[Samba] Sernet 4.3.X package is no longer free :/

[MORILLO Jordi]

Hi Everybody,

I was expecting samba 4.3 .deb package from Sernet but surprise, branch 4.3 and futur will not be free.

Starting with Samba 4.3 SerNet made some changes to its popular packages, formerly known as EnterpriseSAMBA. They are now published as SAMBA+ for Samba 4.3 and all later versions and are available at our SAMBA+ shop<https://shop.samba.plus/> at https://shop.samba.plus<https://shop.samba.plus/> as software subscription per server and per year.

345.10€ for 1 server / 1 year

We are a small charity association with lots of small sites, so lots of samba server...
I don't think that we can pay Sernet. Time to compile i think :-)

What do you think about Sernet prices ?






--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

[Guilherme Boing]

What is the difference between samba and samba+ ?
I am using the "normal" Samba as I only have heard of SerNet from this
mailing list.

[L.P.H. van Belle]

Samba and sernet samba are the same, exept the sernet samba provides pre-build packages you can use.

What i think about this.. still thinking..
I can underestand sernet is asking for there packages, because they also
have to pay for bandwith and servers etc.

I do think that some of the users here on the mailing list should get the sernet packages free, for the support they give, but thats up to sernet.

I stay a while longer on 4.2 and see what happens here, because this change will impact the support here i think.

I would be nice if sernet proficed the build packages, like for me the "debian" folder in the sources, this would save a lot of mailling list support. I do think pressure is now more on the mailling list with building problems.
But again we will see..


Best regards,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Guilherme Boing
> Verzonden: maandag 21 september 2015 2:32
> Aan: MORILLO Jordi
> CC: sa...@lists.samba.org
> Onderwerp: Re: [Samba] Sernet 4.3.X package is no longer free :/

[Daniel Müller]

Samba is open source and free! Any payment for samba will be a stop towards Microsoft Windows Server.
If I have to pay for samba I will buy MS.

Greetings

Daniel


EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mue...@tropenklinik.de
Internet: www.tropenklinik.de



-----Ursprüngliche Nachricht-----
Von: samba [mailto:samba-...@lists.samba.org] Im Auftrag von MORILLO Jordi
Gesendet: Sonntag, 20. September 2015 19:24
An: sa...@lists.samba.org
Betreff: [Samba] Sernet 4.3.X package is no longer free :/

[Reindl Harald]

Am 21.09.2015 um 08:24 schrieb Daniel Müller:
> Samba is open source and free! Any payment for samba will be a stop towards Microsoft Windows Server.
> If I have to pay for samba I will buy MS.

i wonder that you don't realize the difference between software and
suppoprt / building, sama is free, you can compile it at your own, find
some distribution like CentOS/Debian/Fedora which does that for you or
if you need support and/or a newer version just pay for that support

> Leitung EDV

and that's why i wonder about your post...........

[mathias dufresne]

Mailing lists often don't like manually compiled software, too much
different choices to try to reproduce errors. That's why Sernet's package
are a great choice: we can install more recent versions than the one
offered by our system packager and still be able to discuss here about our
issues.

It seems Sernet Team uses --enable-fhs (coupled with --prefix=/usr
--sysconfdir=/etc --localstatedir=/var) for configure script before
compiling.

Are these options sufficient? Should we add more to obtain something close
enough of Sernet's versions?

Cheers,

mathias

[Oliver Rath]

Hi Matthias,

these parameters work fine for compiling samba as ad-dc-server, started
with the proper startscript from wiki.samba.org

If you want to use samba as file server, the parameters may vary.

Hth
Oliver

[Rowland Penny]

On 21/09/15 09:58, mathias dufresne wrote:
> Mailing lists often don't like manually compiled software, too much
> different choices to try to reproduce errors. That's why Sernet's package
> are a great choice: we can install more recent versions than the one
> offered by our system packager and still be able to discuss here about our
> issues.
>
> It seems Sernet Team uses --enable-fhs (coupled with --prefix=/usr
> --sysconfdir=/etc --localstatedir=/var) for configure script before
> compiling.
>
> Are these options sufficient? Should we add more to obtain something close
> enough of Sernet's versions?
>

Hi Mathias, no I don't think your options are sufficient, I once looked
into upgrading the Ubuntu 14.04 Samba packages and ended up using this:

./configure --enable-fhs --prefix=/usr --sysconfdir=/etc
--localstatedir=/var --with-statedir=/var/lib/samba
--with-pammodulesdir=/usr/lib/x86_64-linux-gnu/security
--with-privatedir=/var/lib/samba/private --with-piddir=/var/run/samba
--with-cachedir=/var/cache/samba --with-lockdir=/var/run/samba
--with-logfilebase=/var/log/samba --with-sockets-dir=/var/run/samba
--with-modulesdir=/usr/lib/x86_64-linux-gnu/samba
--with-privatelibdir=/usr/lib/x86_64-linux-gnu/samba
--with-privileged-socket-dir=/var/lib/samba --with-configdir=/etc/samba

The only problem is that you would now have to:

A) stop your package manager updating any part of Samba
B) be your own Samba maintainer and watch out for any critical updates

As for Sernet now only allowing downloads for people who buy a support
package, well this is their business decision, they have to make money
or they will go out of business. In future, if somebody posts on here
asking for help with a problem and they are using the Sernet packages, I
will just point them at Sernet, but they are unlikely to post here, if
you have bought support, you would use that.

Rowland

[Dario Lesca]

Il giorno lun, 21/09/2015 alle 10.46 +0200, Reindl Harald ha scritto:
> find some distribution like CentOS/Debian/Fedora which does that for
> you

The standard CentOS/Fedora's package do not have the full support to AD

I have found this howto for rebuild it and add AD support.
http://negativo17.org/samba-4-active-directory-with-bind-dlz-zones-dynamic-dns-updates-windows-static-rpc/
and
http://negativo17.org/samba-4-active-directory-with-bind-dlz-zones-dynamic-dns-updates-windows-static-rpc-2/

Is this really so ?

Thanks for info.

--
Dario Lesca
(inviato dal mio Linux Fedora 22 con Gnome 3.16)

[mathias dufresne]

The point is most distributions are late regarding available version of
Samba they have and Samba is under heavy development which makes sometimes
we can need last version of Samba rather than the one provided by our
favorite distribution. One example: trust relationship.

How would we do in that case to be able to have needed functionality and
still be able to discuss there about our issues? A common way to compile
Samba should be provided.

I spoke about trust relationship because I compiled Samba 4.3.0 RCs to test
them but, according to how Samba Team is working, I expect others
functionalities should appear in close future - as AD 2012 support - and
some would also compile their Samba.

Following is the part of my install script to compile Samba 4.3.0. This
script is for Centos 7.
-----------------------------------------------------
yum install --assumeyes gcc attr libacl-devel libblkid-devel \
gnutls-devel readline-devel python-devel gdb pkgconfig \
krb5-workstation zlib-devel setroubleshoot-server libaio-devel \
setroubleshoot-plugins policycoreutils-python \
libsemanage-python perl-ExtUtils-MakeMaker perl-Parse-Yapp \
perl-Test-Base popt-devel libxml2-devel libattr-devel \
keyutils-libs-devel cups-devel bind-utils libxslt \
docbook-style-xsl openldap-devel autoconf
yum install --assumeyes redhat-lsb-core pycrypto pam-devel xfsprogs-devel

tar xfz samba-4.3.0.tar.gz --directory=/root
cd /root/samba-4.3.0

cpu_count="`cat /proc/cpuinfo | awk '{ if($1 == "processor") print $3 }'
| tail -1`"
jobs=$(($cpu_count + 2))
./configure --enable-fhs --prefix=/usr --sysconfdir=/etc
--localstatedir=/var -j$jobs
make -j$jobs
make install
cd -

echo /usr/lib > /etc/ld.so.conf.d/samba4
ldconfig
-----------------------------------------------------

First "yum install" should come from samba wiki without modification.
The second one is for:
redhat-lsb-core -> reuse sernet's init script
pycrypto -> be able to create trust relationship (some error was displayed
without that package, I believe this package can be installed after
compilation time)
pam-devel + xfsprogs-devel -> more functionalities in Samba related to PAM
and XFS.

echo /usr/lib > /etc/ld.so.conf.d/samba4 ; ldconfig -> Samba was refusing
to start complaining it did no find some libraries which are hosted in
/usr/lib. I'm still wondering why this is needed as /usr/lib should be
already added... Anyway, adding that solve the issue.

The resultant binaries seems, to me, to work as Sernet package was working.
But I did not check all paths nor all functionalities.

Perhaps, we - the mailing list users - should work together to define a
standard way to compile... No idea about how complex this would be...

This would address to lost of Sernet packages and we also could provide
link to the compilation wiki page to users who compiled their Samba in a
rush (sometimes even without proceeding to ./configure --help)

[Reindl Harald]

Am 21.09.2015 um 13:51 schrieb mathias dufresne:
> The point is most distributions are late regarding available version of
> Samba they have and Samba is under heavy development which makes sometimes
> we can need last version of Samba rather than the one provided by our
> favorite distribution. One example: trust relationship.

in doubt (for Redhat bases systems) just download the src.rpm, update
the tarball in the SOUCRES folder, edit the SPEC file and build your own
package based on that one provides by the distribution

i do that for 7 years now in case of Fedora setups to control versions
and how things are packaged for server relevant software and so can even
hold back a major jump of PHP as example if we are not ready or do a
major jump when we are ready but the distribution isn't

if you don't want to do that stuff at your own pay someone who does like
sernet, that's it

