Re: [Samba] RHEL7/Centos7 with Samba AD
- Date: Mon, 10 Dec 2018 20:53:03 -0500
- From: Nico Kadel-Garcia via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] RHEL7/Centos7 with Samba AD
On Sun, Dec 9, 2018 at 5:25 PM Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> On Sun, 2018-12-09 at 17:20 -0500, Nico Kadel-Garcia wrote:
> > On Sat, Dec 8, 2018 at 12:34 AM Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> > > On Fri, 2018-12-07 at 23:32 -0500, Nico Kadel-Garcia via samba wrote:
> > The first issue is in sourc4/lib/tls/wscro[t. which has hardcoded
> > checks for gnutls >= 3.4.7 linked to with_system_mitkrb5 and
> > conf.env.AD_DC_IS_ENABLED.
> Correct. But this is experimental in any case. If you don't specify
> --with-system-mitkrb5 it should allow an older version.
It builds and seems to work under Fedora 29 with these options:
Leaving those in place for RHEL 7, well, that seems to have been the
source of the issue. I've eliminated, added in the hooks to include
the various additional libraries generated, and it *seems* be be much
> > I've instead, for short-term work, created some hooks to compile 4.8.7
> > for RHEL 7. That may be helpful to folks who do want a dc for RHEL 7,
> > and I'll see if I can test it in the next few days.
> Please ensure it uses the internal Heimdal Kerberos.
This seems to have resolved the compilation issue. I don't anticipate
that RHEL will be willing to tolerate this and include these changes
for their commercial release, due to their reluctance to include a
second Kerberos library, or to support a competitor for their Free IPA
> > I do appreciate the difficulty. Fedora is switching almost completely
> > over to Python 3 for Fedora 30, and Fedora 29 has good integration of
> > Python 3 already, so it should be straightforward there and for RHEL
> > 8..
> Except for the MIT Kerberos stuff, of course. :-)
> Andrew Bartlett
I actually hope that the "--with-experimental-ad-dc" option will work
well, as it seems to in Fedora 29. I'm not holding my breath for it.
To unsubscribe from this list go to the following URL and read the