On Monday, 29 August 2016 18:16:26 CEST Dario Lesca wrote: > This recent Microsoft's Patch > https://lists.samba.org/archive/samba/2016-August/202197.html > > disable password change for Domain Controller NT4 Style. It is not knew that Microsoft dropped support for NT4 style domain controllers. Windows 7 was the last version which supported it. For newer versions there existed just some hacks. > IMHO, It may be time to enable support to AD-DC mode, or release > another renamed packages with AD-DC support enable. As Fedora and RHEL are using MIT Kerberos as its Kerberos infrastructure of choice, the Samba Active Directory Domain Controller implementation is not available with MIT Kerberos at the moment. Since several years I'm working on the migration to MIT Kerberos, but it is a huge task. See the talks Günther and I have given at the SambaXP conferences during the last years. For example: https://sambaxp.org/archive_data/SambaXP2014-DATA/wed/track2/ Andreas_Schneider-TheroadtoMITKerberossupport.pdf > The samba.src is ready for this: > > I have try to download the samba.src rpm, modify the spec file like > > this: > > sed \ > > -e 's/%global with_mitkrb5 1/%global with_mitkrb5 0/' \ > > -e 's/%global with_dc 0/%global with_dc 1/' \ > > ~/rpmbuild/SPECS/samba.spec > > rebuild the package, install it on a test server and configure it in > AC-DC mode. > > It seems work fine. But this uses Heimdal Kerberos and not MIT Kerberos which can lead to issues in the system. > > My question is: > > There is some hope that in the short this flags are enable by default? > > Many thanks for your reply Yes, we will enable Samba AD as soon as I'm done with porting it to MIT Kerberos. This will hopefully be the case next year. Best regards, -- andreas -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
