[PATCHSET] Samba AD with MIT Kerberos
Andreas Schneider
asn at samba.org
Sun Apr 30 08:03:04 UTC 2017
On Saturday, 29 April 2017 23:26:34 CEST Andrew Bartlett wrote:
> On Fri, 2017-04-28 at 13:41 +0200, Andreas Schneider via samba-
>
> technical wrote:
> > On Thursday, 27 April 2017 11:55:27 CEST Andrew Bartlett via samba-
> > technical
> >
> > wrote:
> > > Much better!
> >
> > The auth_log tests have been only developed for Heimdal. So I needed
> > to
> > disabled them. It is the first commit of the attached patchset.
> >
> > I ran the testsuite again on Fedora:
> >
> > ALL OK (14265 tests in 2045 testsuites)
> >
> >
> > I wasn't able to run it on openSUSE again, because I had a failing
> > test and
> > debugged that first, but that issue is not MIT related!
>
> I finally got the chance to do the re-review over the latest set of
> changes.
>
> In: [PATCH 01/52] s4:selftest: Only run auth_log tests with Heimdal
>
> (as mentioned earlier, but just so you only have to work over one list)
>
> This should be a knownfail I think.
I think we should look into it and check what exactly is missing with MIT
Kerberos. It might be that only the kinit is the problem.
Take a look at 31491f8bb407ebe5dd976b6d1cad3d7d31080bd4
> In: [PATCH 10/52] param: Add 'mit kdc command' to change the default.
>
> As you probably noticed in autobuild, setting the default for Heimdal
> is wrong. I think the entity should be defined as "", but with some
> text in the docs to say that this only applies to an MIT build. The
> main wrinkle comes from the pre-built docs used for the website and
> those platforms like debian where xsltproc blows up, they need a
> reasonable value (eg the /usr/sbin/krb5kdc you have) written into docs-
> xml/smbdotconf/generate-file-list.sh. This is reproduced with "make
> dist"
>
> [1(0)/1 at 0s] samba.tests.docs
> UNEXPECTED(failure):
> samba.tests.docs.samba.tests.docs.SmbDotConfTests.test_default_s3(none)
> REASON: Exception: Exception: Traceback (most recent call last):
> File "/data/samba/git/samba-push/bin/python/samba/tests/docs.py",
> line 157, in test_default_s3
> self._test_default(['bin/testparm'])
> File "/data/samba/git/samba-push/bin/python/samba/tests/docs.py",
> line 205, in _test_default
> "Parameters that do not have matching defaults:"))
> AssertionError: Parameters that do not have matching defaults:
>
> mit kdc command
> Expected: /usr/sbin/krb5kdc
> Got:
> UNEXPECTED(failure):
> samba.tests.docs.samba.tests.docs.SmbDotConfTests.test_default_s4(none)
>
> In: [PATCH 41/52] python: Add provisioning support for MIT KDC in
> samba-tool
>
> You still reference _glue directly, not via samba.
Ok, I will check again, thanks!
> In: [PATCH 42/52] waf: Move python build instructions to wscript
>
> Why do you need this patch? I can't see what the purpose is, so could
> you extend the commit message?
>
> The final quibble I have is that I don't like, but not really have an
> alternative to, the different tests for the different Kerberos
> platforms. I fear we may update one and not the other (as happens
> already with the two backupkey servers). Any efforts to further merge
> these would be most welcome.
I can try, but we need to write a lot more functions like
31491f8bb407ebe5dd976b6d1cad3d7d31080bd4
for that.
>
> I trust we can sort out these last issues soon. You have worked hard,
> and I'm really excited to see this land in master soon.
It is already in master, sorry.
But I think we can fix those things now too. Looking forward to meet you on
Tuesday.
Andreas
More information about the samba-technical
mailing list