[PATCHSET] Samba AD with MIT Kerberos

Andreas Schneider asn at samba.org
Sun Apr 30 08:03:04 UTC 2017 

On Saturday, 29 April 2017 23:26:34 CEST Andrew Bartlett wrote:
> On Fri, 2017-04-28 at 13:41 +0200, Andreas Schneider via samba-
> 
> technical wrote:
> > On Thursday, 27 April 2017 11:55:27 CEST Andrew Bartlett via samba-
> > technical 
> > 
> > wrote:
> > > Much better!
> > 
> > The auth_log tests have been only developed for Heimdal. So I needed
> > to 
> > disabled them. It is the first commit of the attached patchset.
> > 
> > I ran the testsuite again on Fedora:
> > 
> > ALL OK (14265 tests in 2045 testsuites)
> > 
> > 
> > I wasn't able to run it on openSUSE again, because I had a failing
> > test and 
> > debugged that first, but that issue is not MIT related!
> 
> I finally got the chance to do the re-review over the latest set of
> changes.
> 
> In: [PATCH 01/52] s4:selftest: Only run auth_log tests with Heimdal
> 
> (as mentioned earlier, but just so you only have to work over one list)
> 
> This should be a knownfail I think.

I think we should look into it and check what exactly is missing with MIT 
Kerberos. It might be that only the kinit is the problem.

Take a look at 31491f8bb407ebe5dd976b6d1cad3d7d31080bd4

> In: [PATCH 10/52] param: Add 'mit kdc command' to change the default.
> 
> As you probably noticed in autobuild, setting the default for Heimdal
> is wrong.  I think the entity should be defined as "", but with some
> text in the docs to say that this only applies to an MIT build.  The
> main wrinkle comes from the pre-built docs used for the website and
> those platforms like debian where xsltproc blows up, they need a
> reasonable value (eg the /usr/sbin/krb5kdc you have) written into docs-
> xml/smbdotconf/generate-file-list.sh.  This is reproduced with "make
> dist"
> 
> [1(0)/1 at 0s] samba.tests.docs
> UNEXPECTED(failure):
> samba.tests.docs.samba.tests.docs.SmbDotConfTests.test_default_s3(none)
> REASON: Exception: Exception: Traceback (most recent call last):
>   File "/data/samba/git/samba-push/bin/python/samba/tests/docs.py",
> line 157, in test_default_s3
>     self._test_default(['bin/testparm'])
>   File "/data/samba/git/samba-push/bin/python/samba/tests/docs.py",
> line 205, in _test_default
>     "Parameters that do not have matching defaults:"))
> AssertionError: Parameters that do not have matching defaults:
> 
>     mit kdc command
>       Expected: /usr/sbin/krb5kdc
>       Got:
> UNEXPECTED(failure):
> samba.tests.docs.samba.tests.docs.SmbDotConfTests.test_default_s4(none)
> 
> In: [PATCH 41/52] python: Add provisioning support for MIT KDC in
>  samba-tool
> 
> You still reference _glue directly, not via samba.

Ok, I will check again, thanks!

> In: [PATCH 42/52] waf: Move python build instructions to wscript
> 
> Why do you need this patch?  I can't see what the purpose is, so could
> you extend the commit message?
> 
> The final quibble I have is that I don't like, but not really have an
> alternative to, the different tests for the different Kerberos
> platforms.  I fear we may update one and not the other (as happens
> already with the two backupkey servers).  Any efforts to further merge
> these would be most welcome.

I can try, but we need to write a lot more functions like

31491f8bb407ebe5dd976b6d1cad3d7d31080bd4

for that.

> 
> I trust we can sort out these last issues soon.  You have worked hard,
> and I'm really excited to see this land in master soon.

It is already in master, sorry.


But I think we can fix those things now too. Looking forward to meet you on 
Tuesday.


	Andreas

More information about the samba-technical mailing list