I am looking at setting up ADS authentication for my current samba
configuration. I am quite wary of making big changes that I do not
understand as there are shares currently setup and I do not want to lose
this.
I have read through the "how to's" and I am at the point where I
want to
"Create the computer account" and running the command :-
Net ads join -U administrator%password
I am getting the error "ADS support not compiled in"
The fix for this says...
Samba must be reconfigured (remove config.cache) and recompile (make
clean all install) after the Kerberos libraries and headers files are
installed.
How do I reconfigure samba? I have inherited this samba configuration
and I am not sure how/what was configured originally and I do not want
to lose the current configuration..
Can someone help me with this recompile command and what entries I
should add. I have some details below of the current configuration...
Samba version 3.0.23c
I found the following details in the config.log
configure:34026: result: no
configure:34038: checking whether to use smbwrapper
configure:34085: result: no
configure:34093: checking whether to use AFS clear-text auth
configure:34111: result: no
configure:34119: checking whether to use AFS fake-kaserver
configure:34137: result: no
configure:34339: checking whether to use AFS fake-kaserver
configure:34357: result: no
configure:34376: checking whether to use DFS clear-text auth
configure:34398: result: no
configure:34407: checking for LDAP support
configure:34421: result: no
configure:35119: checking for Active Directory and krb5 support
configure:35133: result: auto
configure:35146: WARNING: Disabling Active Directory support (requires
LDAP support)
smbd -b | grep LDAP (no output)
smbd -b | grep KRB (no output)
smbd -b | grep ADS (no output)
smbd -b | grep WINBIND
WITH_WINBIND
WITH_WINBIND
TomMontague
</pre>
<br><P><HR><P>
<font size="2" face="Times">
The information in this email, including any attachments, is confidential and
may be subject to legal or other professional privilege. It is intended solely
for the addressee and access to this email by anyone else is unauthorised. If
you have received this email in error, please immediately advise the sender by
return email, then delete the message from your system and destroy any copies.
If you are not the intended recipient, any use, interference with, distribution,
disclosure or copying of this material, or any action taken or omitted to be
taken in reliance on it, is unauthorised and prohibited.
The Griffin Group scans all outgoing emails for viruses, however The Griffin
Group cannot guarantee that email communications are secure or error-free, as
information could be intercepted, corrupted, amended, lost, destroyed, arrive
late or incomplete.
</font>
<br></body>
<pre>
Using the following option to configure for ADS
--with-ldap and --with-ads in configure command
Also, you must have Kerberos library installed, so give
--with-krb5=$(PATH_TO_KRB_LIB)/lib/
If the configure fails, check the path and version of kerberos u r
using.
Regards,
Seban
-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Tom Montague
Sent: Thursday, November 05, 2009 9:45 AM
To: samba at lists.samba.org
Subject: [Samba] samba and ads authentication
I am looking at setting up ADS authentication for my current samba
configuration. I am quite wary of making big changes that I do not
understand as there are shares currently setup and I do not want to lose
this.
I have read through the "how to's" and I am at the point where I
want to
"Create the computer account" and running the command :-
Net ads join -U administrator%password
I am getting the error "ADS support not compiled in"
The fix for this says...
Samba must be reconfigured (remove config.cache) and recompile (make
clean all install) after the Kerberos libraries and headers files are
installed.
How do I reconfigure samba? I have inherited this samba configuration
and I am not sure how/what was configured originally and I do not want
to lose the current configuration..
Can someone help me with this recompile command and what entries I
should add. I have some details below of the current configuration...
