On Mon, 20 May 2019, Nico Kadel-Garcia wrote:> On Mon, May 20, 2019 at 3:33 PM <me at tdiehl.org> wrote: >> >> On Sat, 18 May 2019, Nico Kadel-Garcia wrote: >> >>> On Wed, May 15, 2019 at 4:32 PM Tom Diehl via samba >>> <samba at lists.samba.org> wrote: >>>> >>>> Hi, >>>> >>>> I have a new Centos 7.6 VM that I self compiled 4.10.3 and joined it to an >>>> existing samba AD domain that has 2 existing DCs. One of the existing DCs is >>>> running 4.8.7 and the other is running 4.7.7. Everything looks OK except >>>> that when I run samba-tool drs showrepl on the new DC (VDC4) I get the >>>> following output: >>> >>> "self-compiled" can include a lot of sins, especially if trying to >>> place it alongside *or* in place of the provided libraries for tevent, >>> ldb, tdb, and talloc. Let me point you to my git repo, >> >> Well OK maybe I should have said self compiled using the instructions >> @ https://wiki.samba.org/index.php/Build_Samba_from_Source#configure and >> the package list from https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba#Red_Hat_Enterprise_Linux_7_.2F_CentOS_7_.2F_Scientific_Linux_7 >> substituting python36-devel for python-devel and adding python32-dns >> to get the samba-tool dns module to work. >> None of the distro samba packages are installed. >> >> TBH, I am guessng about the package list given the change from python2 to python3 >> as it does not look like the wiki has been updated for 4.10.x. >> >>> https:/github.com/nkadel/samba4repo/, with submodules for samba >>> itself, talloc, tevent, etc., etc. It's built to use the official >>> upstream tarballs from www.samba.org, not tarballs from *me*, and that >>> also will give you a good git repo you can use to manage any >>> compilation options in the ".spec" file. >> >> Is there a way to only build the Centos bits using your git repo? I have no >> Fedora machines and so far I have not been successful in getting the above >> to build on a Centos 7 VM using the version of Mock supplied by the Centos >> project. > > Yeah. Comment out the other operating systems in the Makefiles. > Install the dependencies, as RPMs, in order. The order in the top > level Makefile should get you through the process.OK, I thought about that but I was wondering if there was an easier way. Thanks for confirming that.>>> Hmm. some classic questions include "is SELinux on", and "which >>> Kerberos did you use, the supported internal Heimdal Kerberos or the >>> experimental support for MIT kerberos? >> >> SELinux is in permissive and my configure line is simply ./configure so no MIT >> here. IMO no one in their right mind would try to use MIT in production. > > If you just run "./configure" and then "make install, you can wind up > interleaving RPM based components on top of system components. Some of > the critical libraries are system libraries, used by other components, > and may not have been updated or may show up before your new compiled > versions based the system's LD_LIBRARY_PATH and other factors. I can't > try to debug that without a good look at what you have in place, and > where you put things, deliberately or accidentally. This is precisely > why I publish RPM's, and why for someone who doesn't like to play with > this stuff I'd actually they spend some money and pay for the Sernet, > commercially supported binaries.Here's where I disagree. When you run ./configure, make and make install everything gets put into /usr/local/samba by default. It is not installed over top of any system components. Not that I recommend this as a standard practice but if you totally screw the pooch on a build for whatever reason all you have to do is rm -r /usr/local/samba and you get to start over. I have tested this and know that it works. :-) Obviously if you do that to a DC that is joined to a domain, you have more than that to clean up. Regards, -- Tom me at tdiehl.org
On Mon, 2019-05-20 at 20:11 -0400, Tom Diehl via samba wrote:> On Mon, 20 May 2019, Nico Kadel-Garcia wrote: > > > On Mon, May 20, 2019 at 3:33 PM <me at tdiehl.org> wrote: > > > > > > On Sat, 18 May 2019, Nico Kadel-Garcia wrote: > > > > > > > On Wed, May 15, 2019 at 4:32 PM Tom Diehl via samba > > > > <samba at lists.samba.org> wrote: > > > > > > > > > > Hi, > > > > > > > > > > I have a new Centos 7.6 VM that I self compiled 4.10.3 and joined it to an > > > > > existing samba AD domain that has 2 existing DCs. One of the existing DCs is > > > > > running 4.8.7 and the other is running 4.7.7. Everything looks OK except > > > > > that when I run samba-tool drs showrepl on the new DC (VDC4) I get the > > > > > following output: > > > > > > > > "self-compiled" can include a lot of sins, especially if trying to > > > > place it alongside *or* in place of the provided libraries for tevent, > > > > ldb, tdb, and talloc. Let me point you to my git repo, > > > > > > Well OK maybe I should have said self compiled using the instructions > > > @ https://wiki.samba.org/index.php/Build_Samba_from_Source#configure and > > > the package list from https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba#Red_Hat_Enterprise_Linux_7_.2F_CentOS_7_.2F_Scientific_Linux_7 > > > substituting python36-devel