[Samba] Samba 4.8.10 for rhel7/centos7 rpms

Peter Milesson miles at atmos.eu
Mon Apr 8 16:27:42 UTC 2019 


On 08.04.2019 17:12, Vincent S. Cojot via samba wrote:
>
> Adding Alexander (cc'ed, thank you)
>
> Hi Sergio,
> I found some hints (dating back almost a year ago) about why 
> gnutls-3.4 might be needed:
> https://lists.samba.org/archive/samba-technical/2018-April/127282.html
>
> I don't know how much of this still holds true (I've been running an 
> AD DC with rhel7's gnutls 3.3.z for over a year without apparent issues).
>
> Regards,
>
> Vincent
>
> On Mon, 8 Apr 2019, Sérgio Basto via samba wrote:
>
>> On Mon, 2019-04-08 at 06:25 +0100, Sérgio Basto via samba wrote:
>>> On Sun, 2019-04-07 at 12:38 -0400, vincent at cojot.name wrote:
>>>> On Sat, 6 Apr 2019, Sérgio Basto via samba wrote:
>>>>
>>>>>> http://nova.polymtl.ca/~coyote/dist/samba/samba-4.8.10
>>>>>
>>>>> How do you build this on Centos 7 without gnutls 3.4 and nettle
>>>>> 3.2
>>>>> ?
>>>>
>>>> Hi Sergio,
>>>> that's a very good question. I built these on rhrl7.6 with gnutls-
>>>> 3.3.39
>>>> and nettle-2.7.1:
>>>>
>>>> [root at dc02 ~]# rpm -q nettle gnutls
>>>> nettle-2.7.1-8.el7.x86_64
>>>> nettle-2.7.1-8.el7.i686
>>>> gnutls-3.3.29-9.el7_6.x86_64
>>>> gnutls-3.3.29-9.el7_6.i686
>>>>
>>>> Anything wrong with that? the SPECs are slightly modified from
>>>> Fedora.
>>>> (mostly to account for rhel7's python2 drfsults)
>>>>
>>>> I'd like to know more about the issies you suspect.. Do you have
>>>> any
>>>> pointers? Perhaps it is just a matter of RedHat's backports. Any
>>>> specific
>>>> CVE's ?
>>>
>>> All what I know, is just a requirement from ./configure when you
>>> enable
>>> -ad option IIRC . ./configure requires gnutls-3.4.7 [1]
>>
>> whe we use %global with_dc 1 we need  gnutls-3.4.7
>>
>>>
>>> [1]
>>> BUILDSTDERR: Checking for program krb5-config.heimdal
>>>                                          : not found
>>>
>>> BUILDSTDERR: Checking for program krb5-config
>>>                                                  : /usr/bin/krb5-
>>> config
>>>
>>> BUILDSTDERR: Checking for gnutls >= 3.4.7
>>>                                                      : yes
>>>
>>>> thanks,
>>>>
>>>> vincent
>>>>
>>>>>
>>>>> [1]
>>>>> https://copr.fedorainfracloud.org/coprs/sergiomb/SambaAD/builds/
>>>>>
>>>>> [2]
>>>>> https://github.com/sergiomb2/sambaad
>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> ,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-
>>>>>> ,._.,-
>>>>>> *~'`^`'~*-,
>>>>>> Vincent S. Cojot, Computer Engineering. STEP project. _.,-
>>>>>> *~'`^`'~*-
>>>>>> ,._.,-*~
>>>>>> Ecole Polytechnique de Montreal, Comite Micro-Informatique.
>>>>>> _.,-
>>>>>> *~'`^`'~*-,.
>>>>>> Linux Xview/OpenLook resources page _.,-*~'`^`'~*-,._.,-
>>>>>> *~'`^`'~*-
>>>>>> ,._.,-*~'
>>>>>> http://step.polymtl.ca/~coyote  _.,-*~'`^`'~*-,._
>>>>>> coyote at NOSPAM4cojot.name
>>>>>>
>>>>>> They cannot scare me with their empty spaces
>>>>>> Between stars - on stars where no human race is
>>>>>> I have it in me so much nearer home
>>>>>> To scare myself with my own desert places.       - Robert Frost
>>>>>>
>>>>>>
>>>>>
>>>>> -- 
>>>>> Sérgio M. B.
>>>>>
>>>>>
>>>>> -- 
>>>>> To unsubscribe from this list go to the following URL and read
>>>>> the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>> -- 
>>> Sérgio M. B.
>>>
>>>
>> -- 
>> Sérgio M. B.
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

Hi folks,

I followed the link below to compile a Samba AD DC (CentOS 7.5, now 
upgraded to CentOS 7.6). Instead of using 4.8.3, I took the 4.9.1 
source, that was fresh at the moment. I have got the same gnutls and 
nettle versions as Vincent. Everything compiled well. I scrapped the 
quota stuff, as it is a small domain with a few users, where quota 
doesn't make any sense (I face down users that misbehave). I also 
disabled cups (no need for printer sharing).

https://www.server-world.info/en/note?os=CentOS_7&p=samba&f=4

I had some problems with configuration, but they were related to my 
inexperience, and not to Samba (thanks to Rowland and Louis, who had 
patience with me). It's keeps going for around 6 months now. Every part 
of it seems to work nicely. DNS, permissions (exclusively Windows 
based), time sync. I haven't detected anything that seems problematic so 
far. I did set some GPOs in Samba for the first time yesterday (using 
RSAT under Windows 10 Pro), which also worked. Roaming profiles, home 
shares, and different data shares reside on a separate Samba server 
(CentOS 7.6, bundled Samba 4.7.1).

Just my fiver...

Best regards,

Peter

More information about the samba mailing list