[Samba] Offical RHEL AD DC on RHEL

Andrew Bartlett abartlet at samba.org
Sat Feb 18 17:58:19 UTC 2017 

On Sat, 2017-02-18 at 10:36 +0100, Dario Lesca via samba wrote:
> 
> Centos [6,7]* however does not have into current samba 4.x version 
> fully support to AD DC (without rebuild the source with some few
> changes):
> 
> > [lesca at dodo ~]$ rpm -ql samba-dc
> > /usr/share/doc/samba-dc
> > /usr/share/doc/samba-dc/README.dc
> > [lesca at dodo ~]$ cat /usr/share/doc/samba-dc/README.dc
> > MIT Kerberos 5 Support
> > =======================
> > ...The Samba build in Fedora is using MIT Kerberos
> > implementation in order to allow system-wide interoperability
> > between
> > both desktop and server applications running on the same machine.
> > 
> > At the moment the Samba Active Directory Domain Controller
> > implementation is not available with MIT Kereberos. FreeIPA and
> > Samba
> > Team members are currently working on Samba MIT Kerberos support as
> > this is a requirement for a GNU/Linux distribution integration of
> > Samba AD DC features.
> > 
> > We have just finished migrating the file server and all client
> > utilities to MIT Kerberos.  The result of this work is available in
> > samba-* packages in Fedora. We'll provide Samba AD DC functionality
> > as soon as its support of MIT Kerberos KDC will be ready.
> 
> How do you deploy samba AD DC on Centos?
> 
> Manually rebuild it or ...

Yes, or find a package by a third party.  

> You know that Samba 4.7 will have support to AD-DC with MIT Kerberos?

There is still a lot of work to do on that as I understand it, and even
then it will require a very modern MIT Krb5, and probably not what is
in RHEL.  This will remain a long road, sorry.

Even with all that, users of Samba as an AD DC often wish to obtain a
version (due to bug fixes and new features) that is much more current
than shipping when a RHEL freezes, so I wonder if it will really be
that much use anyway.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list