[Samba] GPO Filtering Denied

Rowland Penny rpenny at samba.org
Fri Apr 19 16:22:29 UTC 2019

On Fri, 19 Apr 2019 10:02:42 -0600
durwin at mgtsciences.com wrote:

> > 
> > There are two opensource kerberos servers, one is MIT, which is the
> > default on red-hat distros, the other is Heimdal, which is the
> > default for Samba. After a lot of work, Fedora is now using MIT
> > with Samba, but there is still a lot more to do, so it is
> > recommended to only use the Fedora packages for testing and Samba
> > with MIT is marked as experimental.
> >   
> > > 
> > > What are my other choices?  Compile from source?  
> > 
> > You can compile from source, but this would entail either creating
> > your own RPM's or setting the configure options to place Samba into
> > where Fedora expects it to be (which could be overwritten by a
> > later distro update) or just running './configure' which would
> > place Samba entirely into /usr/local/samba. You could also try to
> > find a repo that supplies Fedora RPM's that use Heimdal.
> > 
> > Another option is to use a distro that has always used Heimdal,
> > Debian is such a distro, but their Samba packages are bit old, this
> > isn't a big problem, you can find later Samba packages here:  
> I was just doing some searches for other distributions.  Centos was
> said to be based on Redhat.  Do you know if it would be a good one to
> use for Samba DC?

Centos is RHEL recompiled and as such, it will suffer from the same
problems as Fedora (some people call Fedora, RHEL testing) from the
Samba point of view. Basically, if you are going to change distro, you
need to find one that doesn't use MIT as its default kerberos server.
This will probably mean one that doesn't use RPM's.


More information about the samba mailing list