aespipe-2.4d-2.fc22.20150911.rh.x86_64.rpm
apr-1.5.2-3.fc22.20150915.rh.x86_64.rpm
apr-devel-1.5.2-3.fc22.20150915.rh.x86_64.rpm
apr-util-1.5.4-5.fc22.20150915.rh.x86_64.rpm
apr-util-devel-1.5.4-5.fc22.20150915.rh.x86_64.rpm
apr-util-mysql-1.5.4-5.fc22.20150915.rh.x86_64.rpm
apr-util-nss-1.5.4-5.fc22.20150915.rh.x86_64.rpm
apr-util-openssl-1.5.4-5.fc22.20150915.rh.x86_64.rpm
arp-scan-1.8.4-1.fc22.20150911.rh.x86_64.rpm
cantata-1.5.2-2.fc22.20150911.rh.x86_64.rpm
dbmail-3.1.17-2.fc22.20150911.rh.3.1.17.x86_64.rpm
dbmail-manpages-3.1.17-2.fc22.20150911.rh.3.1.17.x86_64.rpm
dbmail-tools-3.1.17-2.fc22.20150911.rh.3.1.17.x86_64.rpm
dovecot-2.2.18-2.fc22.20150911.rh.x86_64.rpm
ffmpeg-devel-2.6.4-3.fc22.20150919.rh.x86_64.rpm
ffmpeg-latest-2.8.0-6.fc22.20150919.rh.x86_64.rpm
ffmpeg-latest-manpages-2.8.0-6.fc22.20150919.rh.noarch.rpm
ffmpeg-libs-2.6.4-3.fc22.20150919.rh.x86_64.rpm
fsync-tester-1.0-2.fc22.20150911.rh.x86_64.rpm
GeoIP-1.6.6-3.fc22.20150911.rh.x86_64.rpm
GeoIP-devel-1.6.6-3.fc22.20150911.rh.x86_64.rpm
gmime-2.6.20-6.fc22.20150911.rh.x86_64.rpm
gmime-devel-2.6.20-6.fc22.20150911.rh.x86_64.rpm
hostapd-2.4-7.fc22.20150911.rh.x86_64.rpm
httpd-2.4.16-2.fc22.20150920.rh.x86_64.rpm
httpd-devel-2.4.16-2.fc22.20150920.rh.x86_64.rpm
httpd-manual-2.4.16-2.fc22.20150920.rh.noarch.rpm
httpd-tools-2.4.16-2.fc22.20150920.rh.x86_64.rpm
hylafax-5.5.6-2.fc22.20150911.rh.x86_64.rpm
iat-0.1.7-17.fc22.20150911.rh.x86_64.rpm
iaxmodem-1.2.0-10.fc22.20150911.rh.x86_64.rpm
lame-3.99.5-5.fc22.20150911.rh.x86_64.rpm
lame-devel-3.99.5-5.fc22.20150911.rh.x86_64.rpm
lame-libs-3.99.5-5.fc22.20150911.rh.x86_64.rpm
libevent-2.0.22-6.fc22.20150911.rh.x86_64.rpm
libevent-devel-2.0.22-6.fc22.20150911.rh.x86_64.rpm
libmpdclient-2.10-2.fc22.20150911.rh.x86_64.rpm
libmpdclient-devel-2.10-2.fc22.20150911.rh.x86_64.rpm
libnss-mysql-1.5-23.fc22.20150911.rh.x86_64.rpm
libzdb-3.1-2.fc22.20150911.rh.x86_64.rpm
libzdb-devel-3.1-2.fc22.20150911.rh.x86_64.rpm
lzo-2.08-3.fc22.20150911.rh.x86_64.rpm
lzo-devel-2.08-3.fc22.20150911.rh.x86_64.rpm
lzo-minilzo-2.08-3.fc22.20150911.rh.x86_64.rpm
mariadb-10.0.21-1.fc22.20150911.rh.x86_64.rpm
mariadb-devel-10.0.21-1.fc22.20150911.rh.x86_64.rpm
mariadb-libs-10.0.21-1.fc22.20150911.rh.x86_64.rpm
mariadb-manpages-10.0.21-1.fc22.20150911.rh.x86_64.rpm
mariadb-server-10.0.21-1.fc22.20150911.rh.x86_64.rpm
mariadb-test-10.0.21-1.fc22.20150911.rh.x86_64.rpm
minizip-1.2.8-7.fc22.20150911.rh.x86_64.rpm
minizip-devel-1.2.8-7.fc22.20150911.rh.x86_64.rpm
mod_actions-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_asis-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_auth_form-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_authn_anon-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_authn_dbd-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_authn_dbm-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_authn_socache-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_authz_dbd-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_authz_dbm-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_authz_owner-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_buffer-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_cache-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_cache_disk-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_cache_socache-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_cgi-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_data-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_dav-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_dav_fs-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_dav_lock-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_dbd-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_dialup-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_dumpio-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_echo-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_ext_filter-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_file_cache-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_h264_streaming-2.2.7-21.fc22.20150911.rh.x86_64.rpm
mod_heartbeat-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_heartmonitor-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_include-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_info-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_lbmethod_bybusyness-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_lbmethod_byrequests-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_lbmethod_bytraffic-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_lbmethod_heartbeat-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_log_debug-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_log_forensic-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_logio-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_macro-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_mime_magic-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_negotiation-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_proxy-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_proxy_ajp-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_proxy_balancer-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_proxy_connect-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_proxy_express-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_proxy_fcgi-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_proxy_fdpass-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_proxy_ftp-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_proxy_html-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_proxy_http-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_proxy_scgi-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_proxy_wstunnel-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_reflector-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_request-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_security-2.9.0-5.fc22.20150920.rh.x86_64.rpm
mod_sed-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_slotmem_plain-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_slotmem_shm-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_socache_dbm-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_socache_memcache-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_speling-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_ssl-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_status-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_substitute-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_userdir-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_usertrack-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_vhost_alias-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_watchdog-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mod_xml2enc-2.4.16-2.fc22.20150920.rh.x86_64.rpm
mp3info-0.8.5a-21.fc22.20150911.rh.x86_64.rpm
mpc-0.27-2.fc22.20150911.rh.x86_64.rpm
mpd-0.19.10-1.fc22.20150911.rh.x86_64.rpm
mpdscribble-0.22-8.fc22.20150911.rh.x86_64.rpm
msttcorefonts-2.0-6.fc21.20150324.rh.noarch.rpm
netatalk-3.1.7-2.fc22.20150911.rh.x86_64.rpm
netatalk-devel-3.1.7-2.fc22.20150911.rh.x86_64.rpm
netatalk-manpages-3.1.7-2.fc22.20150911.rh.x86_64.rpm
openssl-1.0.1k-12.fc22.20150911.rh.x86_64.rpm
openssl-devel-1.0.1k-12.fc22.20150911.rh.x86_64.rpm
openssl-libs-1.0.1k-12.fc22.20150911.rh.x86_64.rpm
openssl-perl-1.0.1k-12.fc22.20150911.rh.x86_64.rpm
openssl-static-1.0.1k-12.fc22.20150911.rh.x86_64.rpm
open-vm-tools-10.0.0.3000743-2.fc22.20150913.rh.x86_64.rpm
openvpn-2.3.8-2.fc22.20150911.rh.x86_64.rpm
perl-Class-Std-Fast-0.0.8-14.fc22.20150911.rh.noarch.rpm
perl-Net-DRI-0.96_07-2.fc22.20150911.rh.noarch.rpm
perl-SOAP-WSDL-2.00.99_3-4.fc22.20150911.rh.noarch.rpm
php-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-bcmath-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-cli-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-common-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-devel-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-feedcreator-1.7.2-51.fc22.20150911.rh.noarch.rpm
php-gd-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-imap-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-intl-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-mbstring-5.6.13-6.fc22.20150920.rh.x86_64.rpm
phpMyAdmin-4.4.15-1.fc22.20150920.rh.noarch.rpm
php-opcache-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-pdo-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-pdo-mysql-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-pecl-geoip-1.1.0-1.fc22.20150915.rh.x86_64.rpm
php-pecl-imagick-3.1.2-1.fc22.20150915.rh.x86_64.rpm
php-pecl-mailparse-2.1.6-1.fc22.20150915.rh.x86_64.rpm
php-pecl-mysqlnd_qc-1.2.0-1.fc22.20150915.rh.x86_64.rpm
php-pecl-ssh2-0.12-1.fc22.20150915.rh.x86_64.rpm
php-pecl-uploadprogress-1.0.3.1-1.fc22.20150915.rh.x86_64.rpm
php-pecl-xdebug-2.3.3-1.fc22.20150915.rh.x86_64.rpm
php-phar-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-process-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-tidy-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-xml-5.6.13-6.fc22.20150920.rh.x86_64.rpm
php-xmlrpc-5.6.13-6.fc22.20150920.rh.x86_64.rpm
postfix-3.0.2-1.fc22.20150911.rh.x86_64.rpm
postfix-manpages-3.0.2-1.fc22.20150911.rh.x86_64.rpm
pulsed-5.0-5.fc22.20150911.rh.noarch.rpm
pure-ftpd-1.0.42-2.fc22.20150911.rh.x86_64.rpm
roundcubemail-1.0.7-1.fc22.20150918.rh.noarch.rpm
trafficserver-5.3.2-2.fc22.20150915.rh.x86_64.rpm
trafficserver-devel-5.3.2-2.fc22.20150915.rh.x86_64.rpm
trafficserver-manpages-5.3.2-2.fc22.20150915.rh.x86_64.rpm
trafficserver-plugins-5.3.2-2.fc22.20150915.rh.x86_64.rpm
up-imapproxy-1.2.8-6.fc22.20150911.rh.x86_64.rpm
vnstat-1.11-21.fc22.20150911.rh.x86_64.rpm
webalizer-xtended-2.23_08_RB30-36.fc22.20150911.rh.x86_64.rpm
woff-code-1.0-4.fc22.20150911.rh.x86_64.rpm
x264-latest-0.148.2597-6.fc22.20150919.rh.x86_64.rpm
xz-5.2.0-2.fc22.20150911.rh.x86_64.rpm
xz-compat-libs-5.2.0-2.fc22.20150911.rh.x86_64.rpm
xz-devel-5.2.0-2.fc22.20150911.rh.x86_64.rpm
xz-libs-5.2.0-2.fc22.20150911.rh.x86_64.rpm
xz-lzma-compat-5.2.0-2.fc22.20150911.rh.x86_64.rpm
xz-static-5.2.0-2.fc22.20150911.rh.x86_64.rpm
zlib-1.2.8-7.fc22.20150911.rh.x86_64.rpm
zlib-devel-1.2.8-7.fc22.20150911.rh.x86_64.rpm
zlib-static-1.2.8-7.fc22.20150911.rh.x86_64.rpm
zram-1.0.1-2.fc22.20150911.rh.noarch.rpm

[Bob of Donelson Trophy]

I own my small business and make decisions, some I don't like, that are
based on a logical set of facts that are driven by public demands.
Sernet has made their decision based on a logical set of facts. We, as
users of Samba4, get to move forward and live with their decision.

I, for one, am extremely interested in Mathis Dufresne shared
information here about installing Samba from the latest tarball file
offered by the Samba team.

But, comes to mind this fact. I have, while building my ADDC system had
the experience of (at one point) running a Debian Wheezy with Samba
4.1.17 as my DC and it preformed all my needed functions for my W7
clients. Now, granted my whole system consists of two Samba servers (CD
& member server) and two W7 clients. I have little need for tight
security, I just "need to get my jobs done" and have my information
available.

If I had ten employees (or for that matter 100) I might not think
anything about paying Sernet for support. That, I believe, is what they
are selling. Support not Samba4.

As with all of the many things that effect our lives, life changes,
again!
---

_______________________________

Bob Wooden of Donelson Trophy

615.885.2846
www.donelsontrophy.com [4]

"Everyone deserves an award!!"

> Il giorno lun, 21/09/2015 alle 10.46 +0200, Reindl Harald ha scritto: find some distribution like CentOS/Debian/Fedora which does that for you The standard CentOS/Fedora's package do not have the full support to AD I have found this howto for rebuild it and add AD support. http://negativo17.org/samba-4-active-directory-with-bind-dlz-zones-dynamic-dns-updates-windows-static-rpc/ [1] and http://negativo17.org/samba-4-active-directory-with-bind-dlz-zones-dynamic-dns-updates-windows-static-rpc-2/ [2] Is this really so ? Thanks for info. -- Dario Lesca (inviato dal mio Linux Fedora 22 con Gnome 3.16) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [3]


Links:
------
[1]
http://negativo17.org/samba-4-active-directory-with-bind-dlz-zones-dynamic-dns-updates-windows-static-rpc/
[2]
http://negativo17.org/samba-4-active-directory-with-bind-dlz-zones-dynamic-dns-updates-windows-static-rpc-2/
[3] https://lists.samba.org/mailman/options/samba
[4] http://www.donelsontrophy.com

[L.P.H. van Belle]

Totaly agree on below, going to work a samba-community package, which is the about same setup as the sernet or debian packages, with some extra things which are missing in the sernet packages itselfs.
Like the predefined winbind pam settings, so (in debian) we can use
pam-auth-update

I also want to put the compiling set on github, so everybody can add patches to it. The debian install scripts i made will also be there in time.

Im changing my script to a layout like.

Install-samba4.sh
=> detects os and version, get the needed include files for that.
=> select samba package, (based on the OS detect and choose option)
=> debian original
=> debian backports
=> debian sernet (4.1/4.2) only
=> compile latest (based on git master)
=> compile op production server.
=> if no, create repo for other servers.
=> setup apache etc..
=> selection for ADDC single server, home shares on ADDC.
=> selection for ADDC multiple servers, no shares on the DC's
=> select sysvol sync type.
=> Samba AD selected, RFC2307 IDMAP BACKEND. AD or RID ?
=> selection for standalone server ( shares with open access )
=> selection for member server (base)
=> selection fileserver
=> selection print server
=> selection for proxy server
=> authorisation types selection.
=> nfsv4 option for home shares
=> enable ssh logins with the windows users, (tested with putty)
=> setup dhcp server.

=> create config file for install replay.
=> install

=> Options setup, Zarafa mailserver.
=> etc..



This is basicly the layout im working to and all i have running somewhere.
Lots of code is already there somewere..
For now im to busy, so no changing the scripts atm, i have first my work todo here.
Hope the main things are done in about 1 month, then i can make time to work
on the scripts and put them on github and add needed info to my website.

And i hope that when this goes up, the mailing users are all helping out in
improving the above scripts.

I know much but i dont know everything..

Ow and this is NOT flaming to sernet, but just a attempt to get less questions in the mailing and improve samba support.


Greetz,

Louis

> Perhaps, we - the mailing list users - should work together to define a
> standard way to compile... No idea about how complex this would be...
>
> This would address to lost of Sernet packages and we also could provide
> link to the compilation wiki page to users who compiled their Samba in a
> rush (sometimes even without proceeding to ./configure --help)
>

[mathias dufresne]

That's an option to rely on how was built our distribution package to build
a new one but I think we need a common way to compile to ask help here.
Options used to compile can change from one version to another in
distributions packages.

The point is how community can help devs in testing new versions if we all
build different Samba? For me that is the main point of Sernet's versions,
Samba Team knows them, they can reproduce errors to confirm the error
exist, that this is a bug.

As a Gentoo user I don't come on mailing list speaking about Gentoo issue
for new software because it would be almost impossible to anyone to
reproduce my environment (too much options, too much packages).