for python-devel and adding python32-dns > > > to get the samba-tool dns module to work. > > > None of the distro samba packages are installed. > > > > > > TBH, I am guessng about the package list given the change from python2 to python3 > > > as it does not look like the wiki has been updated for 4.10.x. > > > > > > > https:/github.com/nkadel/samba4repo/, with submodules for samba > > > > itself, talloc, tevent, etc., etc. It's built to use the official > > > > upstream tarballs from www.samba.org, not tarballs from *me*, and that > > > > also will give you a good git repo you can use to manage any > > > > compilation options in the ".spec" file. > > > > > > Is there a way to only build the Centos bits using your git repo? I have no > > > Fedora machines and so far I have not been successful in getting the above > > > to build on a Centos 7 VM using the version of Mock supplied by the Centos > > > project. > > > > Yeah. Comment out the other operating systems in the Makefiles. > > Install the dependencies, as RPMs, in order. The order in the top > > level Makefile should get you through the process. > > OK, I thought about that but I was wondering if there was an easier way. > Thanks for confirming that. > > > > > Hmm. some classic questions include "is SELinux on", and "which > > > > Kerberos did you use, the supported internal Heimdal Kerberos or the > > > > experimental support for MIT kerberos? > > > > > > SELinux is in permissive and my configure line is simply ./configure so no MIT > > > here. IMO no one in their right mind would try to use MIT in production. > > > > If you just run "./configure" and then "make install, you can wind up > > interleaving RPM based components on top of system components. Some of > > the critical libraries are system libraries, used by other components, > > and may not have been updated or may show up before your new compiled > > versions based the system's LD_LIBRARY_PATH and other factors. I can't > > try to debug that without a good look at what you have in place, and > > where you put things, deliberately or accidentally. This is precisely > > why I publish RPM's, and why for someone who doesn't like to play with > > this stuff I'd actually they spend some money and pay for the Sernet, > > commercially supported binaries. > > Here's where I disagree. When you run ./configure, make and make install > everything gets put into /usr/local/samba by default. It is not installed > over top of any system components.Correct. Samba then uses -rpath to select these libraries in preference to system libraries. It is important to to overwrite or upgrade system versions of libldb in particular. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
On 21/05/2019 01:11, Tom Diehl via samba wrote:> On Mon, 20 May 2019, Nico Kadel-Garcia wrote: > >> On Mon, May 20, 2019 at 3:33 PM <me at tdiehl.org> wrote: >>> >>> On Sat, 18 May 2019, Nico Kadel-Garcia wrote: >>> >>>> On Wed, May 15, 2019 at 4:32 PM Tom Diehl via samba >>>> <samba at lists.samba.org> wrote: >>>>> >>>>> Hi, >>>>> >>>>> I have a new Centos 7.6 VM that I self compiled 4.10.3 and joined >>>>> it to an >>>>> existing samba AD domain that has 2 existing DCs. One of the >>>>> existing DCs is >>>>> running 4.8.7 and the other is running 4.7.7. Everything looks OK >>>>> except >>>>> that when I run samba-tool drs showrepl on the new DC (VDC4) I get >>>>> the >>>>> following output: >>>> >>>> "self-compiled" can include a lot of sins, especially if trying to >>>> place it alongside *or* in place of the provided libraries for tevent, >>>> ldb, tdb, and talloc. Let me point you to my git repo, >>> >>> Well OK maybe I should have said self compiled using the instructions >>> @ https://wiki.samba.org/index.php/Build_Samba_from_Source#configure >>> and >>> the package list from >>> https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba#Red_Hat_Enterprise_Linux_7_.2F_CentOS_7_.2F_Scientific_Linux_7 >>> substituting python36-devel for python-devel and adding python32-dns >>> to get the samba-tool dns module to work. >>> None of the distro samba packages are installed. >>> >>> TBH, I am guessng about the package list given the change from >>> python2 to python3 >>> as it does not look like the wiki has been updated for 4.10.x. >>> >>>> https:/github.com/nkadel/samba4repo/, with submodules for samba >>>> itself, talloc, tevent, etc., etc. It's built to use the official >>>> upstream tarballs from www.samba.org, not tarballs from *me*, and that >>>> also will give you a good git repo you can use to manage any >>>> compilation options in the ".spec" file. >>> >>> Is there a way to only build the Centos bits using your git repo? I >>> have no >>> Fedora machines and so far I have not been successful in getting the >>> above >>> to build on a Centos 7 VM using the version of Mock supplied by the >>> Centos >>> project. >> >> Yeah. Comment out the other operating systems in the Makefiles. >> Install the dependencies, asĀ RPMs, in order. The order in the top >> level Makefile should get you through the process. > > OK, I thought about that but I was wondering if there was an easier way. > Thanks for confirming that. > >>>> Hmm. some classic questions include "is SELinux on", and "which >>>> Kerberos did you use, the supported internal Heimdal Kerberos or the >>>> experimental support for MIT kerberos? >>> >>> SELinux is in permissive and my configure line is simply ./configure >>> so no MIT >>> here. IMO no one in their right mind would try to use MIT in >>> production. >> >> If you just run "./configure" and then "make install, you can wind up >> interleaving RPM based components on top of system components. Some of >> the critical libraries are system libraries, used by other components, >> and may not have been updated or may show up before your new compiled >> versions based the system's LD_LIBRARY_PATH and other factors. I can't >> try to debug that without a good look at what you have in place, and >> where you put things, deliberately or accidentally. This is precisely >> why I publish RPM's, and why for someone who doesn't like to play with >> this stuff I'd actually they spend some money and pay for the Sernet, >> commercially supported binaries. > > Here's where I disagree. When you run ./configure, make and make install > everything gets put into /usr/local/samba by default. It is not installed > over top of any system components. > > Not that I recommend this as a standard practice but if you totally > screw the > pooch on a build for whatever reason all you have to do is > rm -r /usr/local/samba and you get to start over. I have tested this > and know > that it works. :-) > > Obviously if you do that to a DC that is joined to a domain, you have > more than > that to clean up. > > Regards, >Whilst you can just run './configure' and have everything put into /usr/local/samba, if RHEL is like Debian, this comes with a couple of problems. You have to ensure that '$PATH' points to /usr/local/samba first and various things still expect to find Samba from the distro packages (gvfs is one, if I remember correctly). The problem, as I see it, is that RHEL is a bit late to the party and is where Debian was 5 years ago. On top of this is the extra problem of python3. Once methods to build Samba packages on RHEL are learnt, we will probably look back and ask 'what was the problem' ;-) Rowland
On Tue, 21 May 2019, Rowland penny via samba wrote:> On 21/05/2019 01:11, Tom Diehl via samba wrote: >> >> Here's where I disagree. When you run ./configure, make and make install >> everything gets put into /usr/local/samba by default. It is not installed >> over top of any system components. >> >> Not that I recommend this as a standard practice but if you totally screw >> the >> pooch on a build for whatever reason all you have to do is >> rm -r /usr/local/samba and you get to start over. I have tested this and >> know >> that it works. :-) >> >> Obviously if you do that to a DC that is joined to a domain, you have more >> than >> that to clean up. >> >> Regards, >> > Whilst you can just run './configure' and have everything put into > /usr/local/samba, if RHEL is like Debian, this comes with a couple of > problems. You have to ensure that '$PATH' points to /usr/local/samba first > and various things still expect to find Samba from the distro packages (gvfs > is one, if I remember correctly).The 2 things that I have found that I need to set outside of /usr/local/samba are the $PATH and 2 symlinks for winbind. Both of these are documented on the wiki (Thank you). If you use some type of configuration management such as ansible to build the DCs you do not even have to think about setting these. Other than that I have not needed to do anything else for a DC. For a file server I use the distro supplied packages. I do not know about the gvfs stuff. Since I only build dedicated DCs.> The problem, as I see it, is that RHEL is a bit late to the party and is > where Debian was 5 years ago. On top of this is the extra problem of python3.RHEL has always been behind as far as an AD DC is concerned because of the MIT BS.> Once methods to build Samba packages on RHEL are learnt, we will probably > look back and ask 'what was the problem' ;-)Having read this list for the last couple of years, I am starting to wonder why people are making this all so hard. I understand that pre-built packages are most desirable. I am a firm believer of that but in the case of a samba AD DC building rpms seems like a lot of extra work for little return. If I did not have something like ansible to allow me to make the builds repeatable and automated I might think differently but this works for me. :-) Rowland, any chance of getting https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba#Red_Hat_Enterprise_Linux_7_.2F_CentOS_7_.2F_Scientific_Linux_7 updated to reflect the package differences required for 4.10? I simply enabled the epel-repository and substituted python3x-devel for python-devel and added python3x-dns. The python3x-dns package was not obvious but without it the build would succeed but the samba-tool dns module would not work. I kinda thought the configure script would complain if I was missing some of the required python3 bits but it did not. Is this a bug in the configure script or is this expected? Regards, -- Tom me at tdiehl.org