thr3ads.net - samba - [Samba] mjt samba packages has been updated to include bullseye builds and mit-krb5 builds [Nov 2022]

If this information is useful, please help other people find it:
Share via:

Michael Tokarev

2022-Nov-15 19:09 UTC

[Samba] mjt samba packages has been updated to include bullseye builds and mit-krb5 builds

Hi!

Here's another announce today about the repository at
http://www.corpit.ru/mjt/packages/samba/ .

I just uploaded regular samba-4.16 and samba-4.17 builds for
Debian Bullseye (current Debian stable) version, -- for those
who want to use particular version of Samba which is not
available in bullseye-backports. There can be only one version
in backports, and I plan to switch bpo11 to 4.17 once the
current build migrates to testing. Once again, I don't know
how this will work, time will tell. It is not recommended
to use external repositories with Debian, - please use at
your own risk.

And another news there is that I enabled builds with os-provided
MIT Kerberos5 instead of using built-in Heimdal source. This
is enabled for Ubuntu Jammy and Debian Bookworm (yes, the
"testing" distribution). It is the same samba, with exactly
the same functionality, but built with mit-krb5 support
(and there are some differences still between the two builds, see

https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC#Known_Limitations_of_MIT_Kerberos_Support_in_Samba

Unfortunately, this build is not available for Bullseye.
The problem is that bullseye has 1.18.3 version of krb5,
but samba ad-dc code requires minimum 1.19. It is possible
to build samba with older mit-krb5 but only without the
ad-dc code, - I don't plan to spend extra time "depackaging"
the ad-dc code from debian samba packages. libkrb5 should
be backported to bullseye instead. But since we're close
to the bookworm release (planned at January), let's just
wait till bookworm is released.

The mit-krb5 builds are experimental, I've no idea if it
works or not, - I haven't tried them yet. There's a missing
part there, - when you switch you ad-dc from heimdal-built
samba to mit-krb5-built samba, you have to create a single
file, /var/lib/samba/private/kdc.conf, -- see

https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC#Migrating_a_DC_That_Previously_Used_the_Heimdal_KDC
for details.

Thanks,

/mjt

samba - Nov 2022 - mjt samba packages has been updated to include bullseye builds and mit-krb5 builds

[Samba] mjt samba packages has been updated to include bullseye builds and mit-krb5 builds