Andrew Bartlett
2017-Feb-17 18:53 UTC
[Samba] Minimum python 2.7 (not on RHEL6) for Samba 4.7 AD DC?
G'Day, I've been looking at our minimum python version for the AD DC. We have some patches currently being proposed to help us become compatible with the modern Python3, and one aspect (PyCapsule) would be easier to do if we restricted Samba to requiring Python 2.7 as a minimum. The wrinkle comes from our good friends at Red Hat, which found itself caught with Python 2.6 on RHEL6. Naturally additional python versions can be installed from third parties, just as folks have done for RHEL5 for some time, but it isn't 'just there' and the various online HOWTO solutions look much more complicated than an RPM install. My questions are: - do you deploy Samba as an AD DC on RHEL6 or CentOS 6? - If so, would an upgrade to RHEL7 be likely before you deploy Samba 4.7 in late 2017? or - do you deploy Samba as an AD DC on another platform without Python 2.7? (This is to inform me in a parallel thread I'm having with metze over the Python3 patches). Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Luc Lalonde
2017-Feb-17 23:08 UTC
[Samba] Minimum python 2.7 (not on RHEL6) for Samba 4.7 AD DC?
Hello Andrew, Presently we have two Windows2008R2 DC’s and one Samba4 (v4.1.13, CentOS6) DC. We plan on moving the server to CentOS7 this summer and upgrading to v4.6.x (when it comes out). We’re almost done phasing out all our CentOS6 servers... So I guess we’ll be ready for 4.7 when it comes out if Python 2.7 is a minimum requirement. It’s nice that the Samba developers take the time to ask our opinion on this change. Thank You!> On Feb 17, 2017, at 1:53 PM, Andrew Bartlett via samba <samba at lists.samba.org> wrote: > > G'Day, > > I've been looking at our minimum python version for the AD DC. > > We have some patches currently being proposed to help us become > compatible with the modern Python3, and one aspect (PyCapsule) would be > easier to do if we restricted Samba to requiring Python 2.7 as a > minimum. > > The wrinkle comes from our good friends at Red Hat, which found itself > caught with Python 2.6 on RHEL6. Naturally additional python versions > can be installed from third parties, just as folks have done for RHEL5 > for some time, but it isn't 'just there' and the various online HOWTO > solutions look much more complicated than an RPM install. > > My questions are: > - do you deploy Samba as an AD DC on RHEL6 or CentOS 6? > - If so, would an upgrade to RHEL7 be likely before you deploy Samba > 4.7 in late 2017? > > or > > - do you deploy Samba as an AD DC on another platform without Python > 2.7? > > (This is to inform me in a parallel thread I'm having with metze over > the Python3 patches). > > Thanks, > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Dario Lesca
2017-Feb-18 09:36 UTC
[Samba] Minimum python 2.7 (not on RHEL6) for Samba 4.7 AD DC?
Il giorno sab, 18/02/2017 alle 07.53 +1300, Andrew Bartlett via samba ha scritto:> - If so, would an upgrade to RHEL7 be likely before you deploy Samba > 4.7 in late 2017?RHEL/Centos 7.3 (last today update) already has python 2.7.x, RHEL/Centos 6 not.> [lesca at server-dati ~]$ cat /etc/redhat-release > CentOS Linux release 7.3.1611 (Core) > [lesca at server-dati ~]$ python --version > Python 2.7.5 > [lesca at server-dati ~]$Centos [6,7]* however does not have into current samba 4.x version fully support to AD DC (without rebuild the source with some few changes):> [lesca at dodo ~]$ rpm -ql samba-dc > /usr/share/doc/samba-dc > /usr/share/doc/samba-dc/README.dc > [lesca at dodo ~]$ cat /usr/share/doc/samba-dc/README.dc > MIT Kerberos 5 Support > ======================> ...The Samba build in Fedora is using MIT Kerberos > implementation in order to allow system-wide interoperability between > both desktop and server applications running on the same machine. > > At the moment the Samba Active Directory Domain Controller > implementation is not available with MIT Kereberos. FreeIPA and Samba > Team members are currently working on Samba MIT Kerberos support as > this is a requirement for a GNU/Linux distribution integration of > Samba AD DC features. > > We have just finished migrating the file server and all client > utilities to MIT Kerberos. The result of this work is available in > samba-* packages in Fedora. We'll provide Samba AD DC functionality > as soon as its support of MIT Kerberos KDC will be ready.How do you deploy samba AD DC on Centos? Manually rebuild it or ... You know that Samba 4.7 will have support to AD-DC with MIT Kerberos? Thank for reply -- Dario Lesca (inviato dal mio Linux Fedora 25 Workstation)
Rowland Penny
2017-Feb-18 10:10 UTC
[Samba] Minimum python 2.7 (not on RHEL6) for Samba 4.7 AD DC?
