[PATCHSET] Samba AD with MIT Kerberos

Mon Apr 3 11:37:55 UTC 2017

On Monday, 3 April 2017 12:05:52 CEST Andrew Bartlett via samba-technical 
wrote:
> On Mon, 2017-04-03 at 10:15 +0200, Andreas Schneider wrote:
> > On Monday, 3 April 2017 00:56:47 CEST you wrote:
> > > On Mon, 2017-03-13 at 08:29 +0100, Andreas Schneider via samba-
> > > 
> > > technical wrote:
> > > > Hello,
> > > > 
> > > > after more than 3 years of work I finally got this:
> > > > 	ALL OK (14658 tests in 2030 testsuites)
> > > > 
> > > > The testsuite completed for the first time!
> > > 
> > > Sadly back on internal Heimdal it fails with:
> > > 
> > > ../source4/kdc/pac-glue.c: In function ‘samba_make_krb5_pac’:
> > > ../source4/kdc/pac-glue.c:425:22: error: expected ‘=’, ‘,’, ‘;’,
> > > ‘asm’ or
> > > ‘__attribute__’ before ‘{’ token krb5_data null_data {
> > 
> > There is just a missing equal sign. Fixed.
> >  
> > 
> > > Now I'm sure I could fix that up pretty quickly, but presumably
> > > there
> > > are some other niggles along the way.  If you could get me a series
> > > that passes a full autobuild that would be great, as I would like
> > > to
> > > push it soon.
> > > 
> > > Beyond that:
> > > 
> > > * Can you please look carefully at the interaction of the docs test
> > > with the new parameter?  I think you need to add mit kdc command to
> > > the
> > > special_cases in docs.py:SmbDotConfTests(), or pass in the default
> > > via
> > > an XML entity (see the dynconfig code for how that is done).
> > 
> > The default for the "mit kdc command" is set to the path detected by
> > the 
> > configure script. So I do not see an issue here. Can you please be
> > more 
> > precise?
> 
> We have a test (the samba.docs) test that tries to ensure that our
> smb.conf documentation matches the behaviour of the code.  Ideally the
> built documentation would also include this configure-detected path.
> 
> > > * "param: Add 'mit kdc config' option to smb.conf" adds a new
> > > parameter
> > > to the same file as an existing parameter.  The current practice is
> > > one
> > > per file
> > 
> > Fixed.
> > 
> > > * "s4-torture: Fix reauth tests with smaller clockskew grace time"
> > > Why does this patch undo "selftest: Set clowskew grace time to 1
> > > second"?
> > 
> > Fixed.
> > 
> > > * For "waf: Create kerberos_implementation.py for provisioning" I
> > > wonder if getting a variable from the C code might be more robust,
> > > like
> > > we use for detecting if we have the NTVFS file server?
> > 
> > This file is only for samba-tool.
> > 
> > We have a define for C, it is called SAMBA4_USES_HEIMADAL.
> 
> What I meant is that we can, if you like, expose that into python.
> That is how I did it for HAVE_NTVFS_FILESERVER.

Can you point me to the code?

I'm still a python newbie!

	Andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org