[Samba] problems with sysvol after fsmo transfer

Rowland Penny rpenny at samba.org
Fri Jan 13 12:11:56 UTC 2023

On 13/01/2023 11:28, Thorsten Marquardt via samba wrote:

> Will I face serious problems if I continue with the MIT kerberos based 
> samba packages? I like my openSUSE but I don't like to use packages 
> aside from the official ones. But honestly I'm somewhat surprised about 
> the fact that openSUSE stays on MIT Kerberos and doesn't switch to 
> Heimdal (at least for samba builds).
> Chears Thorsten

I take it that you are using MIT.

There is a wiki page about using MIT:


This page was altered back in November and these lines about the known 
limitations were removed:

* PKINIT support required for using smart cards

* Service for User to Self-service (S4U2self) not supported
* Service for User to Proxy (S4U2proxy) not supported
* Computer GPO's are not applied, see 
[https://bugzilla.samba.org/show_bug.cgi?id=13516 Bug 13516]

I am unclear about the first three, but the bug referred to in the last 
one is still open.

Using Samba packages that use MIT for a DC is experimental and isn't 
supported in production. RHEL does not supply any Samba packages that 
can be provisioned as a DC, but are fine for a Unix domain member. 
Fedora (and seemingly, Suse) do provide Samba packages that can be 
provisioned as a DC, but I wish they would state that they should only 
be used for testing because they use MIT for the kdc.

Any and all Samba OS packages are okay for use as Unix domain members 
etc, it is just the use of MIT as the kdc that is experimental.


More information about the samba mailing list