On Sat, 18 Feb 2017 10:36:18 +0100 Dario Lesca via samba <samba at lists.samba.org> wrote:> RHEL/Centos 7.3 (last today update) already has python 2.7.x, > RHEL/Centos 6 not.Yes, this is well known and is what the question was all about, are you using RHEL/Centos 6 now and planning to upgrade to version 7 before September ?> > > [lesca at dodo ~]$ rpm -ql samba-dc > > /usr/share/doc/samba-dc > > /usr/share/doc/samba-dc/README.dc > > [lesca at dodo ~]$ cat /usr/share/doc/samba-dc/README.dc > > MIT Kerberos 5 Support > > ======================> > At the moment the Samba Active Directory Domain Controller > > implementation is not available with MIT Kereberos. FreeIPA and > > Samba Team members are currently working on Samba MIT Kerberos > > support as this is a requirement for a GNU/Linux distribution > > integration of Samba AD DC features.The last part of that statement is plainly not correct, the 'GNU/Linux' part that is. It is available on Debian, which, last time I looked, was a 'GNU/Linux' distribution, it should be 'Red-Hat/Linux distribution'> How do you deploy samba AD DC on Centos? > > Manually rebuild it or ... > > You know that Samba 4.7 will have support to AD-DC with MIT Kerberos? >This is in the hands of the Red-Hat guys mainly, but 4.6 isn't out yet and the question isn't if Samba 4.7 will support MIT, but will RHEL/Centos 7 support an AD DC when Samba releases a version that supports MIT Rowland
On Sat, 2017-02-18 at 10:36 +0100, Dario Lesca via samba wrote:> > Centos [6,7]* however does not have into current samba 4.x version > fully support to AD DC (without rebuild the source with some few > changes): > > > [lesca at dodo ~]$ rpm -ql samba-dc > > /usr/share/doc/samba-dc > > /usr/share/doc/samba-dc/README.dc > > [lesca at dodo ~]$ cat /usr/share/doc/samba-dc/README.dc > > MIT Kerberos 5 Support > > ======================> > ...The Samba build in Fedora is using MIT Kerberos > > implementation in order to allow system-wide interoperability > > between > > both desktop and server applications running on the same machine. > > > > At the moment the Samba Active Directory Domain Controller > > implementation is not available with MIT Kereberos. FreeIPA and > > Samba > > Team members are currently working on Samba MIT Kerberos support as > > this is a requirement for a GNU/Linux distribution integration of > > Samba AD DC features. > > > > We have just finished migrating the file server and all client > > utilities to MIT Kerberos. The result of this work is available in > > samba-* packages in Fedora. We'll provide Samba AD DC functionality > > as soon as its support of MIT Kerberos KDC will be ready. > > How do you deploy samba AD DC on Centos? > > Manually rebuild it or ...Yes, or find a package by a third party.> You know that Samba 4.7 will have support to AD-DC with MIT Kerberos?There is still a lot of work to do on that as I understand it, and even then it will require a very modern MIT Krb5, and probably not what is in RHEL. This will remain a long road, sorry. Even with all that, users of Samba as an AD DC often wish to obtain a version (due to bug fixes and new features) that is much more current than shipping when a RHEL freezes, so I wonder if it will really be that much use anyway. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba