Samba AD DC is broken

Andreas Schneider asn at
Thu Mar 5 03:03:49 MST 2015


Samba is broken on openSUSE and Fedora since commit:

commit 43d3e90418b5e0ac5986e08f9483146f4f5d2357
Author:     Garming Sam <garming at>
AuthorDate: Fri Feb 13 09:54:50 2015 +1300
Commit:     Andrew Bartlett <abartlet at>
CommitDate: Wed Feb 25 01:08:12 2015 +0100

    backupkey: replace heimdal rsa key generation with GnuTLS
    We use GnuTLS because it can reliably generate 2048 bit keys every time.
    Windows clients strictly require 2048, no more since it won't fit and no
    less either. Heimdal would almost always generate a smaller key.
    Signed-off-by: Garming Sam <garming at>
    Reviewed-by: Andrew Bartlett <abartlet at>

FAILED (1698 failures, 151 errors and 2 unexpected successes in 792 

I bisected it down to this commit on an openSUSE 13.2 system.


A colleague is having this issue with Fedora 21, gnutls-3.3.12-1.fc21.x86_64

Please investigate and fix it.


	-- andreas

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at

More information about the samba-technical mailing list