Re: [Samba] Offical RHEL AD DC on RHEL
- Date: Sat, 18 Feb 2017 19:47:43 -0500
- From: Nico Kadel-Garcia via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Offical RHEL AD DC on RHEL
On Sat, Feb 18, 2017 at 12:58 PM, Andrew Bartlett via samba
> On Sat, 2017-02-18 at 10:36 +0100, Dario Lesca via samba wrote:
>> Centos [6,7]* however does not have into current samba 4.x version
>> fully support to AD DC (without rebuild the source with some few
There are changes, but they're not outrageous. I've done some work
towards it, at https://github.com/nkadel/samba4repo/, but you really
wind up building up all the dependencies as well, and revising or
replacing the logic around different versions for internally or
externally built libraries. The structure there uses "mock" to build
all the relevant library RPMs as well, and put them in local
filesystem based yum repository. The requirement for gnutls-3.4.7 or
later made me throw in the towel for building current releases on
CentOS 7. I did not feel I had the time or tools to consider replacing
the dependency chain for that critical security component. Recent
Fedora releases, have mostly new enough components.
The RPM's for Fedora rawhide, or my work, could be a good starting
point. Not much other software uses libtalloc or similar libraries, so
it may wiser to simply build the RPM with the internal versions. The
last time I updated them at all, I restarted my .spec files and
patches with those from Fedora rawhide. But the library requirements
can be quite difficult to compile an even slightly older RPM based
environment. Unfortunately, the last time I worked with it, I got
bogged down in getting dnf to successfully use the locally built up
dependency yum repository, and finally had to yield for other demands
on my time. At this point, if I go back to trying, I'd throw out all
the library dependencies and just compile the libraries internally.
Since Samba seemed to be the only component using the lobtalloc and
similar libraries, they made no sense to me to compile separately, as
RHEL and thus CentOS have been doing.
This has me looking back into the past. The first time I did a Samba
port to new OS was..... for Samba 4.1.2? In 1993, I think? To get file
shares and printing working from a Sparc 2 at a lab doing cochlear
implant research. I needed to force people to stop using their own
personal printing options and get them through a printer queue I could
monitor. I also used to get the Windows boxes to write data to
something we could back up reliably, since the human medical research
data was not repeatable.
>> You know that Samba 4.7 will have support to AD-DC with MIT Kerberos?
> There is still a lot of work to do on that as I understand it, and even
> then it will require a very modern MIT Krb5, and probably not what is
> in RHEL. This will remain a long road, sorry.
Yeah. I interviewed for a Red Hat QA role years ago, for the sssd
project, and they were interested that I knew personally a bunch of
the Kerberos authors and maintainers from my undergraduate days. If
any of them are unresponsive to queries from the Samba developers,
maybe I can help reach them? I'll mention their names privately if you
like, I'm not sure spamming the list with their names would be
> Even with all that, users of Samba as an AD DC often wish to obtain a
> version (due to bug fixes and new features) that is much more current
> than shipping when a RHEL freezes, so I wonder if it will really be
> that much use anyway.
See above about gnutls 3.
> Andrew Bartlett
To unsubscribe from this list go to the following URL and read the