[Samba] problems with sysvol after fsmo transfer
Rowland Penny
rpenny at samba.org
Fri Jan 13 12:11:56 UTC 2023
On 13/01/2023 11:28, Thorsten Marquardt via samba wrote:
>
> Will I face serious problems if I continue with the MIT kerberos based
> samba packages? I like my openSUSE but I don't like to use packages
> aside from the official ones. But honestly I'm somewhat surprised about
> the fact that openSUSE stays on MIT Kerberos and doesn't switch to
> Heimdal (at least for samba builds).
>
> Chears Thorsten
>
>
I take it that you are using MIT.
There is a wiki page about using MIT:
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
This page was altered back in November and these lines about the known
limitations were removed:
* PKINIT support required for using smart cards
* Service for User to Self-service (S4U2self) not supported
* Service for User to Proxy (S4U2proxy) not supported
* Computer GPO's are not applied, see
[https://bugzilla.samba.org/show_bug.cgi?id=13516 Bug 13516]
I am unclear about the first three, but the bug referred to in the last
one is still open.
Using Samba packages that use MIT for a DC is experimental and isn't
supported in production. RHEL does not supply any Samba packages that
can be provisioned as a DC, but are fine for a Unix domain member.
Fedora (and seemingly, Suse) do provide Samba packages that can be
provisioned as a DC, but I wish they would state that they should only
be used for testing because they use MIT for the kdc.
Any and all Samba OS packages are okay for use as Unix domain members
etc, it is just the use of MIT as the kdc that is experimental.
Rowland
More information about the samba
mailing list