Samba version 3.0.23c
I found the following details in the config.log
configure:34026: result: no
configure:34038: checking whether to use smbwrapper
configure:34085: result: no
configure:34093: checking whether to use AFS clear-text auth
configure:34111: result: no
configure:34119: checking whether to use AFS fake-kaserver
configure:34137: result: no
configure:34339: checking whether to use AFS fake-kaserver
configure:34357: result: no
configure:34376: checking whether to use DFS clear-text auth
configure:34398: result: no
configure:34407: checking for LDAP support
configure:34421: result: no
configure:35119: checking for Active Directory and krb5 support
configure:35133: result: auto
configure:35146: WARNING: Disabling Active Directory support (requires
LDAP support)
smbd -b | grep LDAP (no output)
smbd -b | grep KRB (no output)
smbd -b | grep ADS (no output)
smbd -b | grep WINBIND
WITH_WINBIND
WITH_WINBIND
TomMontague
</pre>
<br><P><HR><P>
<font size="2" face="Times">
The information in this email, including any attachments, is
confidential and may be subject to legal or other professional
privilege. It is intended solely for the addressee and access to this
email by anyone else is unauthorised. If you have received this email
in error, please immediately advise the sender by return email, then
delete the message from your system and destroy any copies. If you are
not the intended recipient, any use, interference with, distribution,
disclosure or copying of this material, or any action taken or omitted
to be taken in reliance on it, is unauthorised and prohibited.
The Griffin Group scans all outgoing emails for viruses, however The
Griffin Group cannot guarantee that email communications are secure or
error-free, as information could be intercepted, corrupted, amended,
lost, destroyed, arrive late or incomplete.
</font>
<br></body>
<pre>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to this
message are intended for the exclusive use of the addressee(s) and may contain
proprietary, confidential or privileged information. If you are not the intended
recipient, you should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately and destroy all copies of this message and any
attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted by this
email.
www.wipro.com
2009/11/10 Tom Montague <tom.montague at thegriffingroup.com.au>:> Hi Michael, > > I am running solaris 9. > > I do have Kerberos installed as I can run kinit <username>@domain > successfully I just don't know where it is installed. I have searchedOK, but that just proves you have enough of it installed to be able to *use* it. Not necessarily enough to be able to compile something that needs it. For that you need the header files and development libraries. What does "which kinit" give you?> for the file krb5.h and also for the Kerberos library file libkrb5.so > and found them in the directories below. Is there a way to check howlibkrb5.so would be used at runtime. For compiling you would need something like libkrb5.a, but since you have the header file (krb5.h) you should have the development library too.> Kerberos is installed and where the current library files are? Maybe I > am running the configure command wrong?> How do I check if I have Kerberos development package installed for > solaris?It looks like you do. It's also possible that Solaris does not split them up like most Linux distributions do.> I have tried all the directories below ... > > Directories containg the file libkrb5.so > > /home1/admin/krb5-1.6/src/lib/krb5/libkrb5.so > /home1/admin/krb5-1.6/src/lib/libkrb5.so > > Directories containing a krb5.h file > > /home1/admin/krb5-1.6/src/include/krb5.h > /home1/admin/krb5-1.6/src/include/krb5/krb5.h > > Directories that have a reference of krb5 > > /var/krb5 > /usr/lib/krb5 > /etc/krb5 > /opt/dcelocal/krb5 > /home1/admin/krb5-1.6/src/include/krb5 > /home1/admin/krb5-1.6/src/windows/identity/plugins/krb5 > /home1/admin/krb5-1.6/src/lib/gssapi/krb5 > /home1/admin/krb5-1.6/src/lib/krb5 > /prod/opt/dcelocal/krb5 > /krb5It looks like you've compiled it yourself. I would have thought Solaris 9 would come with a version you could just install, but perhaps it's too old. I don't know. It also looks like you might have several copies of it installed in at least /opt/dcelocal/krb5, /prod/opt/dcelocal/krb5 and krb5. The files in /home1/admin/... are probably not installed there, but that's just where Kerberos (at least one instance of it) was compiled. So that's probably not where you want configure to look. Do you have krb5.h and something like libkrb5.a anywhere else? -- Michael Wood <esiotrot at gmail.com>
