[WHATSNEW] Samba AD with MIT Kerberos + Version change

Thu May 4 14:42:49 UTC 2017

On Thursday, 4 May 2017 09:51:14 CEST Rowland Penny wrote:
> On Thu, 04 May 2017 09:21:44 +0200
> 
> Andreas Schneider <asn at samba.org> wrote:
> > On Wednesday, 3 May 2017 17:22:36 CEST Rowland Penny via
> > 
> > samba-technical wrote:
> > > On Wed, 3 May 2017 08:33:14 -0600
> > > 
> > > Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> > > > Thoughts on not having something run on a port. seLinux on Fedora,
> > > > Centos. Apparmor for Debian, Ubuntu. I really wish they made those
> > > > things easier to use. For testing I always disable them as best I
> > > > can.
> > > 
> > > Apparmor isn't installed, so it isn't that.
> > > 
> > > OK, fresh git pull:
> > > 
> > > samba -V
> > > Version 4.7.0pre1-GIT-61d6882b54d
> > > 
> > > I did the two changes as recommended by Andreas and then compiled
> > > with:
> > > 
> > > ./configure --with-system-mitkrb5
> > > make
> > > make install
> > > 
> > > I now get an error, python doesn't like Andreas's second patch, so
> > > back to mine:
> > > 
> > > from samba import is_heimdal_built
> > > import os
> > > 
> > > def make_kdcconf(realm, domain, kdcconfdir, logdir):
> > >     if is_heimdal_built:
> > >         return
> > > 
> > > The provision command works, but kdc.conf is not created.
> > > 
> > > I do not have any Heimdal packages installed, but it seems that the
> > > provision seems to think that Heimdal has been built. Looking in
> > > pyglue.c , it seems that the test is if 'SAMBA4_USES_HEIMDAL' is
> > > defined somewhere and as it seems to returning True, it must be ;-(
> > 
> > I will look into it after my talk today.
> > 
> > SAMBA4_USES_HEIMDAL is defined in bin/default/include/config.h
> > 
> > after you run configure.
> > 
> > 	Andreas
> 
> I tried again, new install of Devuan Jessie upgraded to Ascii (debian
> stretch without systemd) installed usual packages plus MIT 1.15.1 from
> Louis's packages. Added the two patches and compiled Samba.

Ok, I think we should create the kdc.conf file in a samba directory and set it 
in the smb.conf file. I'm looking into that.