On 10/29/2020 6:13 PM, Jeremy Allison wrote:> > Dan, Rowland spends an inordinate amount of time on > our lists helping out people with Samba configurations > of all kinds. The least people can do is to be polite > when asking for help. >I was under the impression that I was being sarcastic/funny. If I didn't come across that way, then I am sorry. I certainly didn't intend to come across as rude or anything of the sort. I am confused why Jeremy would say to use MIT vs Heimdal when the message I sent clearly shows an mit-krb5 package, but I had no intent of being rude. It's entirely possible he simply missed that detail. If that's the case I most certainly didn't want to come across as offensive. Again, if I failed to convey my thoughts correctly, I do humbly apologize. -- This email has been checked for viruses by AVG. https://www.avg.com
On Thu, 2020-10-29 at 20:47 -0600, Dan Egli via samba wrote:> On 10/29/2020 6:13 PM, Jeremy Allison wrote: > > Dan, Rowland spends an inordinate amount of time on > > our lists helping out people with Samba configurations > > of all kinds. The least people can do is to be polite > > when asking for help. > > > > I was under the impression that I was being sarcastic/funny. If I > didn't > come across that way, then I am sorry. I certainly didn't intend to > come > across as rude or anything of the sort. > > I am confused why Jeremy would say to use MIT vs Heimdal when the > message I sent clearly shows an mit-krb5 package, but I had no intent > of > being rude. It's entirely possible he simply missed that detail. If > that's the case I most certainly didn't want to come across as > offensive. Again, if I failed to convey my thoughts correctly, I do > humbly apologize.Please just use the bundled, internal Heimdal KDC. It requires no special configuration, everything is included. Your problem may simply be over-thinking the problem - unlike Samba of old where you had to manually build things up with OpenLDAP et al, everything is included in the AD DC. Instructions on building Samba are on our wiki, otherwise good packages are available from various places, just don't use the vendor provided packages on Fedora or RHEL as a DC (for this reason as they enable the experimental MIT KDC). Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
On 30/10/2020 02:47, Dan Egli wrote:> On 10/29/2020 6:13 PM, Jeremy Allison wrote: >> Dan, Rowland spends an inordinate amount of time on >> our lists helping out people with Samba configurations >> of all kinds. The least people can do is to be polite >> when asking for help. >> > I was under the impression that I was being sarcastic/funny. If I didn't > come across that way, then I am sorry. I certainly didn't intend to come > across as rude or anything of the sort. > > I am confused why Jeremy would say to use MIT vs Heimdal when the > message I sent clearly shows an mit-krb5 package, but I had no intent of > being rude. It's entirely possible he simply missed that detail. If > that's the case I most certainly didn't want to come across as > offensive. Again, if I failed to convey my thoughts correctly, I do > humbly apologize.Now I am confused, where did Jeremy say to use MIT ? I initially advised you to start again but to use Heimdal, you then said that you were using MIT and asked if it was too new a version. I replied that it wasn't that your MIT was too new, it was the wrong kerberos and explained in a bit more detail why. Use Heimdal, do not use MIT, is that plain enough for you ? Rowland
On 10/30/2020 2:11 AM, Rowland penny via samba wrote:> Now I am confused, where did Jeremy say to use MIT ? > > I initially advised you to start again but to use Heimdal, you then > said that you were using MIT and asked if it was too new a version. I > replied that it wasn't that your MIT was too new, it was the wrong > kerberos and explained in a bit more detail why. > > Use Heimdal, do not use MIT, is that plain enough for you ? >It's quite plain. I may have read a message backwards somehow. Unfortunately I don't have the original message to re-check. But in the mean time, as I said, I have removed the mit kerberos from my system and am currently compiling samba from source obtained from the samba site just a couple hours ago. I've already seen it start to build it's own heimdal implementation, so I'll give it a shot once everything is built and installed. -- Dan Egli On my test server -- This email has been checked for viruses by AVG. https://www.avg.com
On Thu, Oct 29, 2020 at 08:47:02PM -0600, Dan Egli via samba wrote:> On 10/29/2020 6:13 PM, Jeremy Allison wrote: > > > > Dan, Rowland spends an inordinate amount of time on > > our lists helping out people with Samba configurations > > of all kinds. The least people can do is to be polite > > when asking for help. > > > > I was under the impression that I was being sarcastic/funny. If I didn't > come across that way, then I am sorry. I certainly didn't intend to come > across as rude or anything of the sort.Sorry Dan, but sarcastic/funny often doesn't come off as intended on mailing lists. I have been caught by this myself many times, so I apologise if I mis-understood your intentions :-).> I am confused why Jeremy would say to use MIT vs Heimdal when the > message I sent clearly shows an mit-krb5 package, but I had no intent of > being rude. It's entirely possible he simply missed that detail. If > that's the case I most certainly didn't want to come across as > offensive. Again, if I failed to convey my thoughts correctly, I do > humbly apologize.No worries, we're all just trying to help here in a complex and virus-ridden (in more ways than one :-) world. I don't recall ever telling anyone to use MIT vs Heimdal, not for Samba-AD. MIT-AD is still experimental and the best solution as Andrew already mentioned is to use the built-in code. Cheers, Jeremy.