[WHATSNEW] Samba AD with MIT Kerberos + Version change
Rowland Penny
rpenny at samba.org
Mon May 1 14:18:11 UTC 2017
On Sun, 30 Apr 2017 17:42:19 +0100
Rowland Penny via samba-technical <samba-technical at lists.samba.org>
wrote:
> On Sun, 30 Apr 2017 09:30:21 -0700
> Jeremy Allison <jra at samba.org> wrote:
>
> > On Sun, Apr 30, 2017 at 04:59:01PM +0100, Rowland Penny wrote:
> > >
> > > That's basically what I said, move to MIT instead of Heimdal and
> > > change the version to 5 at the same time.
> >
> > Yes, we are in violent agreement :-).
> >
> > > How about putting something on the Samba webpage, it would make a
> > > change from all the out of date info ;-)
> >
> > That's a really good idea !
> >
> > > The other question is, How do I use MIT instead of Heimdal on
> > > debian ?
> >
> > I know you need MIT 1.15.1 which is the *very latest*
> > release. Not sure if that's in debian yet (it's not
> > in Ubuntu 17.04).
>
> OK, I will ask that question in a different way, what packages do you
> need to install on Fedora to compile Samba as an AD DC using MIT ?
>
> Rowland
>
There seems to be a problem on debian stretch:
./configure --with-system-mitkrb5
leads to this:
Checking for kdb : yes
Checking for gssapi : yes
ERROR: MIT KRB5 build with Samba AD requires at least 1.15.1. 1.15 has been found and cannot be used
ERROR: If you want to just build Samba FS use the option --without-ad-dc which requires version 1.9
ERROR: You may try to build with embedded Heimdal Kerebros by not
specifying --with-system-mitkrb5
But when you check the installed package, you get this:
dpkg -s libkrb5-dev
Package: libkrb5-dev
Status: install ok installed
Priority: extra
Section: libdevel
Installed-Size: 173
Maintainer: Sam Hartman <hartmans at debian.org>
Architecture: amd64
Source: krb5
Version: 1.15-1
Replaces: krb5-multidev (<< 1.8+dfsg~alpha1-3)
Depends: krb5-multidev (= 1.15-1)
Suggests: krb5-doc
Conflicts: heimdal-dev
Description: headers and development libraries for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the symlinks, headers, and development libraries
needed to compile and link programs that use the Kerberos libraries.
Homepage: http://web.mit.edu/kerberos/
It would seem that 'Version: 1.15-1' isn't the same as the version that
Samba AD requires, which is 'at least 1.15.1' ;-)
To me it looks like Samba requires a dot between the package minor
version and revision i.e. 15.1, but debian uses a dash '-' instead.
Rowland
More information about the samba-technical
mailing list