[Samba] Compile 3.5.4 on Opensolaris snv_134
Mārcis Lielturks
marcis.lielturks at gmail.com
Tue Jul 20 01:27:22 MDT 2010
Hi!
I'm still stuck at the point where samba compiles, but I cannot join domain.
I see "SPNEGO login failure" when using debug level 3 and "failed to lookup
DC info for domain 'DOMAIN.COM' over rpc: Logon failure" on STDOUT.
I have compiled:
- openssl 0.9.8o
- openldap 2.4.21
- MIT Kerberos5 1.8.2
- GNU GSS 0.1.5
- openssl with kerberos support
- samba 3.5.4
I'm using sunstudio12.1 cc compiler and gnu make on snv_134. Everything is
"--prefix'ed" to /opt/samba. I have set CPPFLAGS and LDFLAGS to point to
/opt/samba/include and /opt/samba/lib
1. Can anyone help on explaining this SPNEGO thing? I suspect that it
means that samba was unable to negotiate some gssapi related stuff, so I
might have compiled something wrong.
2. Why "struct libnet_JoinCtx" suggests that kerberos won't be used (see
line marked with arrows)?
Here's some lines from "net -U domainadmin%pass ads join -d10"
[2010/07/20 09:37:05.413534, 2] lib/interface.c:338(add_interface)
added interface e1000g0:6 ip=192.168.0.84 bcast=192.168.0.255
netmask=255.255.255.0
[2010/07/20 09:37:05.413946, 1] libnet/libnet_join.c:1947(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'SAMBA-DEV'
domain_name : *
domain_name : 'DOMAIN.COM'
account_ou : NULL
admin_account : 'Administrator'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
----------> use_kerberos : 0x00 (0)
<--------------------------------------------------------------------------------------
secure_channel_type : SEC_CHAN_WKSTA (2)
....................SKIP......................
[2010/07/20 09:37:05.521247, 5]
libsmb/ntlmssp.c:1196(ntlmssp_client_challenge)
NTLMSSP challenge set by NTLM2
[2010/07/20 09:37:05.521259, 5]
libsmb/ntlmssp.c:1197(ntlmssp_client_challenge)
challenge is:
[2010/07/20 09:37:05.521270, 5] ../lib/util/util.c:278(_dump_data)
[0000] A3 7C 51 9D 27 CF 26 FA .|Q.'.&.
[2010/07/20 09:37:05.521349, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug)
&authenticate: struct AUTHENTICATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmAuthenticate (3)
LmChallengeResponseLen : 0x0018 (24)
LmChallengeResponseMaxLen: 0x0018 (24)
LmChallengeResponse : *
LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24)
v1: struct LM_RESPONSE
Response :
52ef40e69996a2ef00000000000000000000000000000000
NtChallengeResponseLen : 0x0018 (24)
NtChallengeResponseMaxLen: 0x0018 (24)
NtChallengeResponse : *
NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case
24)
v1: struct NTLM_RESPONSE
Response :
dccf3343610fc15a038074885a333ab7ce0d8aef7cd17728
DomainNameLen : 0x0000 (0)
DomainNameMaxLen : 0x0000 (0)
DomainName : *
DomainName : ''
UserNameLen : 0x001a (26)
UserNameMaxLen : 0x001a (26)
UserName : *
UserName : 'Administrator'
WorkstationLen : 0x0012 (18)
WorkstationMaxLen : 0x0012 (18)
Workstation : *
Workstation : 'SAMBA-DEV'
EncryptedRandomSessionKeyLen: 0x0010 (16)
EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
EncryptedRandomSessionKey: *
EncryptedRandomSessionKey: DATA_BLOB length=16
[2010/07/20 09:37:05.521558, 10] ../lib/util/util.c:278(_dump_data)
[0000] 08 5C F1 71 2B 7B 55 BF E7 25 D6 0D F6 E7 E1 31 .\.q+{U.
