Hi, I am running configure with the option --with-krb5=/opt/local which is where I have heimdal installed. The problem is that after running make, it still tries to use the include files from SUN that are in /usr/ and this screws up the compile. I can compile samba just fine using --without-krb5. I have already tried: setenv CFLAGS "-L/opt/local/lib" setenv CPPFLAGS "-I/opt/local/include" setenv LD_LIBRAY_PATH "/opt/local/lib:/usr/local/lib" setenv PATH "/opt/local/bin:/usr/local/bin:/usr/bin:/bin" ...but it still gets the include files from solaris which are located in /usr/include for kerberos. This may be a bug in the source code since the option --with-krb5 is not simply looking in the place I am telling it to look but also in /usr as it does by default. Please correct me if I am wrong, but the kerberos support in samba 3 is needed only if you are compiling --with-ads to authenticate against the windows 2000 ADS, right? Since I only need samba to be a PDC for my windows workstations, Should I just build it without kerberos support? I will store all samba user information in ldap and so authentication will be done against the ldap LMpasswd and NTpasswd entries and not through kerberos. This is my understanding so please correct me if I am wrong. Is there a good document that explains in detail all the configure options for samba? I have not been able to find one. Thanks for your help, Diego ---------------------------------- Diego Julian Remolina System Administrator School of Mathematics Georgia Institute of Technology ----------------------------------
Hi, I am running configure with the option --with-krb5=/opt/local which is where I have heimdal installed. The problem is that after running make, it still tries to use the include files from SUN that are in /usr/ and this screws up the compile. ## Mmm strange, I've not had any problems on Solaris 9 with MIT Kerberos... ## What files is it accidentally using, and in what way does this screw up your compile? Since I only need samba to be a PDC for my windows workstations, Should I just build it without kerberos support? I will store all samba user information in ldap and so authentication will be done against the ldap LMpasswd and NTpasswd entries and not through kerberos. This is my understanding so please correct me if I am wrong. ## I think there are some ways of implementing MIT KDC server with Samba as a PDC but this is not a normal configuration. ## If all you want is a Samba PDC using NTLM authentication then I do not beleive you need any Kerberos support ## hope this helps, Andy.
## Ok as far as I'm aware the following is true, you must use MIT or Heimdal
Kerberos with
## Solaris because Solaris Kerberos is not available with header files (Sun have
no plans
## to include headers with their bundled distribution). Sun/MIT/Heimdal
implementations of
## Kerberos are all gssapi compliant authentication mechanisms.
## You appear to have installed what looks like a second version of gssapi (I
assume also Heimdal)
## which Samba make is not liking. I'm sorry I haven't tried installing
Heimdal Kerberos myself,
## can you check whether it is possible to install/compile it without installing
a duplicate
## implementation of gssapi? Or maybe someone else on the list can help?
## thanks Andy.
The problem is with the header files. It tries to use the ones from
Solaris 9 kerberos implementatoin which are located in /usr/include as
opposed to the ones from heimdal in /opt/local/include). This happens
using both cc and gcc.
configure works fine but make fails.
I also changed /var/ld/ld.config, but the problem is not the libraries, is
the include files. This is what crle shows:
oak:/tmp/samba-3.0.2a/source % crle
Configuration file [3]: /var/ld/ld.config
Default Library Path (ELF): /opt/local/lib:/usr/lib
Trusted Directories (ELF): /usr/lib/secure (system default)
Command line:
crle -c /var/ld/ld.config -l /opt/local/lib:/usr/lib
The last few lines of configure are:
----------------snip------------
checking how to build vfs_cap... shared
Using libraries:
LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -liconv
KRB5_LIBS = -lcom_err -L/opt/local/encap/heimdal-0.6/lib -lgssapi
-lkrb5 -lasn1 -L/opt/local/lib -lcrypto -lroken
LDAP_LIBS = -lldap -llber
AUTH_LIBS checking configure summary... yes
configure: creating ./config.status
config.status: creating include/stamp-h
config.status: creating Makefile
config.status: creating script/findsmb
config.status: creating smbadduser
config.status: creating script/gen-8bit-gap.sh
config.status: creating include/config.h
Then when I type make:
oak:/tmp/samba-3.0.2a/source % make
Using FLAGS = -O -I/opt/local/encap/heimdal-0.6/include
-I/opt/local/include -Iinclude -I/tmp/samba-3.0.2a/source/include
-I/tmp/samba-3.0.2a/source/ubiqx -I/tmp/samba-3.0.2a/source/smbwrapper
-I. -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
-I/opt/local/encap/heimdal-0.6/include -I/opt/local/include
-I/tmp/samba-3.0.2a/source
LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -liconv
LDSHFLAGS = -G
LDFLAGS Generating smbd/build_options.c
Building include/proto.h
creating /tmp/samba-3.0.2a/source/include/proto.h
Building include/wrepld_proto.h
creating /tmp/samba-3.0.2a/source/include/wrepld_proto.h
Building include/build_env.h
creating /tmp/samba-3.0.2a/source/nsswitch/winbindd_proto.h
creating /tmp/samba-3.0.2a/source/web/swat_proto.h
creating /tmp/samba-3.0.2a/source/client/client_proto.h
creating /tmp/samba-3.0.2a/source/utils/net_proto.h
Compiling dynconfig.c
In file included from include/includes.h:421,
from dynconfig.c:21:
/opt/local/encap/heimdal-0.6/include/gssapi.h:50: warning: redefinition of
`OM_uint32'
/usr/include/gssapi/gssapi.h:87: warning: `OM_uint32' previously declared
here
/opt/local/encap/heimdal-0.6/include/gssapi.h:52: warning: redefinition of
`gss_uint32'
/usr/include/gssapi/gssapi.h:64: warning: `gss_uint32' previously declared
here
/opt/local/encap/heimdal-0.6/include/gssapi.h:64: error: conflicting types
for `gss_name_t'
/usr/include/gssapi/gssapi.h:57: error: previous declaration of
`gss_name_t'
/opt/local/encap/heimdal-0.6/include/gssapi.h:76: error: conflicting types
for `gss_ctx_id_t'
.
.
. keeps going.. it is a long list
.
.
/usr/include/gssapi/gssapi.h:695: error: previous declaration of
`gss_seal'
/opt/local/encap/heimdal-0.6/include/gssapi.h:765: error: conflicting
types for `gss_unseal'
/usr/include/gssapi/gssapi.h:704: error: previous declaration of
`gss_unseal'
make: *** [dynconfig.o] Error 1
Any ideas?
----------------------------------
Diego Julian Remolina
System Administrator
School of Mathematics
Georgia Institute of Technology
(404) 894-7385
(404) 894-1309
----------------------------------
On Fri, 5 Mar 2004, ww m-pubsyssamba wrote:
> Hi,
>
> I am running configure with the option --with-krb5=/opt/local which is
> where I have heimdal installed. The problem is that after running make,
> it still tries to use the include files from SUN that are in /usr/ and this
> screws up the compile.
>
> ## Mmm strange, I've not had any problems on Solaris 9 with MIT
Kerberos...
> ## What files is it accidentally using, and in what way does this screw up
your compile?
>
> Since I only need samba to be a PDC for my windows workstations,
> Should I just build it without kerberos support? I will store all samba
> user information in ldap and so authentication will be done against the
> ldap LMpasswd and NTpasswd entries and not through kerberos. This is my
> understanding so please correct me if I am wrong.
>
> ## I think there are some ways of implementing MIT KDC server with Samba as
a PDC but this is not a normal configuration.
