[Samba] bind9 failure when using dlz_bind

Rowland Penny rpenny at samba.org
Sun Aug 11 12:23:43 UTC 2024


On Sun, 11 Aug 2024 13:46:01 +0200
Kees van Vloten via samba <samba at lists.samba.org> wrote:

> 
> On 11-08-2024 09:46, Rowland Penny via samba wrote:
> > On Sun, 11 Aug 2024 10:29:14 +0300
> > Michael Tokarev via samba<samba at lists.samba.org>  wrote:
> >
> >> 11.08.2024 00:53, Franta Hanzlík via samba wrote:
> >>
> >>> I have about the same crash on Fedora 40 x86_64/bind-9.18.28 and
> >>> Samba 4.20.4 (own build with internal Heimdal, as Fedora build it
> >>> with MIT Kerberos - which (IMO) not stable yet).
> >> What is not stable with mit-krb5 for you?
> >>
> >> Thanks,
> >>
> >> /mjt
> >>
> > I am also unsure just what is unstable with a MIT DC, but I am sure
> > that using one is still experimental and should only be used in
> > testing, if only Fedora would say this.
> >
> > Rowland
> >
> Although MIT Kerberos is still labelled "experimental", that is not
> very much the case anymore.
> 
> One thing to notice is that both have functional and feature
> differences.
> 
> There was a good presentation on this topic at SambaXP 2023: 
> https://www.youtube.com/watch?v=0_cdYuIYw0o.
> 
> - Kees.

Just because Fedora says that they have released 'production' ready
Samba MIT AD DC packages doesn't mean it is true. To configure Samba as
a MIT DC, requires this 'switch':

--with-experimental-mit-ad-dc

The 'help' says this:

Enable the experimental MIT Kerberos-backed AD DC. Note that
security patches are not issued for this configuration

So, until it doesn't say 'experimental' and security patches are issued,
I am going to call it experimental, no matter what anyone else says.

Rowland




More information about the samba mailing list