Hey Everyone! I’m back 
Per our previous conversations, I have modified the installer and updated a lot of the scripting… I am still cleaning up the “echo”… But I wanted to thank everyone for your guidance and help in making a much better script than I had. I would be most appreciative if someone wanted to provide some feedback on this new installer. I also added a monitoring agent that compares the @System (local) repo to the upstream repo for samba versions and creates a notification to run a command to allow the system to update itself. I have tested this and it seems to work pretty nice. Any comments, suggestions, would be welcome. Or, if you want to give it a spin, feel free! GitHub - fumatchu/RADS: Rocky Active Directory Install Script to build Samba AD Servers
In samba.spec replace python3-pyasn1 with python38-pyasn1 >= 0.4.8 but it still won’t build, so in samba-4.18.6.tar.xz in wscript_configure_system_mitkrb5 change krb5_required_version = “1.19” to “1.18” otherwise it won’t even build on Rocky 9.3 or with updates from Index of /results/ligenix/enterprise-samba-AD-DC/epel-8-x86_64/03257261-krb5/
and use mock -r rocky+epel-8-x86_64
Great howto. Any news/eta on the samba-dc package request, would really be more trusted than the (problematic) self built one.
The problem with using MIT 1.18 is that it isn’t supported by Samba on the experimental versions 4.18.x , you should be using 1.20, better still, build with the builtin Heimdal.
Specfile %global required_mit_krb5 1.18
wscript_configure_system_mitkrb5 fails to correctly detect installed updates from Index of /results/ligenix/enterprise-samba-AD-DC/epel-8-x86_64/03257261-krb5/ even though krb5-config --version shows Kerberos 5 release 1.19.2
Removed --with-system-mitkrb5 from specfile but Heimdal build errored out.
Please advise. Thank you.
I briefly tested latest Razdc based on Rocky 8.9 with 4.14.14 samba built from source and it seems to work with default Kerberos 1.18.2.
The latest Samba version is 4.20.0 and it requires MIT 1.21, 4.14.14 is no longer supported by Samba and ANY Samba version that uses MIT is classed as experimental.
When I get chance I will try to build Samba on Rocky, but I am a bit busy at the moment.
OK, I have built Samba 4.20.0 in a fully updated Rocky Linux 8 VM. This was successful, but I only downloaded the tarball and ran ‘./configure’, ‘make’ and ‘make install’, so everything ended up in /usr/local/samba.
This meant that I didn’t build with MIT, the build used the built in Heimdal.
I also ran the bootstrap script that is in the bootstrap/generated-dists/centos8s/ directory found in the root of the unpacked tarball, this ensured all the required packages were installed.
Great, thanks. So this isn’t upstream then. One has to watch samba.org for new releases and rebuild when needed. Would still like to have missing packages built and released by Rocky.
New Samba versions are released every six months, 4.20.0 was released at the end of March, so 4.21.0 will be released approx end of August.
In between major releases there are other releases, for bug fixes, security etc. These are usually every six weeks and are for the last three versions, so this means that:
4.20.x will get all fixes
4.19.x will just get bug fixes and security fixes
4.18.x will just get security fixes
Any other older versions will not get any fixes directly from Samba and rely on distros backporting fixes.
The majority of work centres around Heimdal, though periodically MIT does get a mention, for this reason the use of MIT is still classed as experimental on a Samba AD DC.
All Samba releases are reported on the samba and samba-technical mailing lists.
I hope this helps