[PATCHSET] Samba AD with MIT Kerberos
Andreas Schneider
asn at samba.org
Mon Apr 3 11:37:55 UTC 2017
On Monday, 3 April 2017 12:05:52 CEST Andrew Bartlett via samba-technical
wrote:
> On Mon, 2017-04-03 at 10:15 +0200, Andreas Schneider wrote:
> > On Monday, 3 April 2017 00:56:47 CEST you wrote:
> > > On Mon, 2017-03-13 at 08:29 +0100, Andreas Schneider via samba-
> > >
> > > technical wrote:
> > > > Hello,
> > > >
> > > > after more than 3 years of work I finally got this:
> > > > ALL OK (14658 tests in 2030 testsuites)
> > > >
> > > > The testsuite completed for the first time!
> > >
> > > Sadly back on internal Heimdal it fails with:
> > >
> > > ../source4/kdc/pac-glue.c: In function ‘samba_make_krb5_pac’:
> > > ../source4/kdc/pac-glue.c:425:22: error: expected ‘=’, ‘,’, ‘;’,
> > > ‘asm’ or
> > > ‘__attribute__’ before ‘{’ token krb5_data null_data {
> >
> > There is just a missing equal sign. Fixed.
> >
> >
> > > Now I'm sure I could fix that up pretty quickly, but presumably
> > > there
> > > are some other niggles along the way. If you could get me a series
> > > that passes a full autobuild that would be great, as I would like
> > > to
> > > push it soon.
> > >
> > > Beyond that:
> > >
> > > * Can you please look carefully at the interaction of the docs test
> > > with the new parameter? I think you need to add mit kdc command to
> > > the
> > > special_cases in docs.py:SmbDotConfTests(), or pass in the default
> > > via
> > > an XML entity (see the dynconfig code for how that is done).
> >
> > The default for the "mit kdc command" is set to the path detected by
> > the
> > configure script. So I do not see an issue here. Can you please be
> > more
> > precise?
>
> We have a test (the samba.docs) test that tries to ensure that our
> smb.conf documentation matches the behaviour of the code. Ideally the
> built documentation would also include this configure-detected path.
>
> > > * "param: Add 'mit kdc config' option to smb.conf" adds a new
> > > parameter
> > > to the same file as an existing parameter. The current practice is
> > > one
> > > per file
> >
> > Fixed.
> >
> > > * "s4-torture: Fix reauth tests with smaller clockskew grace time"
> > > Why does this patch undo "selftest: Set clowskew grace time to 1
> > > second"?
> >
> > Fixed.
> >
> > > * For "waf: Create kerberos_implementation.py for provisioning" I
> > > wonder if getting a variable from the C code might be more robust,
> > > like
> > > we use for detecting if we have the NTVFS file server?
> >
> > This file is only for samba-tool.
> >
> > We have a define for C, it is called SAMBA4_USES_HEIMADAL.
>
> What I meant is that we can, if you like, expose that into python.
> That is how I did it for HAVE_NTVFS_FILESERVER.
Can you point me to the code?
I'm still a python newbie!
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list