Samba4 kadmin interface (commit 12ce07e53b9453f35a1483d941bfce9c23f790a0)
Gémes Géza
geza at kzsdabas.hu
Tue Dec 6 14:25:45 MST 2011
2011-12-04 22:58 keltezéssel, Andrew Bartlett írta:
> On Sun, 2011-12-04 at 17:16 +0100, Gémes Géza wrote:
>> 2011-12-03 23:25 keltezéssel, Andrew Bartlett írta:
>>> On Fri, 2011-12-02 at 18:32 +0100, Gémes Géza wrote:
>>>> Hi,
>>>>
>>>> I've tried using heimdal (1.4.0) kadmin with the new hdb_samba4.so
>>>> module. Unfortunately it doesn't support it:
>>>> # kadmin -l
>>>> kadmin: error trying to load dynamic module /usr/lib/hdb_samba4.so: (null)
>>>>
>>>> kadmin: No database support for samba4:
>>>>
>>>> I suppose my heimdal installation is too old. What is the minimal
>>>> heimdal version this module should work with?
>>> I used current Heimdal from GIT when I tried it out.
>>>
>>> The ideal situation would be to compile Samba against lorikeet-heimdal
>>> as the system Heimdal, and then use the kadmin from there, as that will
>>> be the same version.
>>>
>>> I will probably restrict this feature to this case, as in retrospect
>>> this is unsafe unless we have use the same libkrb5 (due to the passed in
>>> krb5_context).
>>>
>>> Andrew Bartlett
>>>
>> Unfortunately on my test system heimdal from current git checkout fails
>> to compile.
>> Wouldn't importing (the relevant parts of) heimdal/lib/kadm5 and
>> heimdal/kadmin into samba4 source tree a better way?
> No, as I do not wish Samba to be the source of standard kerberos
> libraries or tools. We build samba4kinit, but this is in my mind a
> special case as it allows a number of important tests, but we
> deliberately do not install it.
>
> It took me a number of attempts to build current Heimdal from GIT, but
> these were due to the remains of a previous build in the checkout. A
> clean build from scratch should work.
>
> Andrew Bartlett
>
Thank you!
It works now (on a fresh git clone of heimdal) with (just one detected
so far) exception:
del_enctype seems to be unimplemented (it says: kadmin:
kadm5_modify_principal: Database is locked or in use--try again later)
Cheers
Geza
More information about the samba-technical
mailing list