On Tue, 2018-09-25 at 09:59 +0100, Rowland Penny via samba wrote:> On Tue, 25 Sep 2018 20:49:07 +1200 > Andrew Bartlett <abartlet at samba.org> wrote: > > > On Tue, 2018-09-25 at 09:44 +0100, Rowland Penny via samba wrote: > > > On Mon, 24 Sep 2018 21:22:06 GMT > > > "Torin Woltjer" <torin.woltjer at granddial.com> wrote: > > > > > > > > > > > Thanks for the quick reply, I believe I am using MIT based on > > > > log > > > > file names; but is there a better way to tell? I'm not very > > > > knowledgeable about the distinction between MIT and Heimdal > > > > regarding > > > > KDC. Can you direct me to a resource that explains how to make > > > > the > > > > switch as I am just using the defaults in SUSE. Additionally, > > > > many of the domains experiencing this bug were working fine; > > > > before migrating them from Ubuntu 16.04. Is this because the > > > > bug > > > > was introduced in a newer version that I am now using? Is the > > > > bug > > > > fixed in a version newer than what I am using now? > > > > > > > > Thanks again, I appreciate the help. > > > > > > > > Torin Woltjer > > > > > > > > Grand Dial Communications - A ZK Tech Inc. Company > > > > > > > > 616.776.1066 ext. 2006 > > > > www.granddial.com > > > > > > > > > > > > > > Took some finding, but I am now very sure that the opensuse Samba > > > AD > > > DC > > > uses MIT instead of Heimdal, so this makes it inadvisable to use > > > in > > > production. There are just too many problems to make it usable, > > > the > > > password problem being one of them. > > > > > > I am sorry, but, as far as I am aware, there is no RPM based > > > distro > > > that has production ready Samba packages, I also have a feeling > > > that > > > the Ubuntu packages now use MIT, so this really just leaves > > > Debian > > > etc. > > > > I've not seen any indication that Ubuntu has changed to MIT > > Kerberos, > > thankfully. > > > > Andrew Bartlett > > > > I thought I had seen it somewhere, but I bow to your superior > knowledge. > > Rowland >Following the advice here "Verifying if Samba Has Been Built with MIT Kerberos Support" https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC ... in reverse: $ cat /etc/os-release NAME="Ubuntu" VERSION="18.04.1 LTS (Bionic Beaver)" $ smbd -b | grep HAVE_LIBKADM5SRV_MIT $ So, no MIT involved on Ubuntu Cheers Jon
On Tue, 25 Sep 2018 10:40:52 +0000 Jon Gerdes via samba <samba at lists.samba.org> wrote:> On Tue, 2018-09-25 at 09:59 +0100, Rowland Penny via samba wrote: > > On Tue, 25 Sep 2018 20:49:07 +1200 > > Andrew Bartlett <abartlet at samba.org> wrote: > > > > > On Tue, 2018-09-25 at 09:44 +0100, Rowland Penny via samba wrote: > > > > On Mon, 24 Sep 2018 21:22:06 GMT > > > > "Torin Woltjer" <torin.woltjer at granddial.com> wrote: > > > > > > > > > > > > > > Thanks for the quick reply, I believe I am using MIT based on > > > > > log > > > > > file names; but is there a better way to tell? I'm not very > > > > > knowledgeable about the distinction between MIT and Heimdal > > > > > regarding > > > > > KDC. Can you direct me to a resource that explains how to make > > > > > the > > > > > switch as I am just using the defaults in SUSE. Additionally, > > > > > many of the domains experiencing this bug were working fine; > > > > > before migrating them from Ubuntu 16.04. Is this because the > > > > > bug > > > > > was introduced in a newer version that I am now using? Is the > > > > > bug > > > > > fixed in a version newer than what I am using now? > > > > > > > > > > Thanks again, I appreciate the help. > > > > > > > > > > Torin Woltjer > > > > > > > > > > Grand Dial Communications - A ZK Tech Inc. Company > > > > > > > > > > 616.776.1066 ext. 2006 > > > > > www.granddial.com > > > > > > > > > > > > > > > > > > Took some finding, but I am now very sure that the opensuse > > > > Samba AD > > > > DC > > > > uses MIT instead of Heimdal, so this makes it inadvisable to use > > > > in > > > > production. There are just too many problems to make it usable, > > > > the > > > > password problem being one of them. > > > > > > > > I am sorry, but, as far as I am aware, there is no RPM based > > > > distro > > > > that has production ready Samba packages, I also have a feeling > > > > that > > > > the Ubuntu packages now use MIT, so this really just leaves > > > > Debian > > > > etc. > > > > > > I've not seen any indication that Ubuntu has changed to MIT > > > Kerberos, > > > thankfully. > > > > > > Andrew Bartlett > > > > > > > I thought I had seen it somewhere, but I bow to your superior > > knowledge. > > > > Rowland > > > > Following the advice here "Verifying if Samba Has Been Built with MIT > Kerberos Support" > https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC > > ... in reverse: > > $ cat /etc/os-release > NAME="Ubuntu" > VERSION="18.04.1 LTS (Bionic Beaver)" > > $ smbd -b | grep HAVE_LIBKADM5SRV_MIT > $ > > So, no MIT involved on Ubuntu > > Cheers > JonThanks for that. So, it looks like 'RPM' = Experimental, 'DEB' = Production. Of course there is always 'Gentoo', but I suppose that distro falls into the 'compile it yourself' realm :-) Rowland
On Tue, 2018-09-25 at 12:08 +0100, Rowland Penny via samba wrote:> On Tue, 25 Sep 2018 10:40:52 +0000 > Jon Gerdes via samba <samba at lists.samba.org> wrote: > > > On Tue, 2018-09-25 at 09:59 +0100, Rowland Penny via samba wrote: > > > On Tue, 25 Sep 2018 20:49:07 +1200 > > > Andrew Bartlett <abartlet at samba.org> wrote: > > > > > > > On Tue, 2018-09-25 at 09:44 +0100, Rowland Penny via samba > > > > wrote: > > > > > On Mon, 24 Sep 2018 21:22:06 GMT > > > > > "Torin Woltjer" <torin.woltjer at granddial.com> wrote: > > > > > > > > > > > > > > > > > Thanks for the quick reply, I believe I am using MIT based > > > > > > on > > > > > > log > > > > > > file names; but is there a better way to tell? I'm not very > > > > > > knowledgeable about the distinction between MIT and Heimdal > > > > > > regarding > > > > > > KDC. Can you direct me to a resource that explains how to > > > > > > make > > > > > > the > > > > > > switch as I am just using the defaults in SUSE. > > > > > > Additionally, > > > > > > many of the domains experiencing this bug were working > > > > > > fine; > > > > > > before migrating them from Ubuntu 16.04. Is this because > > > > > > the > > > > > > bug > > > > > > was introduced in a newer version that I am now using? Is > > > > > > the > > > > > > bug > > > > > > fixed in a version newer than what I am using now? > > > > > > > > > > > > Thanks again, I appreciate the help. > > > > > > > > > > > > Torin Woltjer > > > > > > > > > > > > Grand Dial Communications - A ZK Tech Inc. Company > > > > > > > > > > > > 616.776.1066 ext. 2006 > > > > > > www.granddial.com > > > > > > > > > > > > > > > > > > > > > > Took some finding, but I am now very sure that the opensuse > > > > > Samba AD > > > > > DC > > > > > uses MIT instead of Heimdal, so this makes it inadvisable to > > > > > use > > > > > in > > > > > production. There are just too many problems to make it > > > > > usable, > > > > > the > > > > > password problem being one of them. > > > > > > > > > > I am sorry, but, as far as I am aware, there is no RPM based > > > > > distro > > > > > that has production ready Samba packages, I also have a > > > > > feeling > > > > > that > > > > > the Ubuntu packages now use MIT, so this really just leaves > > > > > Debian > > > > > etc. > > > > > > > > I've not seen any indication that Ubuntu has changed to MIT > > > > Kerberos, > > > > thankfully. > > > > > > > > Andrew Bartlett > > > > > > > > > > I thought I had seen it somewhere, but I bow to your superior > > > knowledge. > > > > > > Rowland > > > > > > > Following the advice here "Verifying if Samba Has Been Built with > > MIT > > Kerberos Support" > >https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC> > > > ... in reverse: > > > > $ cat /etc/os-release > > NAME="Ubuntu" > > VERSION="18.04.1 LTS (Bionic Beaver)" > > > > $ smbd -b | grep HAVE_LIBKADM5SRV_MIT > > $ > > > > So, no MIT involved on Ubuntu > > > > Cheers > > Jon > > Thanks for that. > > So, it looks like 'RPM' = Experimental, 'DEB' = Production. Of course > there is always 'Gentoo', but I suppose that distro falls into the > 'compile it yourself' realm :-) > > Rowland >$ cat /etc/os-release NAME="Arch Linux" $ smbd -b | grep HAVE_LIBKADM5SRV_MIT $ $ cat /etc/os-release NAME=Gentoo # smbd -b | grep HAVE_LIBKADM5SRV_MIT HAVE_LIBKADM5SRV_MIT ... but I set USE=system-mitkrb5 Cheers Jon