.%.....1
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
[2010/07/20 09:37:05.521750, 3]
libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
NTLMSSP Sign/Seal - Initialising with flags:
[2010/07/20 09:37:05.521763, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2010/07/20 09:37:05.521921, 10]
libsmb/smb_signing.c:209(smb_signing_sign_pdu)
smb_signing_sign_pdu: sent SMB signature of
[2010/07/20 09:37:05.521935, 10] ../lib/util/util.c:278(_dump_data)
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
[2010/07/20 09:37:05.521956, 6] libsmb/clientgen.c:323(write_socket)
write_socket(7,270)
[2010/07/20 09:37:05.521978, 6] libsmb/clientgen.c:326(write_socket)
write_socket(7,270) wrote 270
[2010/07/20 09:37:05.558662, 10]
lib/util_sock.c:726(read_smb_length_return_keepalive)
got smb length of 35
[2010/07/20 09:37:05.558704, 5] lib/util.c:617(show_msg)
[2010/07/20 09:37:05.558715, 5] lib/util.c:620(show_msg)
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=16481
smb_uid=2051
smb_mid=3
smt_wct=0
smb_bcc=0
[2010/07/20 09:37:05.558782, 5] lib/util.c:617(show_msg)
[2010/07/20 09:37:05.558791, 5] lib/util.c:620(show_msg)
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51205
smb_tid=0
smb_pid=16481
smb_uid=2051
smb_mid=3
smt_wct=0
smb_bcc=0
[2010/07/20 09:37:05.559036, 3] libsmb/cliconnect.c:1249(cli_session_setup)
SPNEGO login failed: Logon failure
[2010/07/20 09:37:05.559098, 1]
libsmb/cliconnect.c:2307(cli_full_connection)
failed session setup with NT_STATUS_LOGON_FAILURE
[2010/07/20 09:37:05.559256, 1] libnet/libnet_join.c:1978(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : NULL
dns_domain_name : NULL
forest_name : NULL
dn : NULL
domain_sid : NULL
domain_sid : (NULL SID)
modified_config : 0x00 (0)
error_string : 'failed to lookup DC info for
domain 'DOMAIN.COM' over rpc: Logon failure'
domain_is_ad : 0x00 (0)
result : WERR_LOGON_FAILURE
Failed to join domain: failed to lookup DC info for domain 'DOMAIN.COM' over
rpc: Logon failure
On 19 July 2010 09:42, Marcis Lielturks <marcis.lielturks at gmail.com> wrote:
> Hi!
>
> Here's comparison of "net ads join" output, between my first build of samba
> 3.5.4 that gave "pkcs 11 error" and second build, that is failing with "rpc:
> Logon failure". Can anyone comment on differences. I'm starting to think,
> that the "diff -u" output say's that 2nd build is failing sooner than the
> first build did. As you can see there's a lot of missing lines with "sasl",
> "ldap" and "krb5".
>
> MMM
>
>
> On 07/16/10 04:34 PM, Gaiseric Vandal wrote:
>
>> Which version of Samba? I had more trouble with Samba 3.5.x. And I have
>> never managed to get Samba to compile with sun cc. I figured Samba was
>> written with gcc in mind.
>>
>>
>> The "failed to lookup DC info for domain 'mydomain.COM' over rpc: Logon
>> failure' " message is interesting - not sure if you are getting login
>> errors before lookup errors. Is you samba server configure to use your AD
>> server as the DNS server? What version of windows is the AD server? What
>> domain/foreset mode is your AD server in?
>>
>> In the "windows" world clients can locate the the login server via
>> specific resource records in DNS. I don't know if Samba does this do or is
>> still relying on netbios. I had one AD domain that was in
>> NT4-compatibility mode and one AD domain that was in Windows 2003 native
>> mode. Changing the client DNS settings on the samba machine seemed to
>> help with locating the "2003 native" mode. DC.
>>
>>
>>
>> On 07/16/2010 05:29 AM, Marcis Lielturks wrote:
>>
>>> Hi!
>>>
>>> First of all, thanks for replies to all ;)!
>>>
>>> Using GCC was a fail for me - too much errors and 2 additional things
>>> must be compiled (tdb & talloc) . I only managed to compile using Sun's cc
>>> and gmake and will stick to them. I'm a bit further now. Now I don't get
>>> PKCS 11 erros, when trying to do "net ads join". I recompiled openldap with
>>> slapd (but with null backend) and "-lpkcs11" in LDFLAGS (I think this is
>>> what helped). However now I'm getting following when doing "net ads join"
>>>
>>> [2010/07/16 12:16:54, 3] param/loadparm.c:9158(lp_load_ex)
>>> lp_load_ex: refreshing parameters
>>> [2010/07/16 12:16:54, 3] param/loadparm.c:4929(init_globals)
>>> Initialising global parameters
>>> [2010/07/16 12:16:54, 2] param/loadparm.c:4785(max_open_files)
>>> rlimit_max: rlimit_max (256) below minimum Windows limit (16384)
>>> [2010/07/16 12:16:54.047848, 3] ../lib/util/params.c:550(pm_process)
>>> params.c:pm_process() - Processing configuration file
>>> "/opt/samba/lib/smb.conf"
