Andrey Repin
2015-Apr-23 21:24 UTC
[Samba] RFC2307 attributes not being read by DC2 in 4.2.1
Greetings, Rowland Penny!>>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >>>> drepl, winbindd, ntp_signd, kcc, dnsupdate >> >> Since "winbindd" is included in this line, shouldn't also "-winbind" >> be there? I think that when you use the normal winbind you must >> disable the internal one. >> >> Could the simultaneous use of both winbinds be the cause of the >> confusion?> If you read what I wrote, you will see I said to replace 'winbindd' with > 'winbind'. We are referring to samba 4.2.1, as standard this uses the > separate 'winbindd' daemon instead of the 'winbind' built into the samba > daemon.> If using the old 'winbind' cures the OP problem, then there is a problem > in the way that a 4.2.1 DC uses the 'winbindd' deamon.Internal AD winbind implementation doesn't care about SAM posixAccount mappings in sam.ldb - it reads the RFC2307 mappings from idmap.ldb, whereas member servers read the maps from SAM. This creates a nice clash of UID's between DC and members, even worse - it creates a clash between idmap and sam on the DC. I'm right now trying to conceive a plan to solve this crap. -- With best regards, Andrey Repin Friday, April 24, 2015 00:22:11 Sorry for my terrible english...
Hi, I'm wanting to install the latest Samba 4.2.1 on my LinuxMint 17 / Rebecca host. I have: 1. Followed the HOWTO to get OS and lib dependencies (but seems I'm missing something) 2. Run ./configure --enable-gnutls 3. Near the end while linking make halts with an error below. I'm guessing there is a missing lib as the reference appears unresolved, however, which libraries are missing (filenames)? Thank you, Caesar. [3605/4085] Linking default/source4/auth/kerberos/libauthkrb5-samba4.so default/source4/lib/tls/tls_1.o: In function `tls_init_client': tls.c:(.text+0x1846): undefined reference to `gnutls_certificate_type_set_priority' default/source4/lib/tls/tls_tstream_1.o: In function `_tstream_tls_connect_send': tls_tstream.c:(.text+0x2014): undefined reference to `gnutls_certificate_type_set_priority' collect2: error: ld returned 1 exit status Waf: Leaving directory `/home/caesar/Downloads/samba-4.2.1/bin' Build failed: -> task failed (err #1): {task: cc_link packet_1.o,tls_1.o,tlscert_1.o,tls_tstream_1.o,gssapi_pac_1.o,kerberos_pac_1.o,kerberos_pac_2.o,krb5_init_context_1.o -> libauthkrb5-samba4.so} make: *** [all] Error 1
Miguel Medalha
2015-Apr-24 00:07 UTC
[Samba] RFC2307 attributes not being read by DC2 in 4.2.1
> > Internal AD winbind implementation doesn't care about SAM posixAccount > mappings in sam.ldb - it reads the RFC2307 mappings from idmap.ldb,whereas> member servers read the maps from SAM. > This creates a nice clash of UID's between DC and members, even worse - it > creates a clash between idmap and sam on the DC. > I'm right now trying to conceive a plan to solve this crap. >What I was asking was if the internal one was IN FACT being disabled or if it SHOULD HAVE been disabled but wasn't.
It turns out that gnutls-3.4.0 caused the problem. I removed all gnutls packages from the system and cleaned out /usr/local/lib from libgnu* files. Installed libgnutls28-dev and samba's make finished successfully. Hope this helps. I've no idea where to file a bug. On 04/23/2015 03:18 PM, Caesar Samsi wrote:> Hi, > > I'm wanting to install the latest Samba 4.2.1 on my LinuxMint 17 / > Rebecca host. > > I have: > 1. Followed the HOWTO to get OS and lib dependencies (but seems I'm > missing something) > 2. Run ./configure --enable-gnutls > 3. Near the end while linking make halts with an error below. > > I'm guessing there is a missing lib as the reference appears > unresolved, however, which libraries are missing (filenames)? > > Thank you, Caesar. > > [3605/4085] Linking default/source4/auth/kerberos/libauthkrb5-samba4.so > default/source4/lib/tls/tls_1.o: In function `tls_init_client': > tls.c:(.text+0x1846): undefined reference to > `gnutls_certificate_type_set_priority' > default/source4/lib/tls/tls_tstream_1.o: In function > `_tstream_tls_connect_send': > tls_tstream.c:(.text+0x2014): undefined reference to > `gnutls_certificate_type_set_priority' > collect2: error: ld returned 1 exit status > Waf: Leaving directory `/home/caesar/Downloads/samba-4.2.1/bin' > Build failed: -> task failed (err #1): > {task: cc_link > packet_1.o,tls_1.o,tlscert_1.o,tls_tstream_1.o,gssapi_pac_1.o,kerberos_pac_1.o,kerberos_pac_2.o,krb5_init_context_1.o > -> libauthkrb5-samba4.so} > make: *** [all] Error 1 >
Rowland Penny
2015-Apr-24 09:10 UTC
[Samba] RFC2307 attributes not being read by DC2 in 4.2.1
On 24/04/15 01:07, Miguel Medalha wrote:>> Internal AD winbind implementation doesn't care about SAM posixAccount >> mappings in sam.ldb - it reads the RFC2307 mappings from idmap.ldb, > whereas >> member servers read the maps from SAM. >> This creates a nice clash of UID's between DC and members, even worse - it >> creates a clash between idmap and sam on the DC. >> I'm right now trying to conceive a plan to solve this crap. >> > What I was asking was if the internal one was IN FACT being disabled or if > it SHOULD HAVE been disabled but wasn't. >Yes, I know that was what you were trying to say and what I was trying to say was, if the way I suggested to turn off winbindd didn't work, then I do not know of another way of turning it off. I suggest we stop this here, we are just going around in circles, we will just have to agree to disagree :-) Rowland