samba - Apr 2015 - Compiling gets undefined reference by tls.c

Greetings, Rowland Penny!
>>>>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
kdc,
>>>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>>
>> Since "winbindd" is included in this line, shouldn't also
"-winbind"
>> be there? I think that when you use the normal winbind you must 
>> disable the internal one.
>>
>> Could the simultaneous use of both winbinds be the cause of the 
>> confusion?
> If you read what I wrote, you will see I said to replace 'winbindd'
with
> 'winbind'. We are referring to samba 4.2.1, as standard this uses
the
> separate 'winbindd' daemon instead of the 'winbind' built
into the samba
> daemon.
> If using the old 'winbind' cures the OP problem, then there is a
problem
> in the way that a 4.2.1 DC uses the 'winbindd' deamon.
Internal AD winbind implementation doesn't care about SAM posixAccount
mappings in sam.ldb - it reads the RFC2307 mappings from idmap.ldb, whereas
member servers read the maps from SAM.
This creates a nice clash of UID's between DC and members, even worse - it
creates a clash between idmap and sam on the DC.
I'm right now trying to conceive a plan to solve this crap.


-- 
With best regards,
Andrey Repin
Friday, April 24, 2015 00:22:11

Sorry for my terrible english...

Hi,

I'm wanting to install the latest Samba 4.2.1 on my LinuxMint 17 / 
Rebecca host.

I have:
1. Followed the HOWTO to get OS and lib dependencies (but seems I'm 
missing something)
2. Run ./configure --enable-gnutls
3. Near the end while linking make halts with an error below.

I'm guessing there is a missing lib as the reference appears unresolved, 
however, which libraries are missing (filenames)?

Thank you, Caesar.

[3605/4085] Linking default/source4/auth/kerberos/libauthkrb5-samba4.so
default/source4/lib/tls/tls_1.o: In function `tls_init_client':
tls.c:(.text+0x1846): undefined reference to 
`gnutls_certificate_type_set_priority'
default/source4/lib/tls/tls_tstream_1.o: In function 
`_tstream_tls_connect_send':
tls_tstream.c:(.text+0x2014): undefined reference to 
`gnutls_certificate_type_set_priority'
collect2: error: ld returned 1 exit status
Waf: Leaving directory `/home/caesar/Downloads/samba-4.2.1/bin'
Build failed:  -> task failed (err #1):
     {task: cc_link 
packet_1.o,tls_1.o,tlscert_1.o,tls_tstream_1.o,gssapi_pac_1.o,kerberos_pac_1.o,kerberos_pac_2.o,krb5_init_context_1.o
-> libauthkrb5-samba4.so}
make: *** [all] Error 1

> 
> Internal AD winbind implementation doesn't care about SAM posixAccount
> mappings in sam.ldb - it reads the RFC2307 mappings from idmap.ldb, 
whereas
> member servers read the maps from SAM.
> This creates a nice clash of UID's between DC and members, even worse -
it
> creates a clash between idmap and sam on the DC.
> I'm right now trying to conceive a plan to solve this crap.
> 
What I was asking was if the internal one was IN FACT being disabled or if 
it SHOULD HAVE been disabled but wasn't.

It turns out that gnutls-3.4.0 caused the problem.

I removed all gnutls packages from the system and cleaned out 
/usr/local/lib from libgnu* files.

Installed libgnutls28-dev and samba's make finished successfully.

Hope this helps. I've no idea where to file a bug.

On 04/23/2015 03:18 PM, Caesar Samsi wrote:
> Hi,
>
> I'm wanting to install the latest Samba 4.2.1 on my LinuxMint 17 / 
> Rebecca host.
>
> I have:
> 1. Followed the HOWTO to get OS and lib dependencies (but seems I'm 
> missing something)
> 2. Run ./configure --enable-gnutls
> 3. Near the end while linking make halts with an error below.
>
> I'm guessing there is a missing lib as the reference appears 
> unresolved, however, which libraries are missing (filenames)?
>
> Thank you, Caesar.
>
> [3605/4085] Linking default/source4/auth/kerberos/libauthkrb5-samba4.so
> default/source4/lib/tls/tls_1.o: In function `tls_init_client':
> tls.c:(.text+0x1846): undefined reference to 
> `gnutls_certificate_type_set_priority'
> default/source4/lib/tls/tls_tstream_1.o: In function 
> `_tstream_tls_connect_send':
> tls_tstream.c:(.text+0x2014): undefined reference to 
> `gnutls_certificate_type_set_priority'
> collect2: error: ld returned 1 exit status
> Waf: Leaving directory `/home/caesar/Downloads/samba-4.2.1/bin'
> Build failed:  -> task failed (err #1):
>     {task: cc_link 
>
packet_1.o,tls_1.o,tlscert_1.o,tls_tstream_1.o,gssapi_pac_1.o,kerberos_pac_1.o,kerberos_pac_2.o,krb5_init_context_1.o
> -> libauthkrb5-samba4.so}
> make: *** [all] Error 1
>

On 24/04/15 01:07, Miguel Medalha wrote:
>> Internal AD winbind implementation doesn't care about SAM
posixAccount
>> mappings in sam.ldb - it reads the RFC2307 mappings from idmap.ldb,
> whereas
>> member servers read the maps from SAM.
>> This creates a nice clash of UID's between DC and members, even
worse - it
>> creates a clash between idmap and sam on the DC.
>> I'm right now trying to conceive a plan to solve this crap.
>>
> What I was asking was if the internal one was IN FACT being disabled or if
> it SHOULD HAVE been disabled but wasn't.
>
Yes, I know that was what you were trying to say and what I was trying 
to say was, if the way I suggested to turn off winbindd didn't work, 
then I do not know of another way of turning it off.

I suggest we stop this here, we are just going around in circles, we 
will just have to agree to disagree :-)

Rowland