The whole point is how to compile and still be able to discuss about issues
with compiled Samba.

[Reindl Harald]

Am 21.09.2015 um 14:28 schrieb mathias dufresne:
> That's an option to rely on how was built our distribution package to build
> a new one but I think we need a common way to compile to ask help here.
> Options used to compile can change from one version to another in
> distributions packages.

i don't see a valid reason why samba should be treated different than
any other software like postfix, dovecot, mariadb, httpd, trafficserver,
named, unbound, ffmpeg where for most software it's absolutely normal to
use distribution packages (as well as i do that for samba where the
Fedora packages are typically recent)

for all other server software own builds and distribution packages are
fine while asking on the upstream user mailing-lists and for samba it's
different

explain me why!

[Nico Kadel-Garcia]

On Mon, Sep 21, 2015 at 2:24 AM, Daniel Müller <mue...@tropenklinik.de> wrote:
> Samba is open source and free! Any payment for samba will be a stop towards Microsoft Windows Server.

"Free as in speech" is not the same as "Free as in beer". The
difference pays a lot of my salary.

> If I have to pay for samba I will buy MS.
>
> Greetings
>
> Daniel
>
>
> EDV Daniel Müller

Stay calm, please. Sernet publishes leading edge, tested builds for a
lot of different operating systems. That takes engineering time, and
resources to do the builds and testing on, and yes, they sell
subscriptions to their services.

If you want bleeding edge, repackage it yourself or use a stable
version from a standard operating system, such as RHEL or CentOS or
Scientific Linux or Debian or Ubuntu or Arch or Gentoo or wherever
someone competent has done the extra work. I've been backporting Samba
4.2 to RHEL 7 and RHEL 7, and publishing on github, so it's certainly
feasible. Heck, I've been doing this since.... oh, dear lord, it's
been roughly 20 years for various operating systems.

Mind you, it's been a pain in the neck lately. Unweaving the systemd
dependencies from Fedora releases to work with the older RHEL 6
operating system has been nasty, and RHEL's decision to use the
incompatible "Heimdal" library for Kerberos make it a lot more awkward
to compile with directory controller support, which is partly why I
maintain my build. But it's an ongoing hobby project for me, at
https://github.com/nkadel/samba4repo/

[mathias dufresne]

Because AD is a critical point in IT infrastructures and because Samba4 is
under heavy development.

Some could need new features so they would have to compile.
Some wants to test new features, to help Samba team in testing. They'll
have to compile.

Both could face issues. To discuss about these issues they must have a
reproducible environment.

Some would test / need some very particular features, needing very
particular compilation options.
Most of us would test / need standard stuffs. In these cases a standard
(way of compilation of the) software is better: some others people here can
have the same environment to try reproduce the issue without the need to
reproduce the environment.

I must insist: all this is because Samba Team is working too hard and too
well. If they would push one little update every two years, we would be
able to rely on distribution packages : )

[MORILLO Jordi]

I don't shame about Sernet decision and I understand it but:

The fact is:
We are a poor and little association, with small budget and many many sites.
We have about 50 samba installed on low budget personnal computer.

It would be great if Sernet could separate .deb package and support
We could pay few euros/dollars for an easy to install .deb package without support but it's impossible for us to pay for 345.10€ x 50 per year...
I know that opensource business is hard to money, and i understand their decision BUT they have to offer more "pack offer" closer from small samba users reality.

A traded compagny don't have same budget compared to little compagny.
Opensource is philosophy but it could be for some users economy too :/

-----Message d'origine-----
De : samba [mailto:samba-...@lists.samba.org] De la part de MORILLO Jordi
Envoyé : dimanche 20 septembre 2015 19:37
À : sa...@lists.samba.org
Objet : [Samba] Sernet 4.3.X package is no longer free :/

[Reindl Harald]

Am 21.09.2015 um 16:58 schrieb L.P.H. van Belle:
> So you get 1 time the package, put it on your own apt repo inside your lan and you pay only 1 time.
>
> But, i dont know it sernet is allowing that.

no and you quote it below

> As i read of the site : samba.plus.
>
> Software subscription for one year and one Linux Server. (Servers are counted via the number of process that accept TCP connections on port 445, regardless the CPU number.)
>
> Looks to me if the have only 1 connection, you only pay one.

what has that to do with connections

"Servers are counted via the number of process that accept TCP
connections on port 445" is a pretty clear explaintion - every server
(virtual or physical) running a smbd process is as clear as something can be

> Maybe sernet can explain this a bit more.

see above

>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-...@lists.samba.org] Namens MORILLO Jordi
>> Verzonden: maandag 21 september 2015 16:10
>> Aan: sa...@lists.samba.org
>> Onderwerp: Re: [Samba] Sernet 4.3.X package is no longer free :/

>>
>> I don't shame about Sernet decision and I understand it but:
>>
>> The fact is:
>> We are a poor and little association, with small budget and many many
>> sites.
>> We have about 50 samba installed on low budget personnal computer.
>>
>> It would be great if Sernet could separate .deb package and support
>> We could pay few euros/dollars for an easy to install .deb package without
>> support but it's impossible for us to pay for 345.10€ x 50 per year...
>> I know that opensource business is hard to money, and i understand their
>> decision BUT they have to offer more "pack offer" closer from small samba
>> users reality.
>>
>> A traded compagny don't have same budget compared to little compagny.
>> Opensource is philosophy but it could be for some users economy too :/
>>
>> -----Message d'origine-----
>> De : samba [mailto:samba-...@lists.samba.org] De la part de MORILLO
>> Jordi
>> Envoyé : dimanche 20 septembre 2015 19:37
>> À : sa...@lists.samba.org
>> Objet : [Samba] Sernet 4.3.X package is no longer free :/
>>

[L.P.H. van Belle]

So you get 1 time the package, put it on your own apt repo inside your lan and you pay only 1 time.

But, i dont know it sernet is allowing that.

As i read of the site : samba.plus.

Software subscription for one year and one Linux Server. (Servers are counted via the number of process that accept TCP connections on port 445, regardless the CPU number.)

Looks to me if the have only 1 connection, you only pay one.

Maybe sernet can explain this a bit more.

Best regards,

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens MORILLO Jordi
> Verzonden: maandag 21 september 2015 16:10
> Aan: sa...@lists.samba.org

> Onderwerp: Re: [Samba] Sernet 4.3.X package is no longer free :/

[Chris Weiss]

On Mon, Sep 21, 2015 at 7:47 AM Reindl Harald <h.re...@thelounge.net>
wrote:

>
>
> Am 21.09.2015 um 14:28 schrieb mathias dufresne:
>
> i don't see a valid reason why samba should be treated different than
> any other software like postfix, dovecot, mariadb, httpd, trafficserver,
> named, unbound, ffmpeg where for most software it's absolutely normal to
> use distribution packages (as well as i do that for samba where the
> Fedora packages are typically recent)
>
> for all other server software own builds and distribution packages are
> fine while asking on the upstream user mailing-lists and for samba it's
> different
>
> explain me why!
>

it's not different. those packages you mentioned have had someone step up
and volunteer to maintain the software package for that distro. sometimes
it's a core member of the distro, sometimes a member of the project itself,
and often neither. the people that have stepped up for samba are doing
builds based on the feedback they get in the time they have available. if
your distro's package doesn't have something you need, file a bug report or
feature request to get it added. don't be surprised if the response is
"please submit a patch".

and as others have mentioned, samba is under pretty heavy development.
"stable" distro releases only get feature upgrades every 2-5 years (depends
on the distro). that's a /very/ long time in the samba release cycle. the
stable testing cycle is also several months, so when a new distro version
is released, its samba package is already out of date again.

[Reindl Harald]

Am 21.09.2015 um 17:47 schrieb Mark Foley:

> On Mon, 21 Sep 2015 09:02AM Nico Kadel-Garcia <nka...@gmail.com> wrote:
>
>> RHEL's decision to use the incompatible "Heimdal" library for Kerberos make it a
>> lot more awkward to compile with directory controller support, which is partly
>> why I maintain my build.
>

> I'm not writing about the main topic of "Sernet ... no longer free", but your
> above statement caught my eye.
>
> Why do you say that the Heimdal library for Kerberos is incompatible?

nobody knows because the opposite is true
https://wiki.samba.org/index.php/MIT_Build#Kerberos_Issues

[Mark Foley]

On Mon, 21 Sep 2015 09:02AM Nico Kadel-Garcia <nka...@gmail.com> wrote:

> RHEL's decision to use the incompatible "Heimdal" library for Kerberos make it a
> lot more awkward to compile with directory controller support, which is partly
> why I maintain my build.

I'm not writing about the main topic of "Sernet ... no longer free", but your
above statement caught my eye.

Why do you say that the Heimdal library for Kerberos is incompatible? According
to this link:
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Testing_KerberosSamba4

Samba4 ships with the Heimal. That link says,

"Please note that you do not need to install or configure any other Kerberos KDC
for Samba to work. Samba includes a AD-compatible KDC, currently based on an
included copy of the Heimdal project."

What incompatabilities are you talking about. Please respond as I am having
trouble getting Dovecot to NTLM authenticate with Samba4 and this could be part
of the explanation.

Thanks --Mark

[Luca Olivetti]

El 21/09/15 a les 08:21, L.P.H. van Belle ha escrit:

> I stay a while longer on 4.2 and see what happens here, because this change will impact the support here i think.

Well, they're not the only providers of pre-packaged samba, there's also
https://en.opensuse.org/Samba

It's missing debs but many rpm based distributions are covered.
Funny that I decided to try ubuntu because it had sernet packages for
samba available, it's not in production though, so maybe this is an
occasion to try opensuse ;-)


Bye
--
Luca Olivetti
Wetron Automation Technology http://www.wetron.es/
Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007

[buhorojo]

On 21/09/15 19:10, Luca Olivetti wrote:
> El 21/09/15 a les 08:21, L.P.H. van Belle ha escrit:
>
>> I stay a while longer on 4.2 and see what happens here, because this
>> change will impact the support here i think.
>
>
> Well, they're not the only providers of pre-packaged samba, there's also
> https://en.opensuse.org/Samba

But opensuse and suse enterprise are a long way off AD.

[Luca Olivetti]

El 21/09/15 a les 19:37, buhorojo ha escrit:

> On 21/09/15 19:10, Luca Olivetti wrote:
>> El 21/09/15 a les 08:21, L.P.H. van Belle ha escrit:
>>
>>> I stay a while longer on 4.2 and see what happens here, because this
>>> change will impact the support here i think.
>>
>>
>> Well, they're not the only providers of pre-packaged samba, there's also
>> https://en.opensuse.org/Samba
> But opensuse and suse enterprise are a long way off AD.

Really?
It's a pity because they already have 4.3.0 packaged.
I'll have to download the source rpms and take a look.
BTW, they also provide packages for fedora and centos

Bye
--
Luca Olivetti
Wetron Automation Technology http://www.wetron.es/
Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007

[Markus Dellermann]

Am Montag, 21. September 2015, 19:10:34 schrieb Luca Olivetti:
> El 21/09/15 a les 08:21, L.P.H. van Belle ha escrit:
> > I stay a while longer on 4.2 and see what happens here, because this
> > change will impact the support here i think.
> Well, they're not the only providers of pre-packaged samba, there's also
> https://en.opensuse.org/Samba
>
> It's missing debs but many rpm based distributions are covered.
> Funny that I decided to try ubuntu because it had sernet packages for
> samba available, it's not in production though, so maybe this is an
> occasion to try opensuse ;-)
>
>
> Bye

The Packeges from opensuse-buildserver are working good for me.
But most of them came without ad-dc...

But maybe its possible, to build some "with_ad" as private project there...

(sorry, for bad english!)

Greetings

Markus

[Luca Olivetti]

El 21/09/15 a les 19:57, Luca Olivetti ha escrit:

> El 21/09/15 a les 19:37, buhorojo ha escrit:
>> On 21/09/15 19:10, Luca Olivetti wrote:
>>> El 21/09/15 a les 08:21, L.P.H. van Belle ha escrit:
>>>
>>>> I stay a while longer on 4.2 and see what happens here, because this
>>>> change will impact the support here i think.
>>>
>>>
>>> Well, they're not the only providers of pre-packaged samba, there's also
>>> https://en.opensuse.org/Samba
>> But opensuse and suse enterprise are a long way off AD.
>
> Really?
> It's a pity because they already have 4.3.0 packaged.
> I'll have to download the source rpms and take a look.

I just did and you are right: by default their packages are compiled
with --without-ad-dc.
In theory you could rebuild the srpm enabling ad functionality (there's
a with_dc global switch) but I guess it isn't very well tested.

