[WHATSNEW] Samba AD with MIT Kerberos + Version change

Rowland Penny rpenny at samba.org
Mon May 1 14:18:11 UTC 2017 

On Sun, 30 Apr 2017 17:42:19 +0100
Rowland Penny via samba-technical <samba-technical at lists.samba.org>
wrote:

> On Sun, 30 Apr 2017 09:30:21 -0700
> Jeremy Allison <jra at samba.org> wrote:
> 
> > On Sun, Apr 30, 2017 at 04:59:01PM +0100, Rowland Penny wrote:
> > > 
> > > That's basically what I said, move to MIT instead of Heimdal and
> > > change the version to 5 at the same time.
> > 
> > Yes, we are in violent agreement :-).
> > 
> > > How about putting something on the Samba webpage, it would make a
> > > change from all the out of date info ;-)
> > 
> > That's a really good idea !
> > 
> > > The other question is, How do I use MIT instead of Heimdal on
> > > debian ?
> > 
> > I know you need MIT 1.15.1 which is the *very latest*
> > release. Not sure if that's in debian yet (it's not
> > in Ubuntu 17.04).
> 
> OK, I will ask that question in a different way, what packages do you
> need to install on Fedora to compile Samba as an AD DC using MIT ?
> 
> Rowland
> 

There seems to be a problem on debian stretch:

./configure --with-system-mitkrb5

leads to this:

Checking for kdb                                                                  : yes 
Checking for gssapi                                                               : yes 
ERROR: MIT KRB5 build with Samba AD requires at least 1.15.1. 1.15 has been found and cannot be used
ERROR: If you want to just build Samba FS use the option --without-ad-dc which requires version 1.9
ERROR: You may try to build with embedded Heimdal Kerebros by not
specifying --with-system-mitkrb5

But when you check the installed package, you get this:

dpkg -s libkrb5-dev
Package: libkrb5-dev
Status: install ok installed
Priority: extra
Section: libdevel
Installed-Size: 173
Maintainer: Sam Hartman <hartmans at debian.org>
Architecture: amd64
Source: krb5
Version: 1.15-1
Replaces: krb5-multidev (<< 1.8+dfsg~alpha1-3)
Depends: krb5-multidev (= 1.15-1)
Suggests: krb5-doc
Conflicts: heimdal-dev
Description: headers and development libraries for MIT Kerberos
 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service.  That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the symlinks, headers, and development libraries
 needed to compile and link programs that use the Kerberos libraries.
Homepage: http://web.mit.edu/kerberos/

It would seem that 'Version: 1.15-1' isn't the same as the version that
Samba AD requires, which is 'at least 1.15.1' ;-)

To me it looks like Samba requires a dot between the package minor
version and revision i.e. 15.1, but debian uses a dash '-' instead.

Rowland

More information about the samba-technical mailing list