This option specifies the location of the client's private key. You should ensure that the location of the file cannot be accessed by anyone other than
root. For example:
[global]
ssl = yes
ssl hosts = 192.168.220.
ssl CA certDir = /usr/local/samba/cert/
ssl server key = /usr/local/ssl/private/samba.pem
ssl client key = /usr/local/ssl/private/clients.pem
There is no default for this option. This option is only needed if the client has a certificate.