[buhorojo]

On 21/09/15 19:57, Luca Olivetti wrote:
> El 21/09/15 a les 19:37, buhorojo ha escrit:
>> On 21/09/15 19:10, Luca Olivetti wrote:
>>> El 21/09/15 a les 08:21, L.P.H. van Belle ha escrit:
>>>
>>>> I stay a while longer on 4.2 and see what happens here, because this
>>>> change will impact the support here i think.
>>>
>>>
>>> Well, they're not the only providers of pre-packaged samba, there's
>>> also
>>> https://en.opensuse.org/Samba
>> But opensuse and suse enterprise are a long way off AD.
>
> Really?
> It's a pity because they already have 4.3.0 packaged.

It has only the NT domain and file server parts.

> I'll have to download the source rpms and take a look.
> BTW, they also provide packages for fedora and centos
>
> Bye


--

[buhorojo]

On 21/09/15 20:06, Luca Olivetti wrote:
> El 21/09/15 a les 19:57, Luca Olivetti ha escrit:
>> El 21/09/15 a les 19:37, buhorojo ha escrit:
>>> On 21/09/15 19:10, Luca Olivetti wrote:
>>>> El 21/09/15 a les 08:21, L.P.H. van Belle ha escrit:
>>>>
>>>>> I stay a while longer on 4.2 and see what happens here, because this
>>>>> change will impact the support here i think.
>>>>
>>>>
>>>> Well, they're not the only providers of pre-packaged samba, there's
>>>> also
>>>> https://en.opensuse.org/Samba
>>> But opensuse and suse enterprise are a long way off AD.
>>
>> Really?
>> It's a pity because they already have 4.3.0 packaged.
>> I'll have to download the source rpms and take a look.
>
> I just did and you are right: by default their packages are compiled
> with --without-ad-dc.
> In theory you could rebuild the srpm enabling ad functionality
> (there's a with_dc global switch) but I guess it isn't very well tested.
>
> Bye

Unless you're ok with systemd, it's best to build it yourself. It works
fine on opensuse 13.2 built against the MIT libraries.
HTH

[Reindl Harald]

Am 21.09.2015 um 20:17 schrieb buhorojo:
> On 21/09/15 20:06, Luca Olivetti wrote:
>> I just did and you are right: by default their packages are compiled
>> with --without-ad-dc.
>> In theory you could rebuild the srpm enabling ad functionality
>> (there's a with_dc global switch) but I guess it isn't very well tested.
>>

> Unless you're ok with systemd, it's best to build it yourself. It works
> fine on opensuse 13.2 built against the MIT libraries

i doubt the part with MIT
https://wiki.samba.org/index.php/MIT_Build#Kerberos_Issues

[Reindl Harald]

Am 21.09.2015 um 21:27 schrieb buhorojo:

> No. That's not what they're saying there. It builds fine:)

in my daily job "it builds - it works" is not enough.......

[buhorojo]

On 21/09/15 20:32, Reindl Harald wrote:
>
>

No. That's not what they're saying there. It builds fine:)

>
>

[Mark Foley]

Hmmm, your link: https://wiki.samba.org/index.php/MIT_Build#Kerberos_Issues
actually sounds pretty scarey:

"There are APIs that are unique to Heimdal and their usage breaks compilation
against MIT Kerberos.

"These cases, like use of Heimdal-specific configuration setup in
source4/auth/kerberos/kerberos.c, or ticket decoding, need to be solved by
wrapping the code into common helpers that are implementation dependent."

Does this seem like it could cause a problem with Dovecot trying to NTLM
authenticate? I get the error:

Sep 13 00:53:12 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth
Sep 13 00:53:12 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.168.0.58, lip=98.102.63.107, session=<2PnkuZkfqADAqAA6>

Dovecot is a standalone executable and was compiled on my Samba4 platform. I
know you likely know little about Dovecot, just wondering if the Kerberos thing
could be a cause of the problem.

--Mark

-----Original Message-----
> To: sa...@lists.samba.org
> From: Reindl Harald <h.re...@thelounge.net>
> Date: Mon, 21 Sep 2015 17:54:19 +0200
> Subject: Re: [Samba] Sernet 4.3.X package is no longer free :/
>

[buhorojo]

Then don't use suse linux enterprise edition. Easy!

[Luca Olivetti]

El 21/09/15 a les 20:17, buhorojo ha escrit:

> Unless you're ok with systemd, it's best to build it yourself. It works
> fine on opensuse 13.2 built against the MIT libraries.

Do you mean,build it from the tarball or rebuild the rpm --with dc?
If the former, that's precisely what I'd like to avoid (besides, that
should work just as well with any other recent distribution of Linux,
shouldn't it?)

The latter (building my own rpms, which I've been doing for quite some
years), while not optimal, at least would give me the advantage of
package management.

Bye
--
Luca Olivetti
Wetron Automation Technology http://www.wetron.es/
Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007

[Peter Grotz - Obel und Partner GbR]

Hi,
it´s another company which trys to make a lot of money from open source like red hat and SuSE. It´s scabby in my opinion to take that much money.
Obviously sernet is going to become another only commercial orientated company an betraying the ideas of open source. Possibly their old business model brings not enough income...
Only my 2-cent.

Peter

-----Ursprüngliche Nachricht-----
Von: MORILLO Jordi [mailto:J.Mo...@educationetformation.fr]
Gesendet: Sonntag, 20. September 2015 19:24
An: sa...@lists.samba.org
Betreff: [Samba] Sernet 4.3.X package is no longer free :/

Hi Everybody,

I was expecting samba 4.3 .deb package from Sernet but surprise, branch 4.3 and futur will not be free.

Starting with Samba 4.3 SerNet made some changes to its popular packages, formerly known as EnterpriseSAMBA. They are now published as SAMBA+ for Samba 4.3 and all later versions and are available at our SAMBA+ shop<https://shop.samba.plus/> at https://shop.samba.plus<https://shop.samba.plus/> as software subscription per server and per year.

345.10€ for 1 server / 1 year

We are a small charity association with lots of small sites, so lots of samba server...
I don't think that we can pay Sernet. Time to compile i think :-)

What do you think about Sernet prices ?

[Rowland Penny]

On 22/09/15 09:06, Peter Grotz - Obel und Partner GbR wrote:
> Hi,
> it´s another company which trys to make a lot of money from open source like red hat and SuSE. It´s scabby in my opinion to take that much money.
> Obviously sernet is going to become another only commercial orientated company an betraying the ideas of open source. Possibly their old business model brings not enough income...
> Only my 2-cent.
>

Oh dear, somebody else who hasn't done their research, he obviously
doesn't know of the tie in between Samba and Sernet.

Rowland

[Andrew Bartlett]

To be really clear, the biggest thing the Heimdal libs are incompatible
with is distributions policies. In particular, the major enterprise
distributions, RedHat and SuSE are members of the MIT Consortium, to
support the development of that platform, and do not wish to build,
support and inevitably also develop a SECOND Kerberos and GSSAPI
platform.

Putting policy aside, deployed on it's own, I've seen no issues running
Samba on systems built otherwise with MIT Kerberos.

The use of library and symbol versions has generally prevented these
issues from coming up.

Even at build time, provided we maintain the correct internal
dependencies, we will select the correct gssapi and krb5 headers.

Things get more difficult if the thing you want from Samba is a support
library for FreeIPA, a system build totally around MIT Kerberos.

There are good reasons why we will be moving to MIT Kerberos, mostly
related to the lack of timely releases from the Heimdal project, and
the desire to make that integration with FreeIPA easier, but in the
meantime, there is nothing to fear about our current state for running
an AD DC.

I agree that some rough edges like DIR: support are annoying, but these
won't impact on the ability to run an AD DC.

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba

[mathias dufresne]

Hi Rowland,

For lazy (or over booked if bosses are around) people as me, could you
provide some link to help us to better understand how close they are?

Cheers,

mathias

[Andrew Bartlett]

On Mon, 2015-09-21 at 21:15 -0400, Mark Foley wrote:
> Hmmm, your link:
> https://wiki.samba.org/index.php/MIT_Build#Kerberos_Issues
> actually sounds pretty scarey:
>
> "There are APIs that are unique to Heimdal and their usage breaks
> compilation
> against MIT Kerberos.
>
> "These cases, like use of Heimdal-specific configuration setup in
> source4/auth/kerberos/kerberos.c, or ticket decoding, need to be
> solved by
> wrapping the code into common helpers that are implementation
> dependent."
>
> Does this seem like it could cause a problem with Dovecot trying to
> NTLM
> authenticate? I get the error:

It is unlikely, as Dovecot isn't compiled against Samba components, as
far as I know.

What it does mean is that in that file, some parts are now under #ifdef
and used only when building against Heimdal.

It means what everybody involved in the Kerberos porting dev work
knows, that switching between the Kerberos libraries is hard work, and
that a 1-to-1 match isn't possible in all places. That is why the MIT
build project isn't finished, and why it will continue to take
considerable efforts.

I realise this makes the hope of distribution packages of the AD DC
from Red Hat or SuSE a long way off, but that is the reality of the
firm positions taken.

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba

[Rowland Penny]

Hi Andrew, thanks for setting out the state of kerberos and Samba, I had
a look at the wikipage and noticed it was written nearly three and half
years ago by yourself and, except for minor updates, has never really
been updated. As you seem to understand what is going on with kerberos,
could I ask you to check the page over and update it as needed.

Thanks

Rowland

[Reindl Harald]

Am 22.09.2015 um 10:06 schrieb Peter Grotz - Obel und Partner GbR:
> Hi,
> it´s another company which trys to make a lot of money from open source like red hat and SuSE. It´s scabby in my opinion to take that much money.
> Obviously sernet is going to become another only commercial orientated company an betraying the ideas of open source. Possibly their old business model brings not enough income...
> Only my 2-cent.

"betraying the ideas of open source" - who do you think you are (and no
i have no connection to sernet) - they are doing work and expect to get
paied for that work and support - you don't want to pay

well, then do the work at your own

*nobody* betrays anything, *you* just don't understand opensource

[Andrew Bartlett]

On Mon, 2015-09-21 at 10:58 +0200, mathias dufresne wrote:
> Mailing lists often don't like manually compiled software, too much
> different choices to try to reproduce errors.

G'Day,

I would like to make clear that as a developer, I'm generally not very
interested in how your Samba install was compiled or built - the
details that matter are almost always unrelated to that. The smbd
binary has a great flag (-b) to let us know most of the details about
how it was built, if we need to work that out.

Indeed, I will often ask our users having issues to rebuild with -
-enable-developer, so we can get a backtrace, so in some ways a source
build is easier - but on the flip side a source build won't auto-update
when we have a security issue, so we generally suggest a maintained
package.

I hope this clarifies things.

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba

[Andrew Bartlett]

Extra assistance as part of the team packaging (and then backporting)
Samba for debian would be most welcome. Samba is a big package, and it
needs a lot of help.

https://tracker.debian.org/pkg/samba

Thanks,

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba

[Reindl Harald]

Am 22.09.2015 um 07:44 schrieb buhorojo:
> On 21/09/15 21:32, Reindl Harald wrote:
>>>>> Unless you're ok with systemd, it's best to build it yourself. It
>>>>> works
>>>>> fine on opensuse 13.2 built against the MIT libraries
>>>>
>>>> i doubt the part with MIT
>>>> https://wiki.samba.org/index.php/MIT_Build#Kerberos_Issues
>>>
>>> No. That's not what they're saying there. It builds fine:)
>>
>> in my daily job "it builds - it works" is not enough.......
>>
> Then don't use suse linux enterprise edition. Easy!

i don't but you didn't understand me

"It builds fine" with a smiley is *nothing* worth when we talk about
serious usecases for a server - it's easy to get a build from something,
fine, that says nothing about real world usage of the result

[schnagy]

Hi there,

not at all: As long as they don't begin to hold back fixes only for
their samba+ it is no problem. The price for commercial support is ok.
But I don't think they should go on and hold back their packages. Maybe
this will lead to less quality, because community testing is not to be
underestimated...

schnaggy:-)

[Rowland Penny]

On 22/09/15 10:01, mathias dufresne wrote:
> Hi Rowland,
>
> For lazy (or over booked if bosses are around) people as me, could you
> provide some link to help us to better understand how close they are?
>
> Cheers,
>
> mathias
>
> 2015-09-22 10:51 GMT+02:00 Rowland Penny <rowlandpe...@gmail.com>:
>
>> On 22/09/15 09:06, Peter Grotz - Obel und Partner GbR wrote:
>>
>>> Hi,
>>> it´s another company which trys to make a lot of money from open source
>>> like red hat and SuSE. It´s scabby in my opinion to take that much money.
>>> Obviously sernet is going to become another only commercial orientated
>>> company an betraying the ideas of open source. Possibly their old business
>>> model brings not enough income...
>>> Only my 2-cent.
>>>
>>>
>> Oh dear, somebody else who hasn't done their research, he obviously
>> doesn't know of the tie in between Samba and Sernet.
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>

From my understanding (which could be wrong, it has been known :-)
) a certain gentleman by the name of Volker Lendecke was a co-founder of
Sernet and do you know what, one of the Samba devs is called Volker.

https://www.sernet.de/en/sernet/

I also understand the computer this mailing list resides on is owned by

[Reindl Harald]

Am 22.09.2015 um 11:01 schrieb mathias dufresne:
> For lazy (or over booked if bosses are around) people as me, could you
> provide some link to help us to better understand how close they are?

