Web lists-archives.com

Re: [Samba] Users cannot change their passwords




On Tue, 25 Sep 2018 12:19:16 +0000
Jon Gerdes via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On Tue, 2018-09-25 at 12:08 +0100, Rowland Penny via samba wrote:
> > On Tue, 25 Sep 2018 10:40:52 +0000
> > Jon Gerdes via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > 
> > > On Tue, 2018-09-25 at 09:59 +0100, Rowland Penny via samba wrote:
> > > > On Tue, 25 Sep 2018 20:49:07 +1200
> > > > Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> > > > 
> > > > > On Tue, 2018-09-25 at 09:44 +0100, Rowland Penny via samba
> > > > > wrote:
> > > > > > On Mon, 24 Sep 2018 21:22:06 GMT
> > > > > > "Torin Woltjer" <torin.woltjer@xxxxxxxxxxxxx> wrote:
> > > > > > 
> > > > > > > 
> > > > > > > Thanks for the quick reply, I believe I am using MIT based
> > > > > > > on
> > > > > > > log
> > > > > > > file names; but is there a better way to tell? I'm not
> > > > > > > very knowledgeable about the distinction between MIT and
> > > > > > > Heimdal regarding
> > > > > > > KDC. Can you direct me to a resource that explains how to
> > > > > > > make
> > > > > > > the
> > > > > > > switch as I am just using the  defaults in SUSE.
> > > > > > > Additionally,
> > > > > > > many of the domains experiencing this bug were working
> > > > > > > fine;
> > > > > > > before migrating them from Ubuntu 16.04. Is this because
> > > > > > > the
> > > > > > > bug
> > > > > > > was introduced in a newer version that I am now using? Is
> > > > > > > the
> > > > > > > bug
> > > > > > > fixed in a version newer than what I am using now?
> > > > > > > 
> > > > > > > Thanks again, I appreciate the help.
> > > > > > > 
> > > > > > > Torin Woltjer
> > > > > > >  
> > > > > > > Grand Dial Communications - A ZK Tech Inc. Company
> > > > > > >  
> > > > > > > 616.776.1066 ext. 2006
> > > > > > > www.granddial.com
> > > > > > > 
> > > > > > > 
> > > > > > 
> > > > > > Took some finding, but I am now very sure that the opensuse
> > > > > > Samba AD
> > > > > > DC
> > > > > > uses MIT instead of Heimdal, so this makes it inadvisable to
> > > > > > use
> > > > > > in
> > > > > > production. There are just too many problems to make it
> > > > > > usable,
> > > > > > the
> > > > > > password problem being one of them.
> > > > > > 
> > > > > > I am sorry, but, as far as I am aware, there is no RPM based
> > > > > > distro
> > > > > > that has production ready Samba packages, I also have a
> > > > > > feeling
> > > > > > that
> > > > > > the Ubuntu packages now use MIT, so this really just leaves
> > > > > > Debian
> > > > > > etc.
> > > > > 
> > > > > I've not seen any indication that Ubuntu has changed to MIT
> > > > > Kerberos,
> > > > > thankfully.
> > > > > 
> > > > > Andrew Bartlett
> > > > > 
> > > > 
> > > > I thought I had seen it somewhere, but I bow to your superior
> > > > knowledge.
> > > > 
> > > > Rowland
> > > > 
> > > 
> > > Following the advice here "Verifying if Samba Has Been Built with
> > > MIT
> > > Kerberos Support"  
> > > 
> https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
> > > 
> > > ... in reverse:
> > > 
> > > $ cat /etc/os-release 
> > > NAME="Ubuntu"
> > > VERSION="18.04.1 LTS (Bionic Beaver)"
> > > 
> > > $ smbd -b | grep HAVE_LIBKADM5SRV_MIT
> > > $ 
> > > 
> > > So, no MIT involved on Ubuntu
> > > 
> > > Cheers
> > > Jon
> > 
> > Thanks for that.
> > 
> > So, it looks like 'RPM' = Experimental, 'DEB' = Production. Of
> > course there is always 'Gentoo', but I suppose that distro falls
> > into the 'compile it yourself' realm :-)
> > 
> > Rowland
> > 
> 
> $ cat /etc/os-release 
> NAME="Arch Linux"
> 
> $ smbd -b | grep HAVE_LIBKADM5SRV_MIT
> $
> 
> 
> $ cat /etc/os-release 
> NAME=Gentoo
> 
> # smbd -b | grep HAVE_LIBKADM5SRV_MIT
>    HAVE_LIBKADM5SRV_MIT
> 
> ... but I set USE=system-mitkrb5 
> 
> Cheers
> Jon

Can I suggest you stop doing that, unless you are just testing things ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba