Web lists-archives.com

Re: [Samba] Samba 4.8.10 for rhel7/centos7 rpms






On 08.04.2019 17:12, Vincent S. Cojot via samba wrote:

Adding Alexander (cc'ed, thank you)

Hi Sergio,
I found some hints (dating back almost a year ago) about why gnutls-3.4 might be needed:
https://lists.samba.org/archive/samba-technical/2018-April/127282.html

I don't know how much of this still holds true (I've been running an AD DC with rhel7's gnutls 3.3.z for over a year without apparent issues).

Regards,

Vincent

On Mon, 8 Apr 2019, Sérgio Basto via samba wrote:

On Mon, 2019-04-08 at 06:25 +0100, Sérgio Basto via samba wrote:
On Sun, 2019-04-07 at 12:38 -0400, vincent@xxxxxxxxxx wrote:
On Sat, 6 Apr 2019, Sérgio Basto via samba wrote:

http://nova.polymtl.ca/~coyote/dist/samba/samba-4.8.10

How do you build this on Centos 7 without gnutls 3.4 and nettle
3.2
?

Hi Sergio,
that's a very good question. I built these on rhrl7.6 with gnutls-
3.3.39
and nettle-2.7.1:

[root@dc02 ~]# rpm -q nettle gnutls
nettle-2.7.1-8.el7.x86_64
nettle-2.7.1-8.el7.i686
gnutls-3.3.29-9.el7_6.x86_64
gnutls-3.3.29-9.el7_6.i686

Anything wrong with that? the SPECs are slightly modified from
Fedora.
(mostly to account for rhel7's python2 drfsults)

I'd like to know more about the issies you suspect.. Do you have
any
pointers? Perhaps it is just a matter of RedHat's backports. Any
specific
CVE's ?

All what I know, is just a requirement from ./configure when you
enable
-ad option IIRC . ./configure requires gnutls-3.4.7 [1]

whe we use %global with_dc 1 we need  gnutls-3.4.7


[1]
BUILDSTDERR: Checking for program krb5-config.heimdal
                                         : not found

BUILDSTDERR: Checking for program krb5-config
                                                 : /usr/bin/krb5-
config

BUILDSTDERR: Checking for gnutls >= 3.4.7
                                                     : yes

thanks,

vincent


[1]
https://copr.fedorainfracloud.org/coprs/sergiomb/SambaAD/builds/

[2]
https://github.com/sergiomb2/sambaad

Regards,

,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-
,._.,-
*~'`^`'~*-,
Vincent S. Cojot, Computer Engineering. STEP project. _.,-
*~'`^`'~*-
,._.,-*~
Ecole Polytechnique de Montreal, Comite Micro-Informatique.
_.,-
*~'`^`'~*-,.
Linux Xview/OpenLook resources page _.,-*~'`^`'~*-,._.,-
*~'`^`'~*-
,._.,-*~'
http://step.polymtl.ca/~coyote ; _.,-*~'`^`'~*-,._
coyote@xxxxxxxxxxxxxxxxx

They cannot scare me with their empty spaces
Between stars - on stars where no human race is
I have it in me so much nearer home
To scare myself with my own desert places.       - Robert Frost



--
Sérgio M. B.


--
To unsubscribe from this list go to the following URL and read
the
instructions: https://lists.samba.org/mailman/options/samba

--
Sérgio M. B.


--
Sérgio M. B.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Hi folks,

I followed the link below to compile a Samba AD DC (CentOS 7.5, now upgraded to CentOS 7.6). Instead of using 4.8.3, I took the 4.9.1 source, that was fresh at the moment. I have got the same gnutls and nettle versions as Vincent. Everything compiled well. I scrapped the quota stuff, as it is a small domain with a few users, where quota doesn't make any sense (I face down users that misbehave). I also disabled cups (no need for printer sharing).

https://www.server-world.info/en/note?os=CentOS_7&p=samba&f=4

I had some problems with configuration, but they were related to my inexperience, and not to Samba (thanks to Rowland and Louis, who had patience with me). It's keeps going for around 6 months now. Every part of it seems to work nicely. DNS, permissions (exclusively Windows based), time sync. I haven't detected anything that seems problematic so far. I did set some GPOs in Samba for the first time yesterday (using RSAT under Windows 10 Pro), which also worked. Roaming profiles, home shares, and different data shares reside on a separate Samba server (CentOS 7.6, bundled Samba 4.7.1).

Just my fiver...

Best regards,

Peter


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba