[PATCHSET] Samba AD with MIT Kerberos

Mon Apr 3 10:05:52 UTC 2017

On Mon, 2017-04-03 at 10:15 +0200, Andreas Schneider wrote:
> On Monday, 3 April 2017 00:56:47 CEST you wrote:
> > On Mon, 2017-03-13 at 08:29 +0100, Andreas Schneider via samba-
> > 
> > technical wrote:
> > > Hello,
> > > 
> > > after more than 3 years of work I finally got this:
> > > 	ALL OK (14658 tests in 2030 testsuites)
> > > 
> > > The testsuite completed for the first time!
> > 
> > Sadly back on internal Heimdal it fails with:
> > 
> > ../source4/kdc/pac-glue.c: In function ‘samba_make_krb5_pac’:
> > ../source4/kdc/pac-glue.c:425:22: error: expected ‘=’, ‘,’, ‘;’,
> > ‘asm’ or
> > ‘__attribute__’ before ‘{’ token krb5_data null_data {
> 
> There is just a missing equal sign. Fixed.
>  
> > Now I'm sure I could fix that up pretty quickly, but presumably
> > there
> > are some other niggles along the way.  If you could get me a series
> > that passes a full autobuild that would be great, as I would like
> > to
> > push it soon.
> > 
> > Beyond that:
> > 
> > * Can you please look carefully at the interaction of the docs test
> > with the new parameter?  I think you need to add mit kdc command to
> > the
> > special_cases in docs.py:SmbDotConfTests(), or pass in the default
> > via
> > an XML entity (see the dynconfig code for how that is done).
> 
> The default for the "mit kdc command" is set to the path detected by
> the 
> configure script. So I do not see an issue here. Can you please be
> more 
> precise?

We have a test (the samba.docs) test that tries to ensure that our
smb.conf documentation matches the behaviour of the code.  Ideally the
built documentation would also include this configure-detected path. 

> > * "param: Add 'mit kdc config' option to smb.conf" adds a new
> > parameter
> > to the same file as an existing parameter.  The current practice is
> > one
> > per file
> 
> Fixed.
> 
> > * "s4-torture: Fix reauth tests with smaller clockskew grace time"
> > Why does this patch undo "selftest: Set clowskew grace time to 1
> > second"?
> 
> Fixed.
> 
> > * For "waf: Create kerberos_implementation.py for provisioning" I
> > wonder if getting a variable from the C code might be more robust,
> > like
> > we use for detecting if we have the NTVFS file server?
> 
> This file is only for samba-tool.
> 
> We have a define for C, it is called SAMBA4_USES_HEIMADAL.

What I meant is that we can, if you like, expose that into python. 
That is how I did it for HAVE_NTVFS_FILESERVER. 

> 
> > Thanks for all your hard work on this, and I look forward to
> > looking at
> > this again soon!
> 
> Updates pushed to:
> 
> https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master
> -mit-kdc-ok

Thanks.  I'll look at this at work tomorrow!

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba