On Sat, Jul 22, 2023 at 5:09 PM Adam Williamson
<adamwill(a)fedoraproject.org> wrote:
On Sat, 2023-07-22 at 21:43 +0300, Alexander Bokovoy wrote:
> On Суб, 22 ліп 2023, Adam Williamson wrote:
> > On Sat, 2023-07-22 at 06:31 -0400, Neal Gompa wrote:
> > > >
> > > > What I intend after that is that we will be OK with releasing so
long
> > > > as the automated tests against Samba AD pass, but if anyone decides
to
> > > > manually test against Microsoft AD and finds a bug, that can
> > > > potentially be a blocker. But we will not block the release on
making
> > > > sure Microsoft AD has been tested.
> > > >
> > > > Does this sound like a decent solution to everyone? Thanks!
> > >
> > > Does that mean that we will also have tests for setting up and using
> > > Samba AD from Fedora? Because if we're going to block on client
> > > connectivity on Samba AD, I think we should also block on Samba AD
> > > from the server side too.
> >
> > It means we'll have a test, but as things stand, failures of it won't
> > be blocking, because "work as a Samba AD server" is not in the
> > criteria.
> >
> > You could, of course, propose a criterion change and we could debate
> > it, though I think that might be a bit of a stretch - we already block
> > on one domain server technology which is more in our ecosystem. Who's
> > going to be the "throat to choke" for Samba AD server functionality
if
> > it breaks?
>
> The same people who are responsible for 'FreeIPA server functionality if
> it breaks', for years.
>
> We chose to have FreeIPA and Samba AD with MIT Kerberos as our domain
> controller technologies in Fedora more than a decade ago, we committed
> to develop them through Samba and FreeIPA upstreams, we keep doing so.
> Please watch our talk at SambaXP'23: 'Samba AD / MIT Kerberos: path out
> of experimental'.
>
>
https://www.youtube.com/watch?v=0_cdYuIYw0o
>
> As I said, we already committed to this work for more than a decade ago
> in Fedora. We first announced productization of Samba AD DC with MIT
> Kerberos in Fedora 27 in 2017, this was a milestone which went into
> Fedora 27's release notes:
>
https://docs.fedoraproject.org/en-US/fedora/f27/release-notes/sysadmin/Do...
Thanks. I didn't realize it had that status.
If you team is happy to stand behind Samba AD in the same way it stands
behind FreeIPA, I'd have no problem at all with it being release-
blocking, if the WG wants to do that.
I think we'd be comfortable with that. The main issue right now is a
lack of official Fedora documentation for setting this up that we
could support it with.
To be honest, I'd hoped for a long time that Samba AD would become
part of the FreeIPA setup. Sadly, it hasn't so far. :(
--
真実はいつも一つ!/ Always, there's only one truth!