samba - Aug 2003 - samba v3b3, SuSE 8.0 enterprise, heimdal 0.6, openssl ADS issues

Hi again all,

I'm trying to get samba 3b3 working with ADS on Suse 8.0 enterprise.
I've installed heimdal kerberos 0.6 with openldap support.

Now when I did that, I used the configure options of:

./configure --with-openldap=/usr/local/bin
--with-openldap-include=/usr/local/include
--with-openldap-lib=/usr/local/lib --enable-shared=yes

there's another config option of --with-openldap-config  with a note of
"ldap config utility"  What the devil is that?  I can't seem to
find any
info on it, so am not sure if that's my problem.

Anyway, when compiling samba v3b3 I get this error:

Compiling libsmb/clikrb5.c
libsmb/clikrb5.c: In function `krb5_princ_component':
libsmb/clikrb5.c:398: warning: assignment discards qualifiers from
pointer target type
Compiling libsmb/clispnego.c with -fPIC

looks dangerous.

Than when I try a net ads join, I get:

linux:/home/packages/samba-3.0.0beta3/source # bin/net ads join -U
administrator@DOMAIN.com
administrator@DOMAIN.com password:
[2003/08/13 13:04:14, 1] libsmb/clikrb5.c:ads_krb5_mk_req(267)
  krb5_cc_get_principal failed (No such file or directory)
[2003/08/13 13:04:14, 1] libsmb/clikrb5.c:ads_krb5_mk_req(274)
  krb5_get_credentials failed for ads-server$@DOMAIN.COM (Unknown error
-1765328343)
[2003/08/13 13:04:14, 1] utils/net_ads.c:ads_startup(176)
  ads_connect: Server is unavailable

Now, the fix for the same problem under BSD (thanks to WIll Froning) is
to compile kerberos with ldap support, which is why I'm not sure if the
kerberos is compiling ok.

Also, when I compile samba 3b1, I don't get the compile error and the
"net ads" error is:

suseserver2:/var/log/samba # net ads join  -U administrator@DOMAIN.COM
administrator@DOMAIN.COM password:
[2003/08/13 10:14:26, 1] libsmb/clikrb5.c:ads_krb5_mk_req(267)
  krb5_cc_get_principal failed (No such file or directory)
[2003/08/13 10:14:26, 1] libsmb/clikrb5.c:ads_krb5_mk_req(274)
  krb5_get_credentials failed for ads-server$@DOMAIN.COM (Unknown error
2529638927)
[2003/08/13 10:14:26, 0] libads/ldap.c:ads_join_realm(1352)
  Host account for suseserver2 already exists - deleting old account
[2003/08/13 10:14:26, 1] libads/krb5_setpw.c:ads_krb5_set_password(529)
  krb5_get_credentials failed (Unknown error 2529638927)
ads_set_machine_password: Unknown error 2529638927

Notice, it actually lets me add the machine!  Also, either machine, the
'net ads lookup' command works fine, as does klist, and kinit.

Any ideas?

Many thanks

-Brian Otto
--
The opinions expressed herein are my own and do not necessarily reflect
those of my employers

Hi,
i'm not shure if this still applys to 3.0b3 but in 
samba/docs/html-docs/Samba-HOWTO-Collection.html#ads-member there is stated:

Compiling samba with Active Directory support
In order to compile samba with ADS support, you need to have installed 
on your system:
- the MIT kerberos development libraries(...). the HEIMDAL libraries 
will NOT work.
- .....

does this ring some bells in your head?

Brian Otto wrote:
> Hi again all,
> 
> I'm trying to get samba 3b3 working with ADS on Suse 8.0 enterprise.
> I've installed heimdal kerberos 0.6 with openldap support.
> 
> Now when I did that, I used the configure options of:
> 
> ./configure --with-openldap=/usr/local/bin
> --with-openldap-include=/usr/local/include
> --with-openldap-lib=/usr/local/lib --enable-shared=yes
> 
> there's another config option of --with-openldap-config  with a note of
> "ldap config utility"  What the devil is that?  I can't seem
to find any
> info on it, so am not sure if that's my problem.
> 
> Anyway, when compiling samba v3b3 I get this error:
> 
> Compiling libsmb/clikrb5.c
> libsmb/clikrb5.c: In function `krb5_princ_component':
> libsmb/clikrb5.c:398: warning: assignment discards qualifiers from
> pointer target type
> Compiling libsmb/clispnego.c with -fPIC
> 
> looks dangerous.
> 
> Than when I try a net ads join, I get:
> 
> linux:/home/packages/samba-3.0.0beta3/source # bin/net ads join -U
> administrator@DOMAIN.com
> administrator@DOMAIN.com password:
> [2003/08/13 13:04:14, 1] libsmb/clikrb5.c:ads_krb5_mk_req(267)
>   krb5_cc_get_principal failed (No such file or directory)
> [2003/08/13 13:04:14, 1] libsmb/clikrb5.c:ads_krb5_mk_req(274)
>   krb5_get_credentials failed for ads-server$@DOMAIN.COM (Unknown error
> -1765328343)
> [2003/08/13 13:04:14, 1] utils/net_ads.c:ads_startup(176)
>   ads_connect: Server is unavailable
> 
> Now, the fix for the same problem under BSD (thanks to WIll Froning) is
> to compile kerberos with ldap support, which is why I'm not sure if the
> kerberos is compiling ok.
> 
> Also, when I compile samba 3b1, I don't get the compile error and the
> "net ads" error is:
> 
> suseserver2:/var/log/samba # net ads join  -U administrator@DOMAIN.COM
> administrator@DOMAIN.COM password:
> [2003/08/13 10:14:26, 1] libsmb/clikrb5.c:ads_krb5_mk_req(267)
>   krb5_cc_get_principal failed (No such file or directory)
> [2003/08/13 10:14:26, 1] libsmb/clikrb5.c:ads_krb5_mk_req(274)
>   krb5_get_credentials failed for ads-server$@DOMAIN.COM (Unknown error
> 2529638927)
> [2003/08/13 10:14:26, 0] libads/ldap.c:ads_join_realm(1352)
>   Host account for suseserver2 already exists - deleting old account
> [2003/08/13 10:14:26, 1] libads/krb5_setpw.c:ads_krb5_set_password(529)
>   krb5_get_credentials failed (Unknown error 2529638927)
> ads_set_machine_password: Unknown error 2529638927
> 
> Notice, it actually lets me add the machine!  Also, either machine, the
> 'net ads lookup' command works fine, as does klist, and kinit.
> 
> Any ideas?
> 
> Many thanks
> 
> -Brian Otto
> --
> The opinions expressed herein are my own and do not necessarily reflect
> those of my employers
> 
> 
>

Thanks to all who pointed me in the right direction, I got this working, wooho!

--
The opinions expressed herein are my own and do not necessarily reflect those of
my employers