Sernet pays a lot of the samba core-developers as a fulltime job and
people *really* should do their homework and inform themself before
taking words like "betraying" in their mouth

the same applies for Redhat and SuSE, they pay a lot of fulltime-jobs
for upstream developers in the whole Linux ecosystem and publish nearly
anything as free software

[Reindl Harald]

Am 22.09.2015 um 11:23 schrieb Rowland Penny:
> From my understanding (which could be wrong, it has been known :-) ) a
> certain gentleman by the name of Volker Lendecke was a co-founder of
> Sernet and do you know what, one of the Samba devs is called Volker.
>
> https://www.sernet.de/en/sernet/
>
> I also understand the computer this mailing list resides on is owned by
> Sernet.

https://www.samba.org/samba/team/

CTRL+F -> Sernet

[Andrew Bartlett]

To be clear, 'Ab' on the wiki is Alexander Bokovoy (currently with Red
Hat), not myself. That page is a planning document in support of the
effort primarily out of Red Hat to move Samba's AD DC to MIT Kerberos.

Additionally, we should be thankful to Red Hat, it is a major
undertaking, and would not be possible without that corporate support.

Thanks,

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba

[Rowland Penny]

On 22/09/15 10:28, Andrew Bartlett wrote:
> On Tue, 2015-09-22 at 10:14 +0100, Rowland Penny wrote:
>> On 22/09/15 09:56, Andrew Bartlett wrote:
>> Hi Andrew, thanks for setting out the state of kerberos and Samba, I
>> had
>> a look at the wikipage and noticed it was written nearly three and
>> half
>> years ago by yourself and, except for minor updates, has never really
>> been updated. As you seem to understand what is going on with
>> kerberos,
>> could I ask you to check the page over and update it as needed.
> To be clear, 'Ab' on the wiki is Alexander Bokovoy (currently with Red
> Hat), not myself. That page is a planning document in support of the
> effort primarily out of Red Hat to move Samba's AD DC to MIT Kerberos.
>
> Additionally, we should be thankful to Red Hat, it is a major
> undertaking, and would not be possible without that corporate support.
>
> Thanks,
>
> Andrew Bartlett
>

OOPS, sorry Andrew and yes, you are correct, we should be thankful to
Red Hat for some things.

Rowland

[Andrew Bartlett]

To be clear, what you are so worried about is just the same as what the
SerNet packages that everybody here is fretting about so much does:
builds against the internal copy of Heimdal in Samba.

Thanks,

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba

[Peter Grotz - Obel und Partner GbR]

Come on Rowland,

it´s obvious that not that much people build their own packages because they don´t have the necessary experience. But they want to help testing the new AD features that the samba team develops. Using Suse or RedHat AD is not really usable. So people take centos or debian or something similar to use these great work done by the samba team.
In my opinion the lack of a common test basis will outbrake community and in consequence the whole samba project.
I understand that sernet must be paid for their work in some kind of way but when you look at their prices: omg!!! A small company with let´s say 2 DCs an 2 fileserver must pay 1380€ per year?!
Come on Rowland! That way we can change for MS in the same way. That´s maybe cheaper... :( A lot of people might think that way.
Wheater this is good for the samba project I don’t know.

No harm meant!

Peter


-----Ursprüngliche Nachricht-----
Von: Rowland Penny [mailto:rowlandpe...@gmail.com]
Gesendet: Dienstag, 22. September 2015 10:52
An: sa...@lists.samba.org
Betreff: Re: [Samba] Sernet 4.3.X package is no longer free :/

[L.P.H. van Belle]

I totaly disagre with you on what prices MS uses and sernets..

What most people dont know, if you use a MS Server, and i'll take an example.

1 server.
10 computers
3 mobile phones
3 printers.


In this case you need
1) the server licence.
2) 6 device cals
3) 10 user or device cals, depending on how u use it.

Do the math, samba is still much cheaper.

In a ms situation, every device that accesses the windows computer needs
a CAL.
Read :
http://blogs.technet.com/b/volume-licensing/archive/2014/03/10/licensing-how-to-when-do-i-need-a-client-access-license-cal.aspx

so any device useing DNS of DHCP must have a CAL, and most people dont know this !

"Any direct or indirect access of Windows Server requires a CAL, except for anonymous access through the Internet. For example, the use of DNS—a service that helps route network traffic—requires the purchase of a Windows Server license and CALs to use and access this particular role in managing your organization’s domain names. Even with infrequent or occasional use, access of Windows Server DNS capabilities requires a CAL."

Read :
http://download.microsoft.com/download/6/8/9/68964284-864d-4a6d-aed9-f2c1f8f23e14/Assessing_Windows_Server_Licensing.docx


Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Peter Grotz -
> Obel und Partner GbR
> Verzonden: dinsdag 22 september 2015 12:24
> Aan: sa...@lists.samba.org
> Onderwerp: Re: [Samba] Sernet 4.3.X package is no longer free :/

[Rowland Penny]

On 22/09/15 11:24, Peter Grotz - Obel und Partner GbR wrote:
> Come on Rowland,
>
> it´s obvious that not that much people build their own packages because they don´t have the necessary experience. But they want to help testing the new AD features that the samba team develops. Using Suse or RedHat AD is not really usable. So people take centos or debian or something similar to use these great work done by the samba team.
> In my opinion the lack of a common test basis will outbrake community and in consequence the whole samba project.
> I understand that sernet must be paid for their work in some kind of way but when you look at their prices: omg!!! A small company with let´s say 2 DCs an 2 fileserver must pay 1380€ per year?!
> Come on Rowland! That way we can change for MS in the same way. That´s maybe cheaper... :( A lot of people might think that way.
> Wheater this is good for the samba project I don’t know.
>
> No harm meant!
>
> Peter
>
>
>

There is *nothing* stopping anybody building Samba themselves, all the
instructions are on the wiki. However, if you do build it yourself
following those instructions, everything will end up in
'/usr/local/samba'. Now this is not really a problem, it is just
different to what users normally expect, but it gives a definite base to
refer to on the wiki.

Sernet has taken a commercial decision, no company can work for nothing,
they must pay their workers and as it seems their revenue stream was
drying up (because Samba is getting better and better) they had to do
something. They chose to go down the paid for support line (I wonder how
much unpaid support they have done in the past ? ) and I for one cannot
blame them for doing this, I am sorry that I will not be able to access
the latest Samba versions, but I will work round this.

[Reindl Harald]

Am 22.09.2015 um 12:24 schrieb Peter Grotz - Obel und Partner GbR:
> it´s obvious that not that much people build their own packages because they don´t have the necessary experience. But they want to help testing the new AD features that the samba team develops. Using Suse or RedHat AD is not really usable. So people take centos or debian or something similar to use these great work done by the samba team.
> In my opinion the lack of a common test basis will outbrake community and in consequence the whole samba project.
> I understand that sernet must be paid for their work in some kind of way but when you look at their prices: omg!!! A small company with let´s say 2 DCs an 2 fileserver must pay 1380€ per year?!
> Come on Rowland! That way we can change for MS in the same way. That´s maybe cheaper... :( A lot of people might think that way.
> Wheater this is good for the samba project I don’t know.

besides that it not may be cheaper - CAL's where already mentioned:

if you have a serious problem and you are one or in a group of 100
ms-customers guess who cares to solve your problem instead saying "don't
do this and that because it's not supported"

in case of Sernet you talk with Samba core-developers which likely find
a solution for your problem, can backport this to the next minor update
(depending on the impact of changes) and yes with you money the free
samba code get a bugfix and a feature

guess what: the same way *you* get features and bug fixes where other
customers had they payment with their support contract and that's
typically called a win-win-situation you *never* achieve with microsoft

and even if it costs 20% more i would still prefer a small company where
i can talk with the developers directly instead a clueless support-monkey

[Niels Dettenbach]

Am Dienstag, 22. September 2015, 13:12:07 schrieb Reindl Harald:
> and even if it costs 20% more i would still prefer a small company where
> i can talk with the developers directly instead a clueless support-monkey

ACK

running a proper, working build including the required environment is
typically "the job" of a distributor from an "end users" viewpoint. If you
don't like "special" commercial builds from i.e. sernet and find not fit
enough to build your own from the sources, just avoid them and grab other ones
from other experts, distributors or companies. This is i.e. one reason why
(many) linux distributors exist...

just my two cents,


Niels.
--
---
Niels Dettenbach
Syndicat IT & Internet
http://www.syndicat.com
PGP: https://syndicat.com/pub_key.asc
---

[Steve Ankeny]

On 09/22/2015 05:28 AM, Andrew Bartlett wrote:
> On Tue, 2015-09-22 at 10:14 +0100, Rowland Penny wrote:
>> On 22/09/15 09:56, Andrew Bartlett wrote:
>> Hi Andrew, thanks for setting out the state of kerberos and Samba, I
>> had
>> a look at the wikipage and noticed it was written nearly three and
>> half
>> years ago by yourself and, except for minor updates, has never really
>> been updated. As you seem to understand what is going on with
>> kerberos,
>> could I ask you to check the page over and update it as needed.
> To be clear, 'Ab' on the wiki is Alexander Bokovoy (currently with Red
> Hat), not myself. That page is a planning document in support of the
> effort primarily out of Red Hat to move Samba's AD DC to MIT Kerberos.
>
> Additionally, we should be thankful to Red Hat, it is a major
> undertaking, and would not be possible without that corporate support.
>
> Thanks,
>
> Andrew Bartlett
>

I'm thinking the same thing.

We should be thankful to Sernet, RedHat, Suse and others for employing
Samba developers, and if and when our distro compiles a new package, it
will have been because of the work of these fellows (guys & gals)

And, the time people like Rowland, Andrew and others (too many to name
lest I forget one) spend helping endusers is another expense of time and
money that can be attributed to Sernet, RedHat, Suse, etc.

[Sven Schwedas]

On 2015-09-22 12:39, L.P.H. van Belle wrote:
> I totaly disagre with you on what prices MS uses and sernets..
>
> What most people dont know, if you use a MS Server, and i'll take an example.
>
> 1 server.
> 10 computers
> 3 mobile phones
> 3 printers.

Don't forget Wifi APs, routers, switches, … :-)

Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.s...@tao.at | +43 (0)680 301 7167
http://software.tao.at

[Sven Schwedas]

On 2015-09-22 12:24, Peter Grotz - Obel und Partner GbR wrote:
> Come on Rowland,
>
> it´s obvious that not that much people build their own packages because they don´t have the necessary experience. But they want to help testing the new AD features that the samba team develops. Using Suse or RedHat AD is not really usable. So people take centos or debian or something similar to use these great work done by the samba team.
> In my opinion the lack of a common test basis will outbrake community and in consequence the whole samba project.

I think you're overestimating the importance of the Sernet packages.
Most users are using the distribution packages and that won't change.

> I understand that sernet must be paid for their work in some kind of way but when you look at their prices: omg!!! A small company with let´s say 2 DCs an 2 fileserver must pay 1380€ per year?!

1160€, you're not paying MwSt on it… That's actually a fair price if it
includes commercial support.

> Come on Rowland! That way we can change for MS in the same way. That´s maybe cheaper... :( A lot of people might think that way.
> Wheater this is good for the samba project I don’t know.
>
> No harm meant!
>
> Peter
>
>
> -----Ursprüngliche Nachricht-----
> Von: Rowland Penny [mailto:rowlandpe...@gmail.com]
> Gesendet: Dienstag, 22. September 2015 10:52
> An: sa...@lists.samba.org
> Betreff: Re: [Samba] Sernet 4.3.X package is no longer free :/
>
> On 22/09/15 09:06, Peter Grotz - Obel und Partner GbR wrote:
>> Hi,
>> it´s another company which trys to make a lot of money from open source like red hat and SuSE. It´s scabby in my opinion to take that much money.
>> Obviously sernet is going to become another only commercial orientated company an betraying the ideas of open source. Possibly their old business model brings not enough income...
>> Only my 2-cent.
>>
>
> Oh dear, somebody else who hasn't done their research, he obviously doesn't know of the tie in between Samba and Sernet.
>
> Rowland
>
>
>
>
>

--

[buhorojo]

Grotz P

> A small company with let´s say 2 DCs an 2 fileserver must pay 1380€
> per year?!

2012R2 full version costs $800, so about the same for 2. You get AD, a
fileservers, dhcp, dns, a gui and someone on the ground if you really
can't work out where to click next. Competition indeed.

[MORILLO Jordi]

It's not comparable
Samba can also be compiled.
Just install dependency with yum or apt (see wiki) and juste ./configure && make && make install

It's free but Just take little more time. Don't have to be a Unix guru ;-)
The pain is for converting existing DC install from sernet to source. By default, path are not the same
________________________________
De : buhorojo<mailto:buhoro...@gmail.com>
Envoyé : ‎22/‎09/‎2015 18:00
À : sa...@lists.samba.org<mailto:sa...@lists.samba.org>
Objet : Re: [Samba] Sernet 4.3.X package is no longer free :/

[oeh univie edv lists]

Hey,

>it´s obvious that not that much people build their own packages because
they don´t have the necessary experience.

that would definitely be me. I struggle enough as a newbie and the idea of
compiling and error solving afterwards makes me feel VERY uneasy... also I
wouldn't know how to deal with no automatic updates...

Before I read this thread, I wanted to install sernet samba because then I
could have applied easily what I learned. (That's what I read:
http://www.kania-online.de/fachbuecher/samba-4/ )

Now I still I have no clue if I have to build from source or if I just can
install the samba 4.1.17 package that comes with debian jessie. My
environment should be as simple as possible, just 2 ADs, 1 file server,
one backup machine, user logins, profiles that write back from clients to
the server, home directories, quota, some shares, some network printers.
maybe later on, but only if pressure exists from employees: VPN.

So am I on the safe side to just install 4.1.17 or should I consider
building from source? Can I have all the features I mentioned? Should I be
concerned about security because I use 4.1.17 and not the newest (sernet)?
If I have to build from source, please mention why, maybe I could avoid a
feature to not have to compile...

This setup is for a non-profit organisation... The decision to change to
debian was costly-based (so hard to argue now to buy something except the
hardware (please don't open another if it's fair or not discussion. thank
you))....

Also sernet 4.3 doesn't seem to be for jessie
https://shop.samba.plus/samba-/273/samba-1-jahr ... I could install free
sernet 4.2 but then I would have to pay when I need updates....

Ah and another question: Can I still use the install guide from
http://www.kania-online.de/fachbuecher/samba-4/ that was written for 4.1
sernet samba or should I use something else because 4.1 sernet samba and
4.1 debian packaged samba differ a lot?

Hope there are other newbies like me that may profit from your answers to
my stupid questions.... (about the stupid: but I also think access to
information should be low-threshold - not just dialogues between
developers... to be honest: sometimes I have a hard time understanding
what some of you say)

birgit

[Robert Moskowitz]

I am in a condry as well. I have spent a lot of time learning about AD
and using Sernet. Do I continue? In large measure, I can stay with the
free 4.2 I am using and learn more about AD over the next couple years.

Or I can use the Centos 4.1 and just go with a PDC yet again.

With all the Holidays at this time of year, I won't be doing much
testing anyway.

[oeh univie edv lists]

hey,

I don't know about centos.... but samba 4.1 in debian jessie should
support AD DCs....

kind regards, birgit

Robert Moskowitz <r...@htt-consult.com> schreibt:

[Rowland Penny]

On 22/09/15 19:27, oeh univie edv lists wrote:
> hey,
>
> I don't know about centos.... but samba 4.1 in debian jessie should
> support AD DCs....
>
> kind regards, birgit
>
>

This would get you 4.1.17 at the moment, whilst using the last freely
available Sernet package will get 4.2.4.

If you compile Samba yourself, will get you 4.3.0

Rowland

[Rowland Penny]

I would stick with Sernet for testing purposes, but when you go to
production, I would compile Samba yourself, this way you can upgrade if
so required. Everything will work just like the Sernet packages, all
that will happen is the binaries etc will be in a different place. All
the info on how to compile samba is on the Samba wiki and if in doubt,
ask here.

Rowland

[Guilherme Boing]

I've been running 4.3.0 on CentOS as AD DC and I've had no problems so far.
Also upgraded from 4.2.3 to 4.3.0 using the tarball and everything went ok.

[Rowland Penny]

On 22/09/15 19:49, Guilherme Boing wrote:
> I've been running 4.3.0 on CentOS as AD DC and I've had no problems so far.
> Also upgraded from 4.2.3 to 4.3.0 using the tarball and everything went ok.
>

This is what I have been trying to get across, there is no need to run
around like headless chickens, just because the Sernet packages are no
longer freely available. The same code that they contain is still
available, *all* of it, not just bits without the required good bits,
you just have to compile it yourself.

Rowland

[John Gardeniers]

I've been following this thread with a degree of interest and it's
fascinating to see the various points of view being thrown about. I
personally believe the truth lies somewhere near that line that is
clearly dividing people into two opposing camps.

So, playing Devil's advocate: I find it hard not to see some plan behind
the fact that the Samba AD component is not available from the major
distros. Sorry, but I can't help feeling this is part of Sernet's plan
to start charging what really is an exorbitant price for their packages.
I haven't tried to do so yet (but it's probably the way we will go
forward) but if building the packages and achieving production quality
results really is as easy as some are claiming, why has that not been
done for the major distros?

For those comparing the prices to those of Microsoft, please remember
that this is an annual cost with Sernet but a one-off for Microsoft,
making the examples I've seen people using quite nonsensical. In other
words, for those who are choosing Samba purely for cost reasons you will
be financially better off staying with Windows. However, for many that
is neither the main nor the only reason to use Samba. Regardless, we
each make that decision based on our own criteria and nobody else needs
to hear anyone bitch about it.

Can we please drop this topic, which has become a massive waste of
bandwidth and serves no real purpose.

regards,
John

[Rowland Penny]

On 22/09/15 23:11, John Gardeniers wrote:
> I've been following this thread with a degree of interest and it's
> fascinating to see the various points of view being thrown about. I
> personally believe the truth lies somewhere near that line that is
> clearly dividing people into two opposing camps.

No, the truth is that Sernet can no longer afford to provide the Samba
packages for free, someone has to pay for them, but the number of people
downloading them for free, outweighs the people buying support packages.

>
> So, playing Devil's advocate: I find it hard not to see some plan
> behind the fact that the Samba AD component is not available from the
> major distros. Sorry, but I can't help feeling this is part of
> Sernet's plan to start charging what really is an exorbitant price for
> their packages.

What?? the problem (if you can call it a problem) is that the rpm
distros want to use the kerberos they use for everything else (a not
unusual thing to do) but Samba uses heimdal instead, this is the reason
that you cannot get AD DC packages for those distros. Debian had a
similar problem, but they tried to use their distro heimdal kerberos and
it wasn't the same version that Samba uses and this lead to problems, by
the time this was sorted out, Jessie was frozen and so you can only get
4.1.17 for stable Debian releases. Sernet had nothing to do with any of
this!

> I haven't tried to do so yet (but it's probably the way we will go
> forward) but if building the packages and achieving production quality
> results really is as easy as some are claiming, why has that not been
> done for the major distros?
>

It is easy to build Samba, but it means using the Samba supplied
versions of things like kerberos etc and it all ends up in
/usr/local/samba, as for why the distros do not supply uptodate
packages, see above, there is nothing sinister in it at all, it is just
either bad luck or a sheer lack of enough hours in the day.

> For those comparing the prices to those of Microsoft, please remember
> that this is an annual cost with Sernet but a one-off for Microsoft,
> making the examples I've seen people using quite nonsensical. In other
> words, for those who are choosing Samba purely for cost reasons you
> will be financially better off staying with Windows. However, for many
> that is neither the main nor the only reason to use Samba. Regardless,
> we each make that decision based on our own criteria and nobody else
> needs to hear anyone bitch about it.

>
> Can we please drop this topic, which has become a massive waste of
> bandwidth and serves no real purpose.
>

In this we do agree, this topic should come to an end, it serves no
purpose at all, except to moan about the fact the packages will no
longer be freely available.

Rowland

[Miguel Medalha]

>
> No, the truth is that Sernet can no longer afford to provide the Samba
> packages for free, someone has to pay for them, but the number of people
> downloading them for free, outweighs the people buying support packages.
>

Why doesn't Sernet charge a fee per download? Wouldn't thousands of
downloads provide reasonable financial support?
I don't know how many downloads there are per version, are they enough for
this?

[Mark Foley]

On Tue, 22 Sep 2015 23:51, Rowland Penny <rowlandpe...@gmail.com> wrote:

> I find it hard not to see some plan behind the fact that the Samba AD component
> is not available from the major distros.

Just my two-cents: I installed the out-of-the-box Samba 4.0 from the Slackware
64 14.1 distro (still considered a "major distro"?), and have since updated from
the Slackware repos to 4.1.17. The AD/DC bit ran perfectly from day-one, no
problems at all. This server does quite a lot. It is working as a replacement
for SBS 2008 and does "Windows Authentication" for all office WIN7 workstations,
redirected folders, remote desktop login, mail using Outlook/IMAP/Dovecot, DNS,
DHCP, the Samba log lets me monitor rogue DHCP connections and failed AD login
attempts, and more! AD is managed via RSAT from a WIN7 workstation ... no
complaints or problems at all in the 8 months I've been running it live
production. I'm no guru; this was my first Samba4 AD/DC installation (after
abandoning a long and fruitless attempt to use OpenChange).

Support-wise, this maillist helped me solve a couple of minor problems. So far,
the vanilla "major distro" version works fine and I don't feel the need for paid
support, though I do favor the idea generally (and would like such for
Dovecot, btw!).

--Mark

[Andrew Bartlett]

On Tue, 2015-09-22 at 20:01 +0100, Rowland Penny wrote:
> On 22/09/15 19:49, Guilherme Boing wrote:
> > I've been running 4.3.0 on CentOS as AD DC and I've had no problems
> > so far.
> > Also upgraded from 4.2.3 to 4.3.0 using the tarball and everything
> > went ok.
> >
>
> This is what I have been trying to get across, there is no need to
> run
> around like headless chickens, just because the Sernet packages are
> no
> longer freely available. The same code that they contain is still
> available, *all* of it, not just bits without the required good bits,
>
> you just have to compile it yourself.

Even this isn't required. Samba is still shipped, including the AD DC,
in current releases of Ubuntu and Debian.  Those packages may not be as
current, but a source-based install will be out of date pretty soon as
well.
In my view, the SerNet packages got popular because there was a big gap
in the market:  
 - Ubuntu and Debian took ages to package Samba 4.0, because the
package needed to be rewritten due to the previous Samba4 and samba
packaging split. - Fedora and RHEL chose not to package the AD DC due to the Heimdal
issue discussed elsewhere in the thread. - Samba 4.2 was blocked in Debian pending a re-integration of Heimdal
(undoing the work to use the system Heimdal).
I applaud SerNet for their efforts in supporting Samba and just as I do
with all who both comply with the GPL and build a business on Samba,
wish them the very best with monetising the mind-share that they have
cultivated.  We will all watch with interest.
That said, I hope those conditions have past.  Samba 4.3 has been
packaged for Debian experimental, and with help that can move to
unstable, testing and backports as well as Unbutu.  
On the RHEL side of the fence, Nico posted his rebuild for RHEL earlier
in the thread: https://github.com/nkadel/samba4repo/
It would be great if even a fraction of the hand-wringing effort seen
here was applied to this and those packages!

Thanks,
Andrew Bartlett
--
Andrew Bartlett

https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba

[Sven Schwedas]

On 2015-09-23 00:11, John Gardeniers wrote:
> So, playing Devil's advocate: I find it hard not to see some plan behind
> the fact that the Samba AD component is not available from the major
> distros.

But it is available on Debian and its derivatives… If anything, *RedHat*
is scheming to push FreeIPA as a Linux-only alternative to pressure
their customers to get rid of Windows. :-)

[Stefan Kania]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 22.09.15 um 18:51 schrieb oeh univie edv lists:

> Hey,
>
>> it´s obvious that not that much people build their own packages
>> because
> they don´t have the necessary experience.
>
> that would definitely be me. I struggle enough as a newbie and the
> idea of compiling and error solving afterwards makes me feel VERY
> uneasy... also I wouldn't know how to deal with no automatic
> updates...
>
> Before I read this thread, I wanted to install sernet samba because
> then I could have applied easily what I learned. (That's what I
> read: http://www.kania-online.de/fachbuecher/samba-4/ )

Yes, it will up to version 4.2

- --
Stefan Kania



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iEYEARECAAYFAlYCUWAACgkQ2JOGcNAHDTb0cgCeM3mNs3DMeUcfbmBlX7w61r5O
voYAn3VvoNR593fjLCRwut9YwHxjGpex
=sUdg
-----END PGP SIGNATURE-----

[Reindl Harald]

Am 23.09.2015 um 04:34 schrieb Mark Foley:
> Support-wise, this maillist helped me solve a couple of minor problems. So far,
> the vanilla "major distro" version works fine and I don't feel the need for paid
> support, though I do favor the idea generally (and would like such for
> Dovecot, btw!)

here you go: http://www.dovecot.fi/services-and-solutions/

:-)

[Andrew Bartlett]

On Tue, 2015-09-22 at 23:51 +0100, Rowland Penny wrote:
> On 22/09/15 23:11, John Gardeniers wrote:

> >
> > So, playing Devil's advocate: I find it hard not to see some plan
> > behind the fact that the Samba AD component is not available from
> > the
> > major distros. Sorry, but I can't help feeling this is part of
> > Sernet's plan to start charging what really is an exorbitant price
> > for
> > their packages.
>
> What?? the problem (if you can call it a problem) is that the rpm
> distros want to use the kerberos they use for everything else (a not
> unusual thing to do) but Samba uses heimdal instead, this is the
> reason
> that you cannot get AD DC packages for those distros. Debian had a
> similar problem, but they tried to use their distro heimdal kerberos
> and
> it wasn't the same version that Samba uses and this lead to problems,
> by
> the time this was sorted out, Jessie was frozen and so you can only
> get
> 4.1.17 for stable Debian releases. Sernet had nothing to do with any
> of
> this!

Actually, Jessie froze before Samba 4.2 was released. We are hoping to
make more frequent Samba releases in the future, I hope that will make
this less of an issue. Your points regarding the Heimdal in Debian
situation are otherwise correct.

As background, debian has always shipped both Heimdal and MIT, so
linking Samba against the system Heimdal was a natural, if ultimately
doomed, extension of that.

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba

[Dario Lesca]

Il giorno mar, 22/09/2015 alle 16.24 +0000, MORILLO Jordi ha scritto:
> Samba can also be compiled.
> Just install dependency with yum or apt (see wiki) and juste
> ./configure && make && make install

I'm not a guru Linux, but my (stupid?) question is

If I compile on [RCF]e* samba from source follow the standard how to,
the binary result have the AD DC support?

If yes, why the [RCF]e* do not build the source in the same way?

Thanks for reply

--
Dario Lesca
(inviato dal mio Linux Fedora 22 con Gnome 3.16)

[Rowland Penny]

On 23/09/15 10:03, Dario Lesca wrote:
> Il giorno mar, 22/09/2015 alle 16.24 +0000, MORILLO Jordi ha scritto:
>> Samba can also be compiled.
>> Just install dependency with yum or apt (see wiki) and juste
>> ./configure && make && make install
> I'm not a guru Linux, but my (stupid?) question is
>
> If I compile on [RCF]e* samba from source follow the standard how to,
> the binary result have the AD DC support?
>
> If yes, why the [RCF]e* do not build the source in the same way?
>
> Thanks for reply
>

I think you mean Red Hat, yes, you can build Samba 4 on Red Hat distros
by following the wiki and you will be able to run an AD DC. Red Hat
distros do not build it this way, because they do not want to use the
heimdal kerberos included with Samba 4, they want to use MIT instead.

Rowland

[Dario Lesca]

Il giorno mer, 23/09/2015 alle 10.15 +0100, Rowland Penny ha scritto:
> I think you mean Red Hat, yes, you can build Samba 4 on Red Hat distros
> by following the wiki and you will be able to run an AD DC. Red Hat
> distros do not build it this way, because they do not want to use the
> heimdal kerberos included with Samba 4, they want to use MIT instead.
>

Thank Rowland.

Then if I grab the official .src package, change appropriately[1] the
.spec an rebuild it, I get a package within the AD DC support and the
eventually security redhat patch, that I can use with yum localinstall
or localupdate?

[1] What, and how, do I change into .spec?

Many thanks

--
Dario Lesca
(inviato dal mio Linux Fedora 22 con Gnome 3.16)

[Rowland Penny]

On 23/09/15 10:36, Dario Lesca wrote:
> Il giorno mer, 23/09/2015 alle 10.15 +0100, Rowland Penny ha scritto:
>> I think you mean Red Hat, yes, you can build Samba 4 on Red Hat distros
>> by following the wiki and you will be able to run an AD DC. Red Hat
>> distros do not build it this way, because they do not want to use the
>> heimdal kerberos included with Samba 4, they want to use MIT instead.
>>
> Thank Rowland.
>
> Then if I grab the official .src package, change appropriately[1] the
> .spec an rebuild it, I get a package within the AD DC support and the
> eventually security redhat patch, that I can use with yum localinstall
> or localupdate?
>
> [1] What, and how, do I change into .spec?
>
> Many thanks
>

Ah, I don't think this work, if it was that easy, Red Hat would do it :-)

If you read what I posted again, you will see that I said 'by following
the wiki', by this I meant, start here:

https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller

When you have finished, everything will be in /usr/local/samba

Rowland

[mathias dufresne]

Hi Birgit,

The point is "which features do you need?" and "in what version would you
find all these features?"

If you have all features you want in 4.1.17, just go with it.

Chhers :)

2015-09-22 18:51 GMT+02:00 oeh univie edv lists <edv-...@oeh.univie.ac.at>
:

[mathias dufresne]

2015-09-22 18:24 GMT+02:00 MORILLO Jordi <J.Mo...@educationetformation.fr>
:

> It's not comparable
> Samba can also be compiled.
> Just install dependency with yum or apt (see wiki) and juste ./configure
> && make && make install
>

Never just perform ./configure && make && make install.
Never.

Always do first:
./configure --help
Then read.

Then think.

Most of times, re-read.

Then you would run the configure script associated with chosen options.

Then you check what the script told you, dev put colorrs in logs, thanks to
them.

Sometimes you would have to install missing stuff on system side to satisfy
automagical dependencies.

Then re-run the script. Re-check,

You are finally happy? Now you can run make && make install.

> It's free but Just take little more time. Don't have to be a Unix guru ;-)
> The pain is for converting existing DC install from sernet to source. By
> default, path are not the same
>

If you really did read configuration options proposed by this configure
script, there is absolutely no pain switching from sernet version to a
compiled one (hint: --enable-fhs).

Sorry about that but "./configure && make && make install" is not viable to
obtain what you expected. It is the way to obtain the default binaries
(which options?) in the default place (/usr/local but how things are
organized in that folder?).

[Rowland Penny]

On 23/09/15 13:09, mathias dufresne wrote:
> 2015-09-22 18:24 GMT+02:00 MORILLO Jordi <J.Mo...@educationetformation.fr>
> :
>
>> It's not comparable
>> Samba can also be compiled.
>> Just install dependency with yum or apt (see wiki) and juste ./configure
>> && make && make install
>>
> Never just perform ./configure && make && make install.
> Never.

Why not ? it will put all the files in the place that the wiki expects
them to be.

>
> Always do first:
> ./configure --help
> Then read.
>
> Then think.
>
> Most of times, re-read.
>
> Then you would run the configure script associated with chosen options.

What options would you want to change ? with the defaults you will get
samba installed to /usr/local/samba and you can then use the
installation to run samba however you like.

> Then you check what the script told you, dev put colorrs in logs, thanks to
> them.

Pardon? could you write that again, but in English

>
> Sometimes you would have to install missing stuff on system side to satisfy
> automagical dependencies.

If you install what the wiki tells you to, you shouldn't have to install
anything else.

>
> Then re-run the script. Re-check,
>
> You are finally happy? Now you can run make && make install.
>
>
>> It's free but Just take little more time. Don't have to be a Unix guru ;-)
>> The pain is for converting existing DC install from sernet to source. By
>> default, path are not the same
>>
> If you really did read configuration options proposed by this configure
> script, there is absolutely no pain switching from sernet version to a
> compiled one (hint: --enable-fhs).

I don't think '--enable-fhs' is enough

>
> Sorry about that but "./configure && make && make install" is not viable to
> obtain what you expected. It is the way to obtain the default binaries
> (which options?) in the default place (/usr/local but how things are
> organized in that folder?).
>

They are organised as expected by the wiki, but why does it matter how
they are organised as long as the binaries know where things are.

Rowland

[mathias dufresne]

2015-09-23 14:28 GMT+02:00 Rowland Penny <rowlandpe...@gmail.com>:

> On 23/09/15 13:09, mathias dufresne wrote:
>
>> 2015-09-22 18:24 GMT+02:00 MORILLO Jordi <
>> J.Mo...@educationetformation.fr>
>> :
>>
>> It's not comparable
>>> Samba can also be compiled.
>>> Just install dependency with yum or apt (see wiki) and juste ./configure
>>> && make && make install
>>>
>>> Never just perform ./configure && make && make install.
>> Never.
>>
>
> Why not ? it will put all the files in the place that the wiki expects
> them to be.

Mainly because a configure script is to configure the resultant binaries.
If you waste time in compilation at least you should take time to check
what the product offers you.

Here the discussion is about replacing Samba from Sernet by compiled Samba
and in that discussion there was : "The pain is for converting existing DC

install from sernet to source."

Proceeding to ./configure --help and taking time to read it there is:
" Samba-specific directory layout:
--enable-fhs
Use FHS-compliant paths (default no)
You should consider using this together with:
--prefix=/usr --sysconfdir=/etc --localstatedir=/var
"
Which makes compiled Samba looking like a Sernet Samba (almost, in some
other mail you told me some paths should also be added). And no pain
switching from Sernet.


In some other thread some user who compiled its Samba add only one switch
to its configure script: --with-acl-support.
You, Rowland, made the remark that switch by default :
./configure --help | grep acl -A1
--with-acl-support
Build with acl-support support (default=yes)
...

That's why I really think ./configure && make && make install is NOT
advisable.

>
>
>
>> Always do first:
>> ./configure --help
>> Then read.
>>
>> Then think.
>>
>> Most of times, re-read.
>>
>> Then you would run the configure script associated with chosen options.
>>
>
> What options would you want to change ? with the defaults you will get
> samba installed to /usr/local/samba and you can then use the installation
> to run samba however you like.

What Samba do you obtain by default? Is it the one all of us need? What
about automagically added dependencies?
On the Centos7 I have to use I had to install pam-devel and xfsprogs-devel
for ./configure stop complaining too much and compile stuffs related to pam
and xfs. Don't ask me what are these added these features exactly and I'm
almost certain I didn't played with these added features.
But the point is as I took time to check what is proposed in configure
script's help, I do know for a compiled version of Samba4 some features
about XFS and PAM can be missing because of the lack of these two headers
rpms.

>
>
> Then you check what the script told you, dev put colorrs in logs, thanks to
>> them.
>>
>
> Pardon? could you write that again, but in English

Then you check what the script told you -> check the script's logs.
dev put colorrs in logs -> Samba Team developers added colors in configure
script's logs to help us to see issues.
thanks to them -> really, thank you :)

>
>
>
>> Sometimes you would have to install missing stuff on system side to
>> satisfy
>> automagical dependencies.
>>
>
> If you install what the wiki tells you to, you shouldn't have to install
> anything else.

Were missing on my system:
pycrypto for trust relationship on my Centos 7 (a "master" from the company
I work with, could be present by default in others Centos 7, no idea)
pam-devel -> see earlier
xfsprogs-devel -> idem

>
>
>
>> Then re-run the script. Re-check,
>>
>> You are finally happy? Now you can run make && make install.
>>
>>
>> It's free but Just take little more time. Don't have to be a Unix guru ;-)
>>> The pain is for converting existing DC install from sernet to source. By
>>> default, path are not the same
>>>
>>> If you really did read configuration options proposed by this configure
>> script, there is absolutely no pain switching from sernet version to a
>> compiled one (hint: --enable-fhs).
>>
>
> I don't think '--enable-fhs' is enough

Just a hint, the logs from --help tells:
Samba-specific directory layout:
--enable-fhs
Use FHS-compliant paths (default no)
You should consider using this together with:
--prefix=/usr --sysconfdir=/etc --localstatedir=/var

Then if someone search this list about --enable-fhs I spoke about that in
some thread and you replied to me adding some paths (and I'm sorry I didn't
compiled any version since, so I didn't tested what you gave me. But I
didn't forgot you gave these info :p)

>
>
>
>> Sorry about that but "./configure && make && make install" is not viable
>> to
>> obtain what you expected. It is the way to obtain the default binaries
>> (which options?) in the default place (/usr/local but how things are
>> organized in that folder?).
>>
>>
> They are organised as expected by the wiki, but why does it matter how
> they are organised as long as the binaries know where things are.

Stupid purist? Maniaco-depressive? Or just to avoid "The pain is for

converting existing DC install from sernet to source."

Cheers,

mathias

[Sonic]

On Wed, Sep 23, 2015 at 8:28 AM, Rowland Penny
<rowlandpe...@gmail.com> wrote:
>> Never just perform ./configure && make && make install.
>> Never.

> Why not ? it will put all the files in the place that the wiki expects them
> to be.

As for where a plain ./configure puts the file I prefer the
/usr/local/... installs for self-compiled products. I think it's a lot
cleaner then using the directories that under the surveillance of the
system's package manger. Makes for a much cleaner environment IMO.
However I do like to customize (add or subtract - usually it's
subtraction) the needed feature set for the particular installation
(but not specifically necessary). I usually create a file via
"./configure --help > cfg.txt" to keep in view while doing the initial
configure. Note that previous configure options are available in
"<src>/bin/config.log" to be readily reused after an update (git
pull).

Chris

[Sketch]

On Wed, 23 Sep 2015, Dario Lesca wrote:

> Then if I grab the official .src package, change appropriately[1] the
> .spec an rebuild it, I get a package within the AD DC support and the
> eventually security redhat patch, that I can use with yum localinstall
> or localupdate?

If you're happy with being stuck on 4.1 until RHEL8 comes out, you can
probably do that. Don't forget that the whole point of enterprise distros
(and debian stable) is stability. That means not upgrading software
unnecessarily. If the goal is just to have "supported" packages with DC
support, it should work fine. If you need new features, you're going to
have to roll your own or find someone who will provide it for you
(sernet/samba+).

> [1] What, and how, do I change into .spec?

I just took a look at this and you have to change

%global with_mitkrb5 1
%global with_dc 0

to

%global with_mitkrb5 0
%global with_dc 1

You probably also need to add "--without clustering" to your rpmbuild
command line.

If you build "--with testsuite" it would do the same thing as modifying
the spec file, but the testsuite fails the build for me. Modifying the
spec file did build successfully and generated samba-dc and samba-dc-libs
packages with a lot of files (including, suspiciously, a file which I
don't see in sernet called /usr/lib64/mit_samba.so). However, I didn't
test to see if the packages actually work.

If sernet stops updating 4.1, I might consider going this route in the
future, but I'll stick with sernet 4.1 for now.

[Dario Lesca]

Il giorno mer, 23/09/2015 alle 12.48 -0500, Sketch ha scritto:
> If you're happy with being stuck on 4.1 until RHEL8 comes out, you
> can probably do that.

Yes, I can wait, 4.1.x + RH security patch is good for me.

> > [1] What, and how, do I change into .spec?
>
>

> I just took a look at this and you have to change...

Many thank for info, I will try to rebuild.

bye

--
Dario Lesca
(inviato dal mio Linux Fedora 22 con Gnome 3.16)

[Andrew Bartlett]

On Wed, 2015-09-23 at 10:09 -0400, Sonic wrote:
> On Wed, Sep 23, 2015 at 8:28 AM, Rowland Penny
> <rowlandpe...@gmail.com> wrote:
> > > Never just perform ./configure && make && make install.
> > > Never.
>
> > Why not ? it will put all the files in the place that the wiki
> > expects them
> > to be.
>
> As for where a plain ./configure puts the file I prefer the
> /usr/local/... installs for self-compiled products. I think it's a
> lot
> cleaner then using the directories that under the surveillance of the
> system's package manger. Makes for a much cleaner environment IMO.

This point does need to be be made clear. It is vital for the later
sanity of the systems administrator not to simply overwrite package
-managed files with those built by Samba. Not only can then be easily
overwritten by another well-meaning package or update, a source upgrade
needs a little more care than just 'make install':

By putting the libs under /usr/local/samba or /opt, you can remove the
old binaries before installing new ones. This is both important and
required, and isn't practical when co-mingled in system paths.

This does matter, as for example, if we were to rename/withdraw a ldb
module, you would still have the old module, not overwritten by make
install, and (at best) Samba would fail to start.

While less critical, leaving libraries by old names around in system
paths after an upgrade is just asking for trouble.

Thanks,

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba

[Robert Moskowitz]

This seems to only be for RHEL6. Is there anything for RHEL7?

> It would be great if even a fraction of the hand-wringing effort seen
> here was applied to this and those packages!
> Thanks,
> Andrew Bartlett


--

[Mark Foley]

Reindl - thanks very much for your link, but I did email them 5 times over
nearly two weeks and heard nothing back. Finally I emailed Timo Sirainen
directly asking if there was anyone at the end of the email address and,
probably not coincidentally, I received an email from them shortly thereafter
asking,

thank you for your interest in the Dovecot Support.
Can you please provide the information how many mailboxes you have?

Best regards, Zita Sieber

I replied back "8" (which is true at the moment). This was last Tuesday the 22nd
and have heard nothing since. Perhaps they are laughing at my miniscule user
base. Although, hard to believe they don't want my money anyway.

--Mark

[oeh univie edv lists]

Hi Mathias,

If I'm going to install Samba 4.1.17 on Jessie 8

-) there are no concerns about security, right? (e.g. because some
important security fixes are maintained only in later versions)

-) Do I have to expect difficulties with upgrading when Jessie 9 and
probably newer Samba will appear? I followed the discussion here about
Heimdal problems. That's why I have this question if I'll run in any major
upgrade problems when I want to upgrade from 4.1.x (jessie 8) to 4.x
(jessie 9)?

>The point is "which features do you need?" and "in what version would you
>find all these features?"

-) How to find out about that? Ask here or read change logs? (links
welcome :-)

"features I need", pretty much those that Mark already wrote he uses
successfully with 4.1.17:
* Windows Authentication" for all office WIN7 workstations
* remote desktop logins (profiles that write back to server)
* DNS, LDAP, Kerberos that comes with Samba (in sernet all that is
included in 4.1. samba I read, so is it in 4.1. samba in debian as well?)
* don't need DHCP
* some basic monitoring for samba, e.g. failed AD logins attempts
* AD management via RSAT from a WIN7 workstation
* 2nd AD DC (so I have two of them in case one has a problem)
* additional file server (member server)
* all machines are debian 8.2
* network printing with CUPS
* quota restricted profiles
* quota restricted home directories
* quote restricted shares

Can I do that with 4.1.17?

-) Can I still use the install guide from

http://www.kania-online.de/fachbuecher/samba-4/ that was written for 4.1
sernet samba or should I use something else because 4.1 sernet samba and
4.1 debian packaged samba differ a lot?

kind regards, birgit


mathias dufresne <infra...@gmail.com> schreibt:

[mourik jan heupink]

Hi Birgit,

Most (i guess all) of the things you're asking about will work fine,
with 4.1.17 and more recent as well.

One thing will NOT work fine, as we are currently experiencing ourselves:

> * some basic monitoring for samba, e.g. failed AD logins attempts

The only monitoring that currently seems to be possible (someone PLEASE
correct us if we're wrong) is a log line like this:

> auth_check_password_recv: sam_ignoredomain authentication for user [DOMAIN\username] FAILED with error NT_STATUS_WRONG_PASSWORD

No context, nothing else... so NO ip address what machine the attempt
came from, no info about used ports, nothing else. I would REALLY like
to see SOME more info than just the above.

MJ

[MORILLO Jordi]

Hi Dirk,

I'm in discussion with Sernet. Their initial offers was 1 server, so i tell them that lots of people have 1 dc + 1 file server (best practice is to separate DC from print/file server).
They are now allowing 5 servers for 1 licence.
I'm actually talking about a very low cost licence for home/student/personnal use.
Wait and see :-)


-----Message d'origine-----
De : Dirk Laurenz [mailto:sa...@laurenz.ws]
Envoyé : lundi 5 octobre 2015 14:02
À : MORILLO Jordi <J.Mo...@educationetformation.fr>

Objet : Re: [Samba] Sernet 4.3.X package is no longer free :/

Hello everybody,

the prices are fair from my point of view as it is for 5 servers and 1 year and if you keep in mind how much efforts it takes to maintain and compile this packages. For example debian jessie has still samba 4.1.7 not 4.2. or even 4.3.
If choosen those sernet packages at home, as they where the most recent ones. more up to date, than any other distribution. what i would like is, to have those packages still for free for private use. Will there be a chance?

Regards, Dirk

Am 20.09.2015 um 19:24 schrieb MORILLO Jordi:
> Hi Everybody,
>
> I was expecting samba 4.3 .deb package from Sernet but surprise,
> branch 4.3 and futur will not be free.
>
> Starting with Samba 4.3 SerNet made some changes to its popular
> packages, formerly known as EnterpriseSAMBA. They are now published as
> SAMBA+ for Samba 4.3 and all later versions and are available at our
> SAMBA+ shop<https://shop.samba.plus/> at
> https://shop.samba.plus<https://shop.samba.plus/> as software
> subscription per server and per year.
>
> 345.10€ for 1 server / 1 year
>
> We are a small charity association with lots of small sites, so lots
> of samba server...
> I don't think that we can pay Sernet. Time to compile i think :-)
>
> What do you think about Sernet prices ?

[Mark Foley]

Maurik,

You are right. I am currently using 4.1.17 and have the same failed login
messages as you describe. There is, however, a bit more information further down
in the logfile:

[2015/10/07 16:51:24.076283, 2] authentication for user [HPRS/Administrator] FAILED with error NT_STATUS_WRONG_PASSWORD
auth_check_password_send: Checking password for unmapped user [HPRS]\[Administrator]@[ROVER]

This latter string (with no timestamp, making it hard to find/correlate) does
give the hostname of the offending computer, but not the IP. Yes, the IP would
be very useful. In this case ROVER is my personal laptop, but all it gives me is
the hostname. The IP would indicate if the miscreant was connecting from inside the
domain (probably OK), or outside the domain (probably very bad). An IP would
also give us a clue as to which IP[range] to firewall if needed.

--Mark

-----Original Message-----
> To: sa...@lists.samba.org

[mourik jan heupink]

Hi Mark, list,

On 10/08/2015 05:29 AM, Mark Foley wrote:
> Maurik,
>
> You are right. I am currently using 4.1.17 and have the same failed login
> messages as you describe. There is, however, a bit more information further down
> in the logfile:
>
> [2015/10/07 16:51:24.076283, 2] authentication for user [HPRS/Administrator] FAILED with error NT_STATUS_WRONG_PASSWORD
> auth_check_password_send: Checking password for unmapped user [HPRS]\[Administrator]@[ROVER]
>
> This latter string (with no timestamp, making it hard to find/correlate) does
> give the hostname of the offending computer, but not the IP. Yes, the IP would
> be very useful. In this case ROVER is my personal laptop, but all it gives me is
> the hostname. The IP would indicate if the miscreant was connecting from inside the
> domain (probably OK), or outside the domain (probably very bad). An IP would
> also give us a clue as to which IP[range] to firewall if needed.
>
> --Mark

Yes, agreed. However, for many of the failed logins I see
[username]@[(null)]

I'm guessing that a (null) hostname basically means that it was an ldap
authentication attempt, and not a regular windows pc logon. (interactive
logon, as microsoft seems to call it)

It would be nice if this kind of (in my opinion) vital info could be
logged in more useful way/format. Would not even be much work I guess,
but unfortunately I have no programming skills at all. :-(

Mourik Jan

[oeh univie edv lists]

hey Mark and Maurik,

I agree with you... to implement better logging would be great! (no
programming skills here neither)... i would also need to adapt my firewall
properly and to know the IP would be a good thing...

I got 4.1.17 running now and logins work perfectly well till now. Had no
time to check the logs till yet. Shares, home shares, profiles are still
to be implemented... kinda great work load at the moment...

kind regards,
birgit

mourik jan heupink <heu...@merit.unu.edu> schreibt: