CentOS

I'm really confused about what is happening with Samba and CentOS 7.5. My understanding was that with the upgrade to Samba 4.7.1, Samba could compile with the MIT Kerberos libraries instead of Heimdall which would solve a host of challenges including finally getting support for Samba's Active Directory implementation on CentOS.

It appears that the tools for setting up Active Directory on CentOS are not included in 7.5. Is this correct or do I have to install additional packages?
The RHEL release notes are not clear on this point; is Samba finally compiled with MIT Kerberos and if yes, what advantages/new features does this give us?

My company is at a point that we only keep our Windows Server 2008 around to run Active Directory. AD is used to support Windows, Macs and Linux clients. To upgrade to Server 2019 seems to be a waste of time and money as we are not needing Windows servers for anything else (this is why we want to switch to Samba AD). Or maybe, is there now a better way to have one integrated identity management solution? We do not want to invest in a commercial package; been there done that

Any pointers (and opinions) on this subject would be welcome.

I installed the samba-dc package that is available and found the following message

MIT Kerberos 5 Support
=======================

Fedora is using MIT Kerberos implementation as its Kerberos infrastructure of
choice. The Samba build in Fedora is using MIT Kerberos implementation in order
to allow system-wide interoperability between both desktop and server
applications running on the same machine.

At the moment the Samba Active Directory Domain Controller implementation is
not available with MIT Kereberos. FreeIPA and Samba Team members are currently
working on Samba MIT Kerberos support as this is a requirement for a GNU/Linux
distribution integration of Samba AD DC features.

We have just finished migrating the file server and all client utilities to MIT
Kerberos. The result of this work is available in samba-* packages in Fedora.
We'll provide Samba AD DC functionality as soon as its support of MIT Kerberos
KDC will be ready.

In case of further questions do not hesitate to send your inquiries to
samba-owner@fedoraproject.org

Curious about the timeframe I sent a mail to the provided address and got the following response

There is no plan to enable DC build in RHEL 7.

You can always rebuild Samba yourself. There are known limitations for
MIT Kerberos based version of Samba AD DC and deployment tools are not
exactly ready for production use, so your mileage can vary.

I looks like we're out of luck unless we use an alternate package or build it ourselves.

Thank you marhag for looking into this! Obviously a huge disappointment.

Since everything is a matter of prioritization, some "education" to why this is important may be in order. Does anyone know how/where to raise awareness of this gap?