[PATCHSET] Samba AD with MIT Kerberos
Andrew Bartlett
abartlet at samba.org
Mon Apr 3 10:05:52 UTC 2017
On Mon, 2017-04-03 at 10:15 +0200, Andreas Schneider wrote:
> On Monday, 3 April 2017 00:56:47 CEST you wrote:
> > On Mon, 2017-03-13 at 08:29 +0100, Andreas Schneider via samba-
> >
> > technical wrote:
> > > Hello,
> > >
> > > after more than 3 years of work I finally got this:
> > > ALL OK (14658 tests in 2030 testsuites)
> > >
> > > The testsuite completed for the first time!
> >
> > Sadly back on internal Heimdal it fails with:
> >
> > ../source4/kdc/pac-glue.c: In function ‘samba_make_krb5_pac’:
> > ../source4/kdc/pac-glue.c:425:22: error: expected ‘=’, ‘,’, ‘;’,
> > ‘asm’ or
> > ‘__attribute__’ before ‘{’ token krb5_data null_data {
>
> There is just a missing equal sign. Fixed.
>
> > Now I'm sure I could fix that up pretty quickly, but presumably
> > there
> > are some other niggles along the way. If you could get me a series
> > that passes a full autobuild that would be great, as I would like
> > to
> > push it soon.
> >
> > Beyond that:
> >
> > * Can you please look carefully at the interaction of the docs test
> > with the new parameter? I think you need to add mit kdc command to
> > the
> > special_cases in docs.py:SmbDotConfTests(), or pass in the default
> > via
> > an XML entity (see the dynconfig code for how that is done).
>
> The default for the "mit kdc command" is set to the path detected by
> the
> configure script. So I do not see an issue here. Can you please be
> more
> precise?
We have a test (the samba.docs) test that tries to ensure that our
smb.conf documentation matches the behaviour of the code. Ideally the
built documentation would also include this configure-detected path.
> > * "param: Add 'mit kdc config' option to smb.conf" adds a new
> > parameter
> > to the same file as an existing parameter. The current practice is
> > one
> > per file
>
> Fixed.
>
> > * "s4-torture: Fix reauth tests with smaller clockskew grace time"
> > Why does this patch undo "selftest: Set clowskew grace time to 1
> > second"?
>
> Fixed.
>
> > * For "waf: Create kerberos_implementation.py for provisioning" I
> > wonder if getting a variable from the C code might be more robust,
> > like
> > we use for detecting if we have the NTVFS file server?
>
> This file is only for samba-tool.
>
> We have a define for C, it is called SAMBA4_USES_HEIMADAL.
What I meant is that we can, if you like, expose that into python.
That is how I did it for HAVE_NTVFS_FILESERVER.
>
> > Thanks for all your hard work on this, and I look forward to
> > looking at
> > this again soon!
>
> Updates pushed to:
>
> https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master
> -mit-kdc-ok
Thanks. I'll look at this at work tomorrow!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list