On 29/01/2023 14:00, Michael Tokarev via samba wrote:> 29.01.2023 16:51, Rowland Penny via samba wrote:
>
>> ?From the distros you mentioned, the first two didn't supply Samba
>> packages that could be provisioned as a DC, As far as I am aware,
>> Slackware is the same. Arch did supply Samba packages that could be
>> used as an AD DC, these used Samba's builtin Heimdal, are you
saying
>> that this has changed and they now use MIT ?
>
> I haven't followed history.
I have.
Redhat is on record of saying that they will never supply Samba packages
that will be capable of being provisioned as a DC (they want you to use
freeipa)
> At least Fedora provides samba ad-dc
> packages built
> with mit-krb5 for quite some time (I posted their rpm.spec file here).
Yes I know, I just wish they would be honest and mark them as experimental.
> Arch samba also works as an ad-dc.
Arch has always worked as an AD DC, but they did use Heimdal, if they
have moved to MIT, then they have also moved to the 'experimental' camp.
> ..
>
>> Seeing as how Samba is now using pretty much the latest Heimdal, I am
>> not surprised it works. However, Samba tests against the Heimdal it
>> supplies.
>
> Samba tests against mit-krb5 too, fwiw.
This I know, but, as far as I am aware, it is just so that the code
doesn't get broken.
>
> Unfortunately due to the way samba builds for testing has
> little to do with production build.
No, in my opinion, it has little to do with what you perceive to be a
production build.
From my perspective, until Samba stops marking MIT as experimental and
leaves the choice of KDC type up to the installer, then the only KDC to
use in production is the Heimdal one that Samba provides.
Your views are probably different.
Rowland