[WHATSNEW] Samba AD with MIT Kerberos + Version change

Rowland Penny rpenny at samba.org
Mon May 1 14:18:11 UTC 2017

On Sun, 30 Apr 2017 17:42:19 +0100
Rowland Penny via samba-technical <samba-technical at lists.samba.org>

> On Sun, 30 Apr 2017 09:30:21 -0700
> Jeremy Allison <jra at samba.org> wrote:
> > On Sun, Apr 30, 2017 at 04:59:01PM +0100, Rowland Penny wrote:
> > > 
> > > That's basically what I said, move to MIT instead of Heimdal and
> > > change the version to 5 at the same time.
> > 
> > Yes, we are in violent agreement :-).
> > 
> > > How about putting something on the Samba webpage, it would make a
> > > change from all the out of date info ;-)
> > 
> > That's a really good idea !
> > 
> > > The other question is, How do I use MIT instead of Heimdal on
> > > debian ?
> > 
> > I know you need MIT 1.15.1 which is the *very latest*
> > release. Not sure if that's in debian yet (it's not
> > in Ubuntu 17.04).
> OK, I will ask that question in a different way, what packages do you
> need to install on Fedora to compile Samba as an AD DC using MIT ?
> Rowland

There seems to be a problem on debian stretch:

./configure --with-system-mitkrb5

leads to this:

Checking for kdb                                                                  : yes 
Checking for gssapi                                                               : yes 
ERROR: MIT KRB5 build with Samba AD requires at least 1.15.1. 1.15 has been found and cannot be used
ERROR: If you want to just build Samba FS use the option --without-ad-dc which requires version 1.9
ERROR: You may try to build with embedded Heimdal Kerebros by not
specifying --with-system-mitkrb5

But when you check the installed package, you get this:

dpkg -s libkrb5-dev
Package: libkrb5-dev
Status: install ok installed
Priority: extra
Section: libdevel
Installed-Size: 173
Maintainer: Sam Hartman <hartmans at debian.org>
Architecture: amd64
Source: krb5
Version: 1.15-1
Replaces: krb5-multidev (<< 1.8+dfsg~alpha1-3)
Depends: krb5-multidev (= 1.15-1)
Suggests: krb5-doc
Conflicts: heimdal-dev
Description: headers and development libraries for MIT Kerberos
 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service.  That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 This is the MIT reference implementation of Kerberos V5.
 This package contains the symlinks, headers, and development libraries
 needed to compile and link programs that use the Kerberos libraries.
Homepage: http://web.mit.edu/kerberos/

It would seem that 'Version: 1.15-1' isn't the same as the version that
Samba AD requires, which is 'at least 1.15.1' ;-)

To me it looks like Samba requires a dot between the package minor
version and revision i.e. 15.1, but debian uses a dash '-' instead.


More information about the samba-technical mailing list