[opensuse-factory] Time for SAMBA-AD?
Hi, maybe this comes up from time to time - so here is the next one ;-) Currently, the samba4 spec file includes an option to build with AD support. I guess this is seldom tested, at least packaging is currently broken, but fix is trivial. I have not done any further tests. There is currently no big distro I know with support for AD. One of the reasons seem to be that it cannot used with the heimdal kerberos implementation used by many distros. I'm not sure if this still holds, because samba provides its own kerberos implementation. Of course there can't be two servers at the same time, but I guess this is no show stopper. Assume we have a working samba package with AD option enabled. I can understand that this topic is complex one, so neither the community nor openSUSE will be able to support this - maybe I'm wrong. My point is that we should at least have a working package with AD support (it builds and packages ok, maybe some minimal automatic tests are done - at least those included in samba already) and explicitly mention in some README that AD support is experimental and support is limited. The hope is to find a number of testers so simple fixes (building, packaging, ...) can be included. Something openSUSE can build upon later. Ideally later, a group can form with enough interest and knowledge to do some limited community support. But again, this requires AD support to be enabled. Opinions? Marc
On 2016-06-10 10:34, Marc Dietrich wrote:
Hi,
maybe this comes up from time to time - so here is the next one ;-) Currently, the samba4 spec file includes an option to build with AD support. I guess this is seldom tested, at least packaging is currently broken, but fix is trivial. I have not done any further tests.
There is currently no big distro I know with support for AD. One of the reasons seem to be that it cannot used with the heimdal kerberos implementation used by many distros. I'm not sure if this still holds, because samba provides its own kerberos implementation. Of course there can't be two servers at the same time, but I guess this is no show stopper.
Assume we have a working samba package with AD option enabled. I can understand that this topic is complex one, so neither the community nor openSUSE will be able to support this - maybe I'm wrong. My point is that we should at least have a working package with AD support (it builds and packages ok, maybe some minimal automatic tests are done - at least those included in samba already) and explicitly mention in some README that AD support is experimental and support is limited. The hope is to find a number of testers so simple fixes (building, packaging, ...) can be included. Something openSUSE can build upon later.
Ideally later, a group can form with enough interest and knowledge to do some limited community support. But again, this requires AD support to be enabled. Opinions?
Marc
Do you mean Samba-4 as a compete replacement for the A.D ? You know that some Samba4 internal parts completely replaces standard componts, like bind, openldap, kerberos. afaicr, some parts (mainly baind) can be configured to be used instead of the internal parts, but mainly kerberos (Heimdal/MIT) was a problem. OTOH, it think three years ago, at FOSDEM, Samba-speaker announced that their samba-4 solution was a complete replacement for a A.D-setup. And you could migrate AD->SMB4 without lost of functionality, and (even more important) you could always migrate back, also without loosing anything. Spectacular claims, that I would love to see (and not just me). -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Saturday 2016-06-25 13:45, suse@a-domani.nl wrote:
On 2016-06-10 10:34, Marc Dietrich wrote:
maybe this comes up from time to time - so here is the next one ;-) Currently, the samba4 spec file includes an option to build with AD support. I guess this is seldom tested, at least packaging is currently broken, but fix is trivial. [...] Ideally later, a group can form with enough interest and knowledge to do some limited community support. But again, this requires AD support to be enabled. Opinions?
/spins:/invis:/testing:/samba-ad is evaluating that since this week. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Samstag, 25. Juni 2016, 18:32:31 CEST schrieb Jan Engelhardt:
On Saturday 2016-06-25 13:45, suse@a-domani.nl wrote:
On 2016-06-10 10:34, Marc Dietrich wrote:
maybe this comes up from time to time - so here is the next one ;-) Currently, the samba4 spec file includes an option to build with AD support. I guess this is seldom tested, at least packaging is currently broken, but fix is trivial. [...] Ideally later, a group can form with enough interest and knowledge to do some limited community support. But again, this requires AD support to be enabled. Opinions?
/spins:/invis:/testing:/samba-ad is evaluating that since this week.
cool - thanks Jan. Hopefully this can diffuse to tumbleweed at some point. Do you know what the status of the "kerberos problem" is, e.g. does nfs4 work with the samba implementation? Marc
participants (3)
-
Jan Engelhardt -
Marc Dietrich -
suse@a-domani.nl