[Samba] both Samba-4.9.5 AD DC upgrade to Samba current (4.22.*) - questions
Franta Hanzlík
franta at hanzlici.cz
Mon Jun 30 10:50:44 UTC 2025
Hi Rowland, thank for clarification!
On Mon, 30 Jun 2025 08:46:42 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Sun, 29 Jun 2025 23:26:40 +0200
> Franta Hanzlík <franta at hanzlici.cz> wrote:
> >
[...]
> >
> > Regarding using Debian distro - we have been using Fedora for a long
> > time now because we know it. And we compile Samba packages for DC
> > ourselves, with Heimdal Kerberos (Fedora has MIT, I'm not sure how
> > suitable it is for production deployment, I think it is still marked
> > as experimental). I don't know if switching to Debian would cause
> > some confusion and damage, when it will be new for us. IMO there will
> > not be much difference in functionality, although support in Debian
> > is probably greater today than in Fedora.
>
> In my opinion, the problem with Fedora is, they are not honest. The use
> of MIT for the kdc on a Samba AD DC is experimental and redhat is on
> record of saying there will never be Samba packages for RHEL that can
> be provisioned as an AD DC, but they do not and will not tell their
> users this.
>
> You can easily switch to Debian, just install Debian 12 in a VM,
> install Samba from bookworm-backports and you will get the latest Samba
> version (4.22.2 at present), just join this and it will work.
>
> Rowland
> --
From what I've gleaned from the Fedora mailing list and website and
the internet, I get the impression that Fedora's status on using Heimdal
or MIT Kerberos is roughly:
- Heimdal Kerberos doesn't have all the features the team needs (but
that probably applies to the old pre-7.x versions from 7+ years ago)
- MIT Kerberos fit better into their FreeIPA (Identity, Policy, Audit)
project.
- and maybe it's also their effort to maintain more control over
FreeIPA and possibly related projects.
In the long run, switching to Debian would probably be a better option,
but right now it would mean a bit more of a burden.
We'll think about it...
--
Thank Yoy, Franta Hanzlik
More information about the samba
mailing list