[Samba] Samba 4.2.14 Group Policy (GPO) sync error

rme at bluemail.ch rme at bluemail.ch
Mon Aug 15 07:02:52 UTC 2016

> Heimdal is not actively developed any more, so the samba team manages required
> modifications internally.
> I remember I got the unknown mech error messages related to missing sasl
> libraries when using ldap-tools.

Well, the situation is a bit weird. Looks like at least the Gentoo team 
is not fully aware about the modifications or their Heimdal is not 
completely compatible. On the other hand also the Samba build scritps 
seem not to verify the functionality completely. Moreover even at log 
level 10 there is no clear message logged about any malfunction.

Moreover it looks like the Samba team relies on the hcrypto library 
while even the Heimdal team seems to prefer OpenSSL on systems where it 
is available. Samba should perhaps use OpenSSL (if available) too rather 
than relying on hcrypto library. Especially since OpenSSL is maintained.

I am not fully into details right now but it seems to be common sense to 
me that if you rely on some modifications with bundled libraries AND you 
provide an option to disable this bundling that some verification 
(version, functionality) of the external libraries should be done.

Anyway let's see what Gentoo developers come up with to fix this issue 
for future ebuilds.
Perhaps this problem will be solved by the Samba team too by switching 
to mit-krb5 or developing their own kerberos implementation. I don't 
know the plans here.

More information about the samba mailing list