Web lists-archives.com

Re: [Samba] compile samba 4.10.2 centos 7.6




On Tue, 23 Apr 2019 07:14:45 +1200
Andrew Bartlett <abartlet@xxxxxxxxx> wrote:

> On Mon, 2019-04-22 at 08:12 +0100, Rowland Penny via samba wrote:
> > On Mon, 22 Apr 2019 01:27:47 -0400
> > Nico Kadel-Garcia via samba <samba@xxxxxxxxxxxxxxx> wrote:
> >   
> > > Sergio's used python36 from iusrelease. I used the one from EPEL.
> > > Our builds are very similar, except that I compile all the added
> > > libraries such as libtdb, libtevent, etc. as distinct RPM's as
> > > they are published by RHEL, just with Pythone 3.6 as well as with
> > > Python 2.7 and with resent enough versions for Samba 4.10.2. I'm
> > > uspicious about your build and whether it effectively provides
> > > full domain controller features, which I believe require gnutls
> > > 3.4.17.  
> > 
> > You can stop believing ;-)
> > 
> > You only need gnutls 3.4.17 if you are using MIT and you shouldn't
> > be using MIT, it is experimental.   
> 
> Thank you very much Rowland, you are correct.
> 
> However, thankfully Nico's efforts are not in vain!  There is an
> ongoing effort to rely on GnuTLS for more of Samba's cryptography and
> so a practical way to build Samba with GnuTLS 3.4 is really
> worthwhile!
> 
> The reason is that having such a mechanism for our most popular host
> OS (RHEL7/CentOS7) would make it easier to enforce such a requirement
> in the future.  (And allow us to remove the duplicate BackupKey
> server for example).

Are you sure about RHEL7/CENTOS7 being our most popular OS ?
Up until recently, they hardly got a mention on here and neither will
ever have OS packages that will provision as an AD DC. My personal
opinion is that the Debian based OS's are our most popular.

> 
> I also want to put in a really big thank-you to everybody working so
> hard to package Samba 4.10 properly and with Python3.  Practical
> working proof, again on RHEL7/CentOS7, of a pure python3 build is
> invaluable!  Without it we may have had to consider a backtrack on
> being Py3 only for Samba 4.11, which would have been quite
> unfortunate.

The problem is that they, unfortunately, have had to put all this work
in, something that the OS should do, but something that isn't likely to
happen, perhaps on Fedora, or from EPEL on CENTOS, but never from RHEL.

It just goes to show how far Samba users will go, if they think their
OS is ignoring them and for this, I applaud them.

Rowland
 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba