8a54ae79dd74a99593aeacb252061688807;p=thirdparty%2Fsamba.git Update WHATSNEW for Certificate Auto Enrollment Signed-off-by: David Mulder Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Jul 15 20:03:45 UTC 2021 on sn-devel-184 --- diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f3db6341e06..fe9eff8ba59 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -16,6 +16,19 @@ UPGRADING NEW FEATURES/CHANGES ==================== +Certificate Auto Enrollment +--------------------------- + +Certificate Auto Enrollment allows devices to enroll for certificates from +Active Directory Certificate Services. It is enabled by Group Policy. +To enable Certificate Auto Enrollment, Samba's group policy will need to be +enabled by setting the smb.conf option `apply group policies` to Yes. Samba +Certificate Auto Enrollment depends on certmonger, the cepces certmonger +plugin, and sscep. Samba uses sscep to download the CA root chain, then uses +certmonger paired with cepces to monitor the host certificate templates. +Certificates are installed in /var/lib/samba/certs and private keys are +installed in /var/lib/samba/private/certs. + REMOVED FEATURES ================