Web lists-archives.com

Re: [Samba] Offical RHEL AD DC on RHEL

On Sun, 19 Feb 2017, Jeff Sadowski via samba wrote:

I was never able to build it in a way I feel comfortable on Fedora. I would
want to build it using an RPM build process. I think I want an MIT build
but I don't know what all I would need to build either way. I thought it

What do you hope to gain from an MIT build? The MIT kerberos user tools (kinit, etc) operate just fine with keytabs generated by the Heimdal Samba KDC. I understand that the distro wants to ship a unified set of packages, but for end users doing their own builds, I don't think it really matters much.

FWIW, I rebuilt the CentOS 7.2 Samba packages (samba-4.2.10-7) with DC support. It required building without MIT and with DC support, and also adding a the samba.service file that RH didn't include. I also increased the epoch so system updates with a newer version would never override my local build.

I also had to add

export LDB_MODULES_PATH=/usr/lib64/samba/ldb/

to my bash profile for the ldb tools to work.

However, when I rebuilt the CentOS 7.3 packages (4.4.4-12.el7_3), I am unable to replicate with any of my older DCs (4.1 or 4.2 sernet, or my rebuilt CentOS 4.2.10 DCs). This happened even when I built straight from source, so I think either 4.4 requires some dependency that 7.3 doesn't meet, or there may be some issue with some dependency on 7.3 that wasn't an issue on 7.2.

In case it's useful, this is the extent of my changes to the spec file:

--- samba.spec	2017-01-17 11:21:48.000000000 -0600
+++ samba-dc.spec	2017-01-27 13:58:55.736213036 -0600
@@ -56,8 +56,8 @@
 %global libwbc_alternatives_suffix -64

-%global with_mitkrb5 1
-%global with_dc 0
+%global with_mitkrb5 0
+%global with_dc 1

 %if %{with testsuite}
 # The testsuite only works with a full build right now.
@@ -78,9 +78,9 @@
 Release:        %{samba_release}

 %if 0%{?rhel}
-Epoch:          0
+Epoch:          4
-Epoch:          2
+Epoch:          4

 %if 0%{?epoch} > 0
@@ -879,7 +879,7 @@

 install -d -m 0755 %{buildroot}%{_unitdir}
-for i in nmb smb winbind ; do
+for i in nmb smb winbind samba ; do
     cat packaging/systemd/$i.service | sed -e 's@\[Service\]@[Service]\nEnvironment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba@g' >tmp$i.service
     install -m 0644 tmp$i.service %{buildroot}%{_unitdir}/$i.service
@@ -1515,6 +1515,7 @@
 %else # with_dc
 %doc packaging/README.dc
 %endif # with_dc

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba