Nico Kadel-Garcia
2021-Nov-11 16:59 UTC
[Samba] samba4repo working for samba-4.15.1 and RHEL 7 and 8 and Fedora 34
Good morning: I had some time between roles, and spent it backporting sama-4.15.1 to my https://github.com/nkadel/samba4repo/ . The current Fedora rawhide builds rely on the experimental MIT kerberos, rather than the Heimdal kerberos, and present compatibility issues for RHEL 7 and its forks. Is Samba close enough to fully compatible with current Kerberos releases? Can we reasonably rely on the current Fedora published releases of Samba, which rely on this for full domain controller features? And does anyone care enough about Amazon Linux 2 to justify the compatibility work needed to make Samba available there? I know there have been some attempts, and the python module stack gets a bit awkward because Amazon chose to use python 3.7 rather than the python 3.6 buil into EPEL and recompiling all the python modules gets hairy. Nico Kadel-Garcia
Andrew Bartlett
2021-Nov-11 21:06 UTC
[Samba] samba4repo working for samba-4.15.1 and RHEL 7 and 8 and Fedora 34
On Thu, 2021-11-11 at 11:59 -0500, Nico Kadel-Garcia via samba wrote:> Good morning: > > I had some time between roles, and spent it backporting sama-4.15.1 > to > my https://github.com/nkadel/samba4repo/ . The current Fedora rawhide > builds rely on the experimental MIT kerberos, rather than the Heimdal > kerberos, and present compatibility issues for RHEL 7 and its forks. > > Is Samba close enough to fully compatible with current Kerberos > releases? Can we reasonably rely on the current Fedora published > releases of Samba, which rely on this for full domain controller > features?Sadly no. The MIT KDC is still experimental, meaning that for example the security fixes we just shipped did not include the MIT KDC. The MIT KDC also doesn't support the Samba RODC.> And does anyone care enough about Amazon Linux 2 to justify the > compatibility work needed to make Samba available there? I know there > have been some attempts, and the python module stack gets a bit > awkward because Amazon chose to use python 3.7 rather than the python > 3.6 buil into EPEL and recompiling all the python modules gets hairy.Yeah, this is a real pain. I really wish they had not done that. However, it is still of interest to me, so while I can't ask you to do work towards that, it would be great if we didn't move backwards here. Thanks, Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions