[PATCHSET] Samba AD with MIT Kerberos

Andrew Bartlett abartlet at samba.org
Sat Apr 29 21:26:34 UTC 2017

On Fri, 2017-04-28 at 13:41 +0200, Andreas Schneider via samba-
technical wrote:
> On Thursday, 27 April 2017 11:55:27 CEST Andrew Bartlett via samba-
> technical 
> wrote:
> > Much better!
> > 
> The auth_log tests have been only developed for Heimdal. So I needed
> to 
> disabled them. It is the first commit of the attached patchset.
> I ran the testsuite again on Fedora:
> ALL OK (14265 tests in 2045 testsuites)
> I wasn't able to run it on openSUSE again, because I had a failing
> test and 
> debugged that first, but that issue is not MIT related!

I finally got the chance to do the re-review over the latest set of

In: [PATCH 01/52] s4:selftest: Only run auth_log tests with Heimdal

(as mentioned earlier, but just so you only have to work over one list)

This should be a knownfail I think.

In: [PATCH 10/52] param: Add 'mit kdc command' to change the default.

As you probably noticed in autobuild, setting the default for Heimdal
is wrong.  I think the entity should be defined as "", but with some
text in the docs to say that this only applies to an MIT build.  The
main wrinkle comes from the pre-built docs used for the website and
those platforms like debian where xsltproc blows up, they need a
reasonable value (eg the /usr/sbin/krb5kdc you have) written into docs-
xml/smbdotconf/generate-file-list.sh.  This is reproduced with "make

[1(0)/1 at 0s] samba.tests.docs
REASON: Exception: Exception: Traceback (most recent call last):
  File "/data/samba/git/samba-push/bin/python/samba/tests/docs.py",
line 157, in test_default_s3
  File "/data/samba/git/samba-push/bin/python/samba/tests/docs.py",
line 205, in _test_default
    "Parameters that do not have matching defaults:"))
AssertionError: Parameters that do not have matching defaults:

    mit kdc command
      Expected: /usr/sbin/krb5kdc

In: [PATCH 41/52] python: Add provisioning support for MIT KDC in

You still reference _glue directly, not via samba.

In: [PATCH 42/52] waf: Move python build instructions to wscript

Why do you need this patch?  I can't see what the purpose is, so could
you extend the commit message?

The final quibble I have is that I don't like, but not really have an
alternative to, the different tests for the different Kerberos
platforms.  I fear we may update one and not the other (as happens
already with the two backupkey servers).  Any efforts to further merge
these would be most welcome. 

I trust we can sort out these last issues soon.  You have worked hard,
and I'm really excited to see this land in master soon.


Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list