Please keep the samba list in the list of recipients. 2009/11/10 Tom Montague <tom.montague at thegriffingroup.com.au>:> > What does "which kinit" give you? > > /usr/bin/kinit > > I think Kerberos was installed in the /home1/admin directories as I have > found a config.log in the /home1/admin/krb5-1.6/src/ directory... (I > have attached this file)No, that just means it was compiled there. The log shows that "prefix" was set to /usr/local, so if Kerberos had been installed after it was compiled it would have been installed in /usr/local. It looks like this last step never happened.> At the bottom of this log there are entries running the config.status > command which looks like it is adding .h files, there are none for krb5. > (see extract pasted below between the --- lines ----) > > Do you think I could run ?./config.status include/gssrpc/krb5.h ? ? ??No. It's not entirely clear what the best thing is to do. As I said it seems like you might have multiple instances of Kerberos installed. The fact that you have kinit in /usr/bin implies that you have one instance that is in some way "official" or bundled with the OS or something along those lines. I haven't had anything to do with Solaris in quite a while, (and I was never all that familiar with it before anyway) so I can't remember the package management commands. Maybe there's a krb5 development package you can install. Another possible solution would be to run "make install" in the /home/admin1/krb* directory, which should install that instance of Kerberos to /usr/local. This may interfere with the existing installations of Kerberos, though (depending on your PATH etc.) so if you're using Kerberos for anything else at the moment, I would be a bit careful of doing this.> There are krb5.h files in the following locations :- > > /home1/admin/krb5-1.6/src/include/krb5/ ? ?(this file is the largest and > also the newest) > /home1/admin/krb5-1.6/src/include/ ? ? ? ? ? ?(this file is small and > older) > > > I have below the files in the directory /home1/admin/krb5-1.6/src/lib > > apputils ? ? ? ? ? ? ? libapputils.a ? ? ? ? ?libk5crypto.so.3 > libkrb5.so > comerr32.def ? ? ? ? ? libcom_err.so ? ? ? ? ?libk5crypto.so.3.1 > libkrb5.so.3 > crypto ? ? ? ? ? ? ? ? libcom_err.so.3 ? ? ? ?libkadm5clnt.so > libkrb5.so.3.3 > des425 ? ? ? ? ? ? ? ? libcom_err.so.3.0 ? ? ?libkadm5clnt.so.5 > libkrb5support.so > glue4.c ? ? ? ? ? ? ? ?libdes425.so ? ? ? ? ? libkadm5clnt.so.5.1 > libkrb5support.so.0 > gssapi ? ? ? ? ? ? ? ? libdes425.so.3 ? ? ? ? libkadm5srv.so > libkrb5support.so.0.1 > gssapi32.def ? ? ? ? ? libdes425.so.3.0 ? ? ? libkadm5srv.so.5 > libss.a > kadm5 ? ? ? ? ? ? ? ? ?libgssapi_krb5.so ? ? ?libkadm5srv.so.5.1 > Makefile > kdb ? ? ? ? ? ? ? ? ? ?libgssapi_krb5.so.2 ? ?libkdb5.so > Makefile.in > krb4 ? ? ? ? ? ? ? ? ? libgssapi_krb5.so.2.2 ?libkdb5.so.4 ? ? ? ? ? rpc > krb4_32.def ? ? ? ? ? ?libgssrpc.so ? ? ? ? ? libkdb5.so.4.0 > win_glue.c > krb5 ? ? ? ? ? ? ? ? ? libgssrpc.so.4 ? ? ? ? libkrb4.so > xpprof32.def > krb5_32.def ? ? ? ? ? ?libgssrpc.so.4.0 ? ? ? libkrb4.so.2 > krb5.rc ? ? ? ? ? ? ? ?libk5crypto.so ? ? ? ? libkrb4.so.2.0 > > > > ------------------------------------------------------------------------ > - > > ## ---------------------- ## > ## Running config.status. ## > ## ---------------------- ## > > This file was extended by Kerberos 5 config.status 1.6, which was > generated by GNU Autoconf 2.59. ?Invocation command line was > > ?CONFIG_FILES ? ?> ?CONFIG_HEADERS ?> ?CONFIG_LINKS ? ?> ?CONFIG_COMMANDS > ?$ config.status include/gssrpc/types.h > > on gpstest > > config.status:854: creating include/gssrpc/types.h > > -------------------------------------------------------------------------- Michael Wood <esiotrot at gmail.com>