samba/kerberos compile question on Mac OS X Server 10.2.6

satadru pramanik satadru at umich.edu
Sat Aug 9 15:50:31 EDT 2003


My apologies if this is the wrong forum for this question, but I have been asked to 
relay this question to the kerberos list, having already contacted both the samba and UM macsig lists.
I'm trying to get samba compiled on mac os x server With active directory support.  
Samba 3 with active directory will in theory let somebody authenticate through AD, 
so users on machines connected to a samba 3 PDC could in theory login with 
their Kerberos credentials.  I am getting several kerberos related errors in 
getting samba to compile properly.  One of the problems is that I'm not exactly sure
what version of kerberos is installed on mac os x server, nor if it is possible to upgrade
it.  Any information you might have on recognizing and/or fixing this error would be appreciated.

I've managed to get samba 3_0 (still in late beta) to compile cleanly as 
long as I disable AD, by passing the --disable-ads flag to ./configure. 
While this has allowed me to get samba to act as a PDC that then 
authenticates to the OpenLDAP server built-in to Mac OS X Server, it 
doesn't achieve my goal of kerberized logins from windows with samba, and I 
don't want to have to run my own Win{2k,2k3} server.

If anybody's compiled samba 3 on the mac successfully, would you mind 
letting me know if you've gotten it to work properly, and how?  Have any of 
you tried Panther Server DP?  Does it connect to AD successfully?

The word on the street is that Mac OS X Server Panther will have samba 3 
installed (well, at least the samba source released with panther server DP 
is from samba 3.0 alpha 22, but that's probably too early to have sound AD 
support).

I'm compiling samba SAMBA_3_0 pulled just now from cvs on Mac OS X Server 
(10.2.6) and I'm getting this error when compiling with ads:

libsmb/clikrb5.c:137: #error UNKNOWN_GET_ENCTYPES_FUNCTIONS
libsmb/clikrb5.c:121: illegal external declaration, missing `;' after
`__ERROR_XX_UNKNOWN_CREATE_KEY_FUNCTIONS'
libsmb/clikrb5.c:186: undefined type, found `krb5_krbhst_handle'
libsmb/clikrb5.c:187: undefined type, found `krb5_krbhst_info'
cpp-precomp: warning: errors during smart preprocessing, retrying in
basic mode
make: *** [libsmb/clikrb5.o] Error 1


Compiling with --disable-ads works fine.  Is there anything I can do to
enable samba with ads on mac os x server?

Here's what I've done with the compilation:

cvs -d :pserver:cvs at pserver.samba.org:/cvsroot login
cvs -z5 -d :pserver:cvs at pserver.samba.org:/cvsroot co -r SAMBA_3_0 samba
cd samba/source

(I've compiled & installed my own version of autoconf > 2.53)
eniac:source {138} /usr/local/bin/autoconf
eniac:source {146} ./configure --with-privatedir="/var/db/samba"
--libdir="/etc" --with-ldapsam --with-acl-support --disable-cups
--with-tdbsam --with-krb5 --with-spinlocks --with-libiconv
--with-winbind  --with-logfilebase="/var/log/samba"

<snip>
checking for Active Directory and krb5 support... auto
checking for krb5-config... no
checking for working krb5-config... no. Fallback to previous krb5
detection strategy
checking for kerberos 5 install path... /usr
checking krb5.h usability... yes
checking krb5.h presence... yes
checking for krb5.h... yes
checking gssapi.h usability... no
checking gssapi.h presence... no
checking for gssapi.h... no
checking gssapi/gssapi_generic.h usability... yes
checking gssapi/gssapi_generic.h presence... yes
checking for gssapi/gssapi_generic.h... yes
checking gssapi/gssapi.h usability... yes
checking gssapi/gssapi.h presence... yes
checking for gssapi/gssapi.h... yes
checking com_err.h usability... yes
checking com_err.h presence... yes
checking for com_err.h... yes
checking for _et_list in -lcom_err... no
checking for krb5_encrypt_data in -lk5crypto... no
checking for des_set_key in -lcrypto... yes
checking for copy_Authenticator in -lasn1... no
checking for roken_getaddrinfo_hostspec in -lroken... no
checking for gss_display_status in -lgssapi... no
checking for krb5_mk_req_extended in -lkrb5... yes
checking for gss_display_status in -lgssapi_krb5... yes
checking for krb5_set_real_time... no
checking for krb5_set_default_in_tkt_etypes... no
checking for krb5_set_default_tgs_ktypes... no
checking for krb5_principal2salt... no
checking for krb5_use_enctype... yes
checking for krb5_string_to_key... yes
checking for krb5_get_pw_salt... no
checking for krb5_string_to_key_salt... no
checking for krb5_auth_con_setkey... no
checking for krb5_auth_con_setuseruserkey... yes
checking for krb5_locate_kdc... no
checking for krb5_get_permitted_enctypes... no
checking for krb5_get_default_in_tkt_etypes... no
checking for krb5_free_ktypes... no
checking for krb5_principal_get_comp_string... no
checking for addrtype in krb5_address... yes
checking for addr_type in krb5_address... no
checking for enc_part2 in krb5_ticket... yes
checking for keyvalue in krb5_keyblock... no
checking for ENCTYPE_ARCFOUR_HMAC_MD5... no
checking for the krb5_princ_component macro... yes
checking whether Active Directory and krb5 support is used... yes

<snip>
Using libraries:
    LIBS =   -liconv
    KRB5_LIBS =   -lcrypto -lkrb5 -lgssapi_krb5
    LDAP_LIBS =  -llber -lldap

eniac:source {147} make

<snip>

Compiling libsmb/clifile.c
Compiling libsmb/clikrb5.c
libsmb/clikrb5.c:137: #error UNKNOWN_GET_ENCTYPES_FUNCTIONS
libsmb/clikrb5.c:121: illegal external declaration, missing `;' after
`__ERROR_XX_UNKNOWN_CREATE_KEY_FUNCTIONS'
libsmb/clikrb5.c:186: undefined type, found `krb5_krbhst_handle'
libsmb/clikrb5.c:187: undefined type, found `krb5_krbhst_info'
cpp-precomp: warning: errors during smart preprocessing, retrying in
basic mode
make: *** [libsmb/clikrb5.o] Error 1
----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20030809/a9ab4a1b/attachment.bin


More information about the Kerberos mailing list