Web lists-archives.com

Re: [Samba] Changing expired Samba AD password during Windows login

Ah, I see now. I went back and re-read the Samba wiki on MIT Kerberos with your comments in mind


"For this reason, vendors of operating systems that only support MIT Kerberos could not provide packages with AD DC-capabilities"

So I now understand this does not mean other Windows Server OS's or Windows OS AD-specific server applications or 3rd-party Windows software. It means Linux OS's running Samba itself and their ability to provide Samba-compatible Kerberos support.

Great! Thanks for clarifying it. I will just proceed with my plans based on Heimdal only. I will be moving several of my customer's MS Server 2008 AD DC's domains/PCs/users to Linux based Samba DC's instead of paying license fees to upgrade their MS Windows OS's.

Much appreciate everyone's help along the way with answers towards my solution.

On 02/01/2018 03:55 AM, Rowland Penny via samba wrote:
On Wed, 31 Jan 2018 19:01:42 -0500
Ken McDonald via samba <samba@xxxxxxxxxxxxxxx> wrote:

On another clean install (with all updates) of Ubuntu Server 16.04.3,
trying your line of dependencies fails:

Package libgpgme-dev is not available, but is referred to by another
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'libgpgme-dev' has no installation candidate
E: Unable to locate package perl-modules-5.26
E: Couldn't find any package by glob 'perl-modules-5.26'
E: Couldn't find any package by regex 'perl-modules-5.26'
E: Unable to locate package python-gpg
E: Unable to locate package python3-gpg

Regardless, using plain apt-get on that version of Ubuntu results in

krb5-kdc (1.13.2+dfsg-5ubuntu2 Ubuntu:16.04/xenial-updates [amd64])

libkrb5-dev (1.13.2+dfsg-5ubuntu2 Ubuntu:16.04/xenial-updates [amd64])

When the Samba install/build docs state that version "MIT Kerberos
1.15.1 or later" is required. I couldn't figure out how to install
that version on Ubuntu 16.04.3 without just downloading the krb5
sources and compiling myself. Doing that required a lot of other
tweaking to get all the krb5 dependencies and install directories
"correct" to complete the build and have a subsequent Samba 4.7.4
build actually find a functioning krb5

Samba by default uses Heimdal, you do not need to use MIT.
The ability to use MIT was added to allow red-hat distros to finally
have AD DC packages and is still being worked on.
On distros other than red-hat ones, you should continue to use the
Samba supplied Heimdal kdc.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba