[19783] in Kerberos
samba/kerberos compile question on Mac OS X Server 10.2.6
daemon@ATHENA.MIT.EDU (satadru pramanik)
Sat Aug 9 16:43:08 2003
From: satadru pramanik <satadru@umich.edu>
To: kerberos@mit.edu
Message-Id: <1060458630.7720.5.camel@valjean>
Mime-Version: 1.0
Date: 09 Aug 2003 15:50:31 -0400
Content-Type: multipart/mixed; boundary="===============43516580462007148=="
Errors-To: kerberos-bounces@mit.edu
--===============43516580462007148==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="=-FrTx70PVTOATHQqlQ80Z"
--=-FrTx70PVTOATHQqlQ80Z
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
My apologies if this is the wrong forum for this question, but I have been =
asked to=20
relay this question to the kerberos list, having already contacted both the=
samba and UM macsig lists.
I'm trying to get samba compiled on mac os x server With active directory s=
upport. =20
Samba 3 with active directory will in theory let somebody authenticate thro=
ugh AD,=20
so users on machines connected to a samba 3 PDC could in theory login with=20
their Kerberos credentials. I am getting several kerberos related errors i=
n=20
getting samba to compile properly. One of the problems is that I'm not exa=
ctly sure
what version of kerberos is installed on mac os x server, nor if it is poss=
ible to upgrade
it. Any information you might have on recognizing and/or fixing this error=
would be appreciated.
I've managed to get samba 3_0 (still in late beta) to compile cleanly as=20
long as I disable AD, by passing the --disable-ads flag to ./configure.=20
While this has allowed me to get samba to act as a PDC that then=20
authenticates to the OpenLDAP server built-in to Mac OS X Server, it=20
doesn't achieve my goal of kerberized logins from windows with samba, and I=
=20
don't want to have to run my own Win{2k,2k3} server.
If anybody's compiled samba 3 on the mac successfully, would you mind=20
letting me know if you've gotten it to work properly, and how? Have any of=
=20
you tried Panther Server DP? Does it connect to AD successfully?
The word on the street is that Mac OS X Server Panther will have samba 3=20
installed (well, at least the samba source released with panther server DP=20
is from samba 3.0 alpha 22, but that's probably too early to have sound AD=20
support).
I'm compiling samba SAMBA_3_0 pulled just now from cvs on Mac OS X Server=20
(10.2.6) and I'm getting this error when compiling with ads:
libsmb/clikrb5.c:137: #error UNKNOWN_GET_ENCTYPES_FUNCTIONS
libsmb/clikrb5.c:121: illegal external declaration, missing `;' after
`__ERROR_XX_UNKNOWN_CREATE_KEY_FUNCTIONS'
libsmb/clikrb5.c:186: undefined type, found `krb5_krbhst_handle'
libsmb/clikrb5.c:187: undefined type, found `krb5_krbhst_info'
cpp-precomp: warning: errors during smart preprocessing, retrying in
basic mode
make: *** [libsmb/clikrb5.o] Error 1
Compiling with --disable-ads works fine. Is there anything I can do to
enable samba with ads on mac os x server?
Here's what I've done with the compilation:
cvs -d :pserver:cvs@pserver.samba.org:/cvsroot login
cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co -r SAMBA_3_0 samba
cd samba/source
(I've compiled & installed my own version of autoconf > 2.53)
eniac:source {138} /usr/local/bin/autoconf
eniac:source {146} ./configure --with-privatedir=3D"/var/db/samba"
--libdir=3D"/etc" --with-ldapsam --with-acl-support --disable-cups
--with-tdbsam --with-krb5 --with-spinlocks --with-libiconv
--with-winbind --with-logfilebase=3D"/var/log/samba"
<snip>
checking for Active Directory and krb5 support... auto
checking for krb5-config... no
checking for working krb5-config... no. Fallback to previous krb5
detection strategy
checking for kerberos 5 install path... /usr
checking krb5.h usability... yes
checking krb5.h presence... yes
checking for krb5.h... yes
checking gssapi.h usability... no
checking gssapi.h presence... no
checking for gssapi.h... no
checking gssapi/gssapi_generic.h usability... yes
checking gssapi/gssapi_generic.h presence... yes
checking for gssapi/gssapi_generic.h... yes
checking gssapi/gssapi.h usability... yes
checking gssapi/gssapi.h presence... yes
checking for gssapi/gssapi.h... yes
checking com_err.h usability... yes
checking com_err.h presence... yes
checking for com_err.h... yes
checking for _et_list in -lcom_err... no
checking for krb5_encrypt_data in -lk5crypto... no
checking for des_set_key in -lcrypto... yes
checking for copy_Authenticator in -lasn1... no
checking for roken_getaddrinfo_hostspec in -lroken... no
checking for gss_display_status in -lgssapi... no
checking for krb5_mk_req_extended in -lkrb5... yes
checking for gss_display_status in -lgssapi_krb5... yes
checking for krb5_set_real_time... no
checking for krb5_set_default_in_tkt_etypes... no
checking for krb5_set_default_tgs_ktypes... no
checking for krb5_principal2salt... no
checking for krb5_use_enctype... yes
checking for krb5_string_to_key... yes
checking for krb5_get_pw_salt... no
checking for krb5_string_to_key_salt... no
checking for krb5_auth_con_setkey... no
checking for krb5_auth_con_setuseruserkey... yes
checking for krb5_locate_kdc... no
checking for krb5_get_permitted_enctypes... no
checking for krb5_get_default_in_tkt_etypes... no
checking for krb5_free_ktypes... no
checking for krb5_principal_get_comp_string... no
checking for addrtype in krb5_address... yes
checking for addr_type in krb5_address... no
checking for enc_part2 in krb5_ticket... yes
checking for keyvalue in krb5_keyblock... no
checking for ENCTYPE_ARCFOUR_HMAC_MD5... no
checking for the krb5_princ_component macro... yes
checking whether Active Directory and krb5 support is used... yes
<snip>
Using libraries:
LIBS =3D -liconv
KRB5_LIBS =3D -lcrypto -lkrb5 -lgssapi_krb5
LDAP_LIBS =3D -llber -lldap
eniac:source {147} make
<snip>
Compiling libsmb/clifile.c
Compiling libsmb/clikrb5.c
libsmb/clikrb5.c:137: #error UNKNOWN_GET_ENCTYPES_FUNCTIONS
libsmb/clikrb5.c:121: illegal external declaration, missing `;' after
`__ERROR_XX_UNKNOWN_CREATE_KEY_FUNCTIONS'
libsmb/clikrb5.c:186: undefined type, found `krb5_krbhst_handle'
libsmb/clikrb5.c:187: undefined type, found `krb5_krbhst_info'
cpp-precomp: warning: errors during smart preprocessing, retrying in
basic mode
make: *** [libsmb/clikrb5.o] Error 1
----
--=-FrTx70PVTOATHQqlQ80Z
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQA/NVCGmaetye9fVe4RAm03AJ9poK4n552tE8BuxyZltg3m59IZCACgzg5J
XVh7aq8dfYslDSmV598uQGA=
=QkzK
-----END PGP SIGNATURE-----
--=-FrTx70PVTOATHQqlQ80Z--
--===============43516580462007148==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============43516580462007148==--
