[Samba] Samba 4.2.14 Group Policy (GPO) sync error
rme at bluemail.ch
rme at bluemail.ch
Mon Aug 15 07:02:52 UTC 2016
> Heimdal is not actively developed any more, so the samba team manages required
> modifications internally.
> I remember I got the unknown mech error messages related to missing sasl
> libraries when using ldap-tools.
Well, the situation is a bit weird. Looks like at least the Gentoo team
is not fully aware about the modifications or their Heimdal is not
completely compatible. On the other hand also the Samba build scritps
seem not to verify the functionality completely. Moreover even at log
level 10 there is no clear message logged about any malfunction.
Moreover it looks like the Samba team relies on the hcrypto library
while even the Heimdal team seems to prefer OpenSSL on systems where it
is available. Samba should perhaps use OpenSSL (if available) too rather
than relying on hcrypto library. Especially since OpenSSL is maintained.
I am not fully into details right now but it seems to be common sense to
me that if you rely on some modifications with bundled libraries AND you
provide an option to disable this bundling that some verification
(version, functionality) of the external libraries should be done.
Anyway let's see what Gentoo developers come up with to fix this issue
for future ebuilds.
Perhaps this problem will be solved by the Samba team too by switching
to mit-krb5 or developing their own kerberos implementation. I don't
know the plans here.
More information about the samba
mailing list