On 29/01/2023 13:31, Michael Tokarev via samba wrote:> 29.01.2023 12:30, Rowland Penny via samba wrote:
> ..
>> Use another distro, such as Debian Bullseye, where you can get the
>> latest Samba from backports.
>
> It looks like Debian is the last major distro which builds Samba with
> Heimdal Kerberos
> instead of MIT Kerberos (and Ubuntu, which follows Debian in many
> parts). This is
> apparently just because samba maintainer had no resources to switch
> Debian build
> to MIT Kerberos too. Like most others (Redhat, Suse, Slackware, Arch,
> ...) are
> doing these days.
No, it was that Debian was the only major distro that built Samba using
Heimdal, as Samba wanted it to be, there was some much that didn't work
with MIT (and there are things that still don't).
What Samba didn't have was resources (as you say), but this was because
Heimdal could be made to work with a lot less effort than MIT, do you
think that Samba wouldn't have used MIT if it was that easy ?
From the distros you mentioned, the first two didn't supply Samba
packages that could be provisioned as a DC, As far as I am aware,
Slackware is the same. Arch did supply Samba packages that could be used
as an AD DC, these used Samba's builtin Heimdal, are you saying that
this has changed and they now use MIT ?
>
> So much for experimental.. :)
I do not say it is experimental, it is the Samba team.
>
> I prepared MIT-krb5 debian build of Samba too, it works at first but I
> haven't done any
> testing of it and haven't tried to put it to production.
If you want to use MIT, so be it, but it is your decision.
> Also, I tried
> to build samba
> with system heimdal (debian has quite recent heimdal pakcaging), - this
> one works too
> and includes most of the recent heimdal fixes as well.
Seeing as how Samba is now using pretty much the latest Heimdal, I am
not surprised it works. However, Samba tests against the Heimdal it
supplies.>
> /mjt
>