> If you build Samba on your with Heimdal on your own, then is it works with > older GnuTLS versions. However I wouldn't run Samba AD DC with Heimdal, the > Samba copy is from 2011. Who knows what's in there ... > > Best regards, > > AndreasWOW! If Samba with Heimdal can't be trusted, and Samba with MIT is clearly experimental and not supported, then WHAT EXACTLY should Samba be used for? Just file/print services? Am I completely insane, or am I reading the above statement correctly?
On Mon, 2019-04-08 at 19:16 +0000, Billy Bob via samba wrote:> > If you build Samba on your with Heimdal on your own, then is it > > works with > > older GnuTLS versions. However I wouldn't run Samba AD DC with > > Heimdal, the > > Samba copy is from 2011. Who knows what's in there ... > > > > Best regards, > > > > Andreas > > WOW! If Samba with Heimdal can't be trusted, and Samba with MIT is > clearly experimental and not supported, then WHAT EXACTLY should > Samba be used for? Just file/print services? > Am I completely insane, or am I reading the above statement > correctly?Worst , MIT kbr5 is not just experimental , it miss a lot of features for Samba DC [1], "Computer GPO's are not applied !" BTW any prevision when MIT kbr will support GPO's ? [1] https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC#Known_Limitations_of_MIT_Kerberos_Support_in_Samba> >-- Sérgio M. B.
On Mon, 08 Apr 2019 22:09:25 +0100 Sérgio Basto via samba <samba at lists.samba.org> wrote:> On Mon, 2019-04-08 at 19:16 +0000, Billy Bob via samba wrote: > > > If you build Samba on your with Heimdal on your own, then is it > > > works with > > > older GnuTLS versions. However I wouldn't run Samba AD DC with > > > Heimdal, the > > > Samba copy is from 2011. Who knows what's in there ... > > > > > > Best regards, > > > > > > Andreas > > > > WOW! If Samba with Heimdal can't be trusted, and Samba with MIT is > > clearly experimental and not supported, then WHAT EXACTLY should > > Samba be used for? Just file/print services? > > Am I completely insane, or am I reading the above statement > > correctly? > > Worst , MIT kbr5 is not just experimental , it miss a lot of features > for Samba DC [1], "Computer GPO's are not applied !" BTW any prevision > when MIT kbr will support GPO's ?That's why it is 'experimental' ;-) Rowland
On Monday, April 8, 2019 11:09:25 PM CEST Sérgio Basto wrote:> On Mon, 2019-04-08 at 19:16 +0000, Billy Bob via samba wrote: > > > If you build Samba on your with Heimdal on your own, then is it > > > works with > > > older GnuTLS versions. However I wouldn't run Samba AD DC with > > > Heimdal, the > > > Samba copy is from 2011. Who knows what's in there ... > > > > > > Best regards, > > > > > > Andreas > > > > WOW! If Samba with Heimdal can't be trusted, and Samba with MIT is > > clearly experimental and not supported, then WHAT EXACTLY should > > Samba be used for? Just file/print services? > > Am I completely insane, or am I reading the above statement > > correctly? > > Worst , MIT kbr5 is not just experimental , it miss a lot of features > for Samba DC [1], "Computer GPO's are not applied !" BTW any prevision > when MIT kbr will support GPO's ?Well, we have a lack of resources in that area. We are just a small team and have a huge project with hundreds of features. If you depend on such things it is possible to fund development in that area. There are several companies offering feature development for Samba, even Linux distributions do. https://www.samba.org/samba/support/ I don't have time to work on MIT Kerberos support at the moment or in the near future. Andreas -- Andreas Schneider asn at samba.org Samba Team www.samba.org GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D