> ## If all you want is a Samba PDC using NTLM authentication then I do not
beleive you need any Kerberos support
> ## hope this helps, Andy.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
Hi Diego, I think we broadly agree, but I might not be making myself very clear. Sun Kerberos will not break or interfere with Samba but Sun have not made a krb5.h header file available so you cannot use Sun Kerberos to compile Samba with Kerberos support. You will not need to uninstall Sun Kerberos to install MIT or Heimdal Kerberos. What I was surprised by was that you have two gssapi.h files on your system, but this was my ignorance as when I checked my MIT kerberos seems also to have installed its own gssapi.h. But I checked some of your definition errors against my files, and for example "gss_uint32" is defined identically in both the Sun and MIT header file. So this doesn't answer why you have a problem, my system might work because it is correctly ignoring the Sun header file or maybe because they do not have any conflicting definitions!?! If I was you I'd try renaming the Sun header file for the duration of you're compile and see if it works then, although I don't know if this would have any undesirable side effects, cheers Andy. Hi Andy,> ## Ok as far as I'm aware the following is true, you must use MIT or Heimdal Kerberos with > ## Solaris because Solaris Kerberos is not available with header files (Sun have no plans > ## to include headers with their bundled distribution). Sun/MIT/Heimdal implementations of > ## Kerberos are all gssapi compliant authentication mechanisms.I think the above is not correct, as you can see from the following commands; the header files for gssapi are part of the package SUNWhea: oak:/etc/openldap/ldif # pkgchk -lp /usr/include/gssapi/gssapi.h Pathname: /usr/include/gssapi/gssapi.h Type: regular file Expected mode: 0644 Expected owner: root Expected group: bin Expected file size (bytes): 22478 Expected sum(1) of contents: 31395 Expected last modification: Apr 06 14:12:32 2002 Referenced by the following packages: SUNWhea Current status: installed oak:/etc/openldap/ldif # pkginfo -l SUNWhea PKGINST: SUNWhea NAME: SunOS Header Files CATEGORY: system ARCH: sparc VERSION: 11.9.0,REV=2002.04.06.15.27 BASEDIR: / VENDOR: Sun Microsystems, Inc. DESC: SunOS C/C++ header files for general development of software PSTAMP: leo20030527173442 INSTDATE: Dec 30 2003 16:31 HOTLINE: Please contact your local service provider STATUS: completely installed FILES: 1323 installed pathnames 32 shared pathnames 85 directories 16086 blocks used (approx)> ## You appear to have installed what looks like a second version of gssapi (I assume also Heimdal) > ## which Samba make is not liking. I'm sorry I haven't tried installing Heimdal Kerberos myself, > ## can you check whether it is possible to install/compile it without installing a duplicate > ## implementation of gssapi? Or maybe someone else on the list can help? > ## thanks Andy. > >I am using heimdal because it is thread safe while mit kerberos is not. This is very important for my openldap server. Would you please check if your system has the package SUNWhea installed? If it is then you should have some header files like /usr/include/gssapi/gssapi.h The conflicting header files are not part of any of Sun's kerberos packages SUNWkrbr, SUNWkrbu or SUNWkrbux which I have installed since those provide authentication. I did not want to have to remove all the Sun kerberos packages since I am using the pam_krb5.so from those packages in my pam stack to authenticate users. Even if I remove the kerberos packages the header files will remain there so I do not think removing those kerberos packages will help. Have a good weekend, Diego> The problem is with the header files. It tries to use the ones from > Solaris 9 kerberos implementatoin which are located in /usr/include as > opposed to the ones from heimdal in /opt/local/include). This happens > using both cc and gcc. > configure works fine but make fails. > > I also changed /var/ld/ld.config, but the problem is not the libraries, is > the include files. This is what crle shows: > oak:/tmp/samba-3.0.2a/source % crle > > Configuration file [3]: /var/ld/ld.config > Default Library Path (ELF): /opt/local/lib:/usr/lib > Trusted Directories (ELF): /usr/lib/secure (system default) > > Command line: > crle -c /var/ld/ld.config -l /opt/local/lib:/usr/lib > > > The last few lines of configure are: > ----------------snip------------ > checking how to build vfs_cap... shared > Using libraries: > LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -liconv > KRB5_LIBS = -lcom_err -L/opt/local/encap/heimdal-0.6/lib -lgssapi > -lkrb5 -lasn1 -L/opt/local/lib -lcrypto -lroken > LDAP_LIBS = -lldap -llber > AUTH_LIBS > checking configure summary... yes > configure: creating ./config.status > config.status: creating include/stamp-h > config.status: creating Makefile > config.status: creating script/findsmb > config.status: creating smbadduser > config.status: creating script/gen-8bit-gap.sh > config.status: creating include/config.h > > Then when I type make: > oak:/tmp/samba-3.0.2a/source % make > Using FLAGS = -O -I/opt/local/encap/heimdal-0.6/include > -I/opt/local/include -Iinclude -I/tmp/samba-3.0.2a/source/include > -I/tmp/samba-3.0.2a/source/ubiqx -I/tmp/samba-3.0.2a/source/smbwrapper > -I. -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 > -I/opt/local/encap/heimdal-0.6/include -I/opt/local/include > -I/tmp/samba-3.0.2a/source > LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -liconv > LDSHFLAGS = -G > LDFLAGS > Generating smbd/build_options.c > Building include/proto.h > creating /tmp/samba-3.0.2a/source/include/proto.h > Building include/wrepld_proto.h > creating /tmp/samba-3.0.2a/source/include/wrepld_proto.h > Building include/build_env.h > creating /tmp/samba-3.0.2a/source/nsswitch/winbindd_proto.h > creating /tmp/samba-3.0.2a/source/web/swat_proto.h > creating /tmp/samba-3.0.2a/source/client/client_proto.h > creating /tmp/samba-3.0.2a/source/utils/net_proto.h > Compiling dynconfig.c > In file included from include/includes.h:421, > from dynconfig.c:21: > /opt/local/encap/heimdal-0.6/include/gssapi.h:50: warning: redefinition of > `OM_uint32' > /usr/include/gssapi/gssapi.h:87: warning: `OM_uint32' previously declared > here > /opt/local/encap/heimdal-0.6/include/gssapi.h:52: warning: redefinition of > `gss_uint32' > /usr/include/gssapi/gssapi.h:64: warning: `gss_uint32' previously declared > here > /opt/local/encap/heimdal-0.6/include/gssapi.h:64: error: conflicting types > for `gss_name_t' > /usr/include/gssapi/gssapi.h:57: error: previous declaration of > `gss_name_t' > /opt/local/encap/heimdal-0.6/include/gssapi.h:76: error: conflicting types > for `gss_ctx_id_t' > . > . > . keeps going.. it is a long list > . > . > /usr/include/gssapi/gssapi.h:695: error: previous declaration of > `gss_seal' > /opt/local/encap/heimdal-0.6/include/gssapi.h:765: error: conflicting > types for `gss_unseal' > /usr/include/gssapi/gssapi.h:704: error: previous declaration of > `gss_unseal' > make: *** [dynconfig.o] Error 1 > > Any ideas? > > ---------------------------------- > Diego Julian Remolina > System Administrator > School of Mathematics > Georgia Institute of Technology > (404) 894-7385 > (404) 894-1309 > ---------------------------------- > > On Fri, 5 Mar 2004, ww m-pubsyssamba wrote: > > > Hi, > > > > I am running configure with the option --with-krb5=/opt/local which is > > where I have heimdal installed. The problem is that after running make, > > it still tries to use the include files from SUN that are in /usr/ and this > > screws up the compile. > > > > ## Mmm strange, I've not had any problems on Solaris 9 with MIT Kerberos... > > ## What files is it accidentally using, and in what way does this screw up your compile? > > > > Since I only need samba to be a PDC for my windows workstations, > > Should I just build it without kerberos support? I will store all samba > > user information in ldap and so authentication will be done against the > > ldap LMpasswd and NTpasswd entries and not through kerberos. This is my > > understanding so please correct me if I am wrong. > > > > ## I think there are some ways of implementing MIT KDC server with Samba as a PDC but this is not a normal configuration. > > ## If all you want is a Samba PDC using NTLM authentication then I do not beleive you need any Kerberos support > > ## hope this helps, Andy. > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this.
Hi, Actually krb5.h is needed for Samba installation, but not avaiable in Solaris default Kerberos installation. Per Sun support, they don't want to provide that file. So I guess you have to use other options here. Regards, Hai>>> Diego Julian Remolina <dijuremo@math.gatech.edu> 03/05/04 14:50 PM >>>Hi Andy,> ## Ok as far as I'm aware the following is true, you must use MIT or Heimdal Kerberos with > ## Solaris because Solaris Kerberos is not available with header files (Sun have no plans > ## to include headers with their bundled distribution). Sun/MIT/Heimdal implementations of > ## Kerberos are all gssapi compliant authentication mechanisms.I think the above is not correct, as you can see from the following commands; the header files for gssapi are part of the package SUNWhea: oak:/etc/openldap/ldif # pkgchk -lp /usr/include/gssapi/gssapi.h Pathname: /usr/include/gssapi/gssapi.h Type: regular file Expected mode: 0644 Expected owner: root Expected group: bin Expected file size (bytes): 22478 Expected sum(1) of contents: 31395 Expected last modification: Apr 06 14:12:32 2002 Referenced by the following packages: SUNWhea Current status: installed oak:/etc/openldap/ldif # pkginfo -l SUNWhea PKGINST: SUNWhea NAME: SunOS Header Files CATEGORY: system ARCH: sparc VERSION: 11.9.0,REV=2002.04.06.15.27 BASEDIR: / VENDOR: Sun Microsystems, Inc. DESC: SunOS C/C++ header files for general development of software PSTAMP: leo20030527173442 INSTDATE: Dec 30 2003 16:31 HOTLINE: Please contact your local service provider STATUS: completely installed FILES: 1323 installed pathnames 32 shared pathnames 85 directories 16086 blocks used (approx)> ## You appear to have installed what looks like a second version of gssapi (I assume also Heimdal) > ## which Samba make is not liking. I'm sorry I haven't tried installing Heimdal Kerberos myself, > ## can you check whether it is possible to install/compile it without installing a duplicate > ## implementation of gssapi? Or maybe someone else on the list can help? > ## thanks Andy. > >I am using heimdal because it is thread safe while mit kerberos is not. This is very important for my openldap server. Would you please check if your system has the package SUNWhea installed? If it is then you should have some header files like /usr/include/gssapi/gssapi.h The conflicting header files are not part of any of Sun's kerberos packages SUNWkrbr, SUNWkrbu or SUNWkrbux which I have installed since those provide authentication. I did not want to have to remove all the Sun kerberos packages since I am using the pam_krb5.so from those packages in my pam stack to authenticate users. Even if I remove the kerberos packages the header files will remain there so I do not think removing those kerberos packages will help. Have a good weekend, Diego> The problem is with the header files. It tries to use the ones from > Solaris 9 kerberos implementatoin which are located in /usr/include as > opposed to the ones from heimdal in /opt/local/include). This happens > using both cc and gcc. > configure works fine but make fails. > > I also changed /var/ld/ld.config, but the problem is not the libraries, is > the include files. This is what crle shows: > oak:/tmp/samba-3.0.2a/source % crle > > Configuration file [3]: /var/ld/ld.config > Default Library Path (ELF): /opt/local/lib:/usr/lib > Trusted Directories (ELF): /usr/lib/secure (system default) > > Command line: > crle -c /var/ld/ld.config -l /opt/local/lib:/usr/lib > > > The last few lines of configure are: > ----------------snip------------ > checking how to build vfs_cap... shared > Using libraries: > LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -liconv > KRB5_LIBS = -lcom_err -L/opt/local/encap/heimdal-0.6/lib -lgssapi > -lkrb5 -lasn1 -L/opt/local/lib -lcrypto -lroken > LDAP_LIBS = -lldap -llber > AUTH_LIBS > checking configure summary... yes > configure: creating ./config.status > config.status: creating include/stamp-h > config.status: creating Makefile > config.status: creating script/findsmb > config.status: creating smbadduser > config.status: creating script/gen-8bit-gap.sh > config.status: creating include/config.h > > Then when I type make: > oak:/tmp/samba-3.0.2a/source % make > Using FLAGS = -O -I/opt/local/encap/heimdal-0.6/include > -I/opt/local/include -Iinclude -I/tmp/samba-3.0.2a/source/include > -I/tmp/samba-3.0.2a/source/ubiqx -I/tmp/samba-3.0.2a/source/smbwrapper > -I. -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 > -I/opt/local/encap/heimdal-0.6/include -I/opt/local/include > -I/tmp/samba-3.0.2a/source > LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -liconv > LDSHFLAGS = -G > LDFLAGS > Generating smbd/build_options.c > Building include/proto.h > creating /tmp/samba-3.0.2a/source/include/proto.h > Building include/wrepld_proto.h > creating /tmp/samba-3.0.2a/source/include/wrepld_proto.h > Building include/build_env.h > creating /tmp/samba-3.0.2a/source/nsswitch/winbindd_proto.h > creating /tmp/samba-3.0.2a/source/web/swat_proto.h > creating /tmp/samba-3.0.2a/source/client/client_proto.h > creating /tmp/samba-3.0.2a/source/utils/net_proto.h > Compiling dynconfig.c > In file included from include/includes.h:421, > from dynconfig.c:21: > /opt/local/encap/heimdal-0.6/include/gssapi.h:50: warning: redefinition of > `OM_uint32' > /usr/include/gssapi/gssapi.h:87: warning: `OM_uint32' previously declared > here > /opt/local/encap/heimdal-0.6/include/gssapi.h:52: warning: redefinition of > `gss_uint32' > /usr/include/gssapi/gssapi.h:64: warning: `gss_uint32' previously declared > here > /opt/local/encap/heimdal-0.6/include/gssapi.h:64: error: conflicting types > for `gss_name_t' > /usr/include/gssapi/gssapi.h:57: error: previous declaration of > `gss_name_t' > /opt/local/encap/heimdal-0.6/include/gssapi.h:76: error: conflicting types > for `gss_ctx_id_t' > . > . > . keeps going.. it is a long list > . > . > /usr/include/gssapi/gssapi.h:695: error: previous declaration of > `gss_seal' > /opt/local/encap/heimdal-0.6/include/gssapi.h:765: error: conflicting > types for `gss_unseal' > /usr/include/gssapi/gssapi.h:704: error: previous declaration of > `gss_unseal' > make: *** [dynconfig.o] Error 1 > > Any ideas? > > ---------------------------------- > Diego Julian Remolina > System Administrator > School of Mathematics > Georgia Institute of Technology > (404) 894-7385 > (404) 894-1309 > ---------------------------------- > > On Fri, 5 Mar 2004, ww m-pubsyssamba wrote: > > > Hi, > > > > I am running configure with the option --with-krb5=/opt/local which is > > where I have heimdal installed. The problem is that after running make, > > it still tries to use the include files from SUN that are in /usr/ and this > > screws up the compile. > > > > ## Mmm strange, I've not had any problems on Solaris 9 with MIT Kerberos... > > ## What files is it accidentally using, and in what way does this screw up your compile? > > > > Since I only need samba to be a PDC for my windows workstations, > > Should I just build it without kerberos support? I will store all samba > > user information in ldap and so authentication will be done against the > > ldap LMpasswd and NTpasswd entries and not through kerberos. This is my > > understanding so please correct me if I am wrong. > > > > ## I think there are some ways of implementing MIT KDC server with Samba as a PDC but this is not a normal configuration. > > ## If all you want is a Samba PDC using NTLM authentication then I do not beleive you need any Kerberos support > > ## hope this helps, Andy. > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba