[Samba] Samba 4.8.10 for rhel7/centos7 rpms

Andreas Schneider asn at samba.org
Mon Apr 8 18:58:00 UTC 2019

On Monday, April 8, 2019 7:36:40 PM CEST Alexander Bokovoy wrote:
> On ma, 08 huhti 2019, vincent at cojot.name wrote:
> > Adding Alexander (cc'ed, thank you)
> > 
> > Hi Sergio,
> > I found some hints (dating back almost a year ago) about why gnutls-3.4
> > might be needed:
> > https://lists.samba.org/archive/samba-technical/2018-April/127282.html
> > 
> > I don't know how much of this still holds true (I've been running an AD DC
> > with rhel7's gnutls 3.3.z for over a year without apparent issues).
> Actually, you need Andreas, not me. ;)
> Andreas is working on crypto unification and moves crypto implementation
> to use standardized crypto libraries which have better chances to pass
> audit and certifications. Over few releases, gnutls has been improved to
> provide more and more of crypto primitives used by Samba. This is where
> a requirement for newer versions of gnutls comes from.

Samba AD DC built with MIT Kerberos requires gnutls 3.4.7 for implement the 
crypt for the DCERPC backupkey service.

If you build Samba on your with Heimdal on your own, then is it works with 
older GnuTLS versions. However I wouldn't run Samba AD DC with Heimdal, the 
Samba copy is from 2011. Who knows what's in there ...

Best regards,


Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

More information about the samba mailing list