>>> [2010/07/16 12:16:54.047875, 3] param/loadparm.c:7842(do_section)
>>> Processing section "[global]"
>>> [2010/07/16 12:16:54.048365, 2] lib/interface.c:338(add_interface)
>>> added interface e1000g0:3 ip=192.168.0.84 bcast=192.168.0.255
>>> netmask=255.255.255.0
>>> [2010/07/16 12:16:54.048517, 1] libnet/libnet_join.c:1947(libnet_Join)
>>> libnet_Join:
>>> libnet_JoinCtx: struct libnet_JoinCtx
>>> in: struct libnet_JoinCtx
>>> dc_name : NULL
>>> machine_name : 'SAMBA-DEV'
>>> domain_name : *
>>> domain_name : 'mydomain.COM'
>>> account_ou : NULL
>>> admin_account : 'Administrator'
>>> admin_password : *
>>> machine_password : NULL
>>> join_flags : 0x00000023 (35)
>>> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
>>> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
>>> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
>>> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
>>> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
>>> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
>>> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
>>> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
>>> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
>>> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
>>> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
>>> os_version : NULL
>>> os_name : NULL
>>> create_upn : 0x00 (0)
>>> upn : NULL
>>> modify_config : 0x00 (0)
>>> ads : NULL
>>> debug : 0x01 (1)
>>> use_kerberos : 0x00 (0)
>>> secure_channel_type : SEC_CHAN_WKSTA (2)
>>> [2010/07/16 12:17:00.052208, 2] libads/cldap.c:97(ads_cldap_netlogon)
>>> cldap_netlogon() failed: NT_STATUS_IO_TIMEOUT
>>> [2010/07/16 12:17:00.141661, 3]
>>> libsmb/cliconnect.c:2201(cli_start_connection)
>>> Connecting to host=BORED.mydomain.com
>>> [2010/07/16 12:17:00.141828, 3]
>>> lib/util_sock.c:974(open_socket_out_send)
>>> Connecting to 192.168.0.94 at port 445
>>> [2010/07/16 12:17:00.143207, 3]
>>> libsmb/cliconnect.c:991(cli_session_setup_spnego)
>>> Doing spnego session setup (blob length=107)
>>> [2010/07/16 12:17:00.143274, 3]
>>> libsmb/cliconnect.c:1019(cli_session_setup_spnego)
>>> got OID=1.2.840.48018.1.2.2
>>> got OID=1.2.840.113554.1.2.2
>>> got OID=1.2.840.113554.1.2.2.3
>>> got OID=1.3.6.1.4.1.311.2.2.10
>>> [2010/07/16 12:17:00.143302, 3]
>>> libsmb/cliconnect.c:1029(cli_session_setup_spnego)
>>> got principal=bored$@mydomain.COM
>>> [2010/07/16 12:17:00.143856, 3]
>>> libsmb/ntlmssp.c:1101(ntlmssp_client_challenge)
>>> Got challenge flags:
>>> [2010/07/16 12:17:00.143870, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>>> Got NTLMSSP neg_flags=0x62898215
>>> [2010/07/16 12:17:00.143883, 3]
>>> libsmb/ntlmssp.c:1123(ntlmssp_client_challenge)
>>> NTLMSSP: Set final flags:
>>> [2010/07/16 12:17:00.143894, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>>> Got NTLMSSP neg_flags=0x60088215
>>> [2010/07/16 12:17:00.143984, 3]
>>> libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
>>> NTLMSSP Sign/Seal - Initialising with flags:
>>> [2010/07/16 12:17:00.143997, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>>> Got NTLMSSP neg_flags=0x60088215
>>> [2010/07/16 12:17:00.177128, 3]
>>> libsmb/cliconnect.c:1249(cli_session_setup)
>>> SPNEGO login failed: Logon failure
>>> [2010/07/16 12:17:00.177159, 1]
>>> libsmb/cliconnect.c:2307(cli_full_connection)
>>> failed session setup with NT_STATUS_LOGON_FAILURE
>>> [2010/07/16 12:17:00.177271, 1] libnet/libnet_join.c:1978(libnet_Join)
>>> libnet_Join:
>>> libnet_JoinCtx: struct libnet_JoinCtx
>>> out: struct libnet_JoinCtx
>>> account_name : NULL
>>> netbios_domain_name : NULL
>>> dns_domain_name : NULL
>>> forest_name : NULL
>>> dn : NULL
>>> domain_sid : NULL
>>> domain_sid : (NULL SID)
>>> modified_config : 0x00 (0)
>>> error_string : 'failed to lookup DC info for
>>> domain 'mydomain.COM' over rpc: Logon failure'
>>> domain_is_ad : 0x00 (0)
>>> result : WERR_LOGON_FAILURE
>>> [2010/07/16 12:17:00.177442, 2] utils/net.c:916(main)
>>>
>>>
>>> Intersting is that if I supply wrong username output doesn't differ much.
>>> Below you can see differences (I stripped time to be able to use diff).
>>>
>>> --- pass_ok_stripped.txt 2010-07-16 12:19:11.869234402 +0300
>>> +++ pass_wrong_stripped.txt 2010-07-16 12:19:22.318101275 +0300
>>> @@ -19,7 +19,7 @@
>>> domain_name : *
>>> domain_name : 'mydomain.COM'
>>> account_ou : NULL
>>> - admin_account : 'Administrator'
>>> + admin_account : 'Adminisdgasgasdtor'
>>> admin_password : *
>>> machine_password : NULL
>>> join_flags : 0x00000023 (35)
>>> @@ -43,8 +43,6 @@
>>> debug : 0x01 (1)
>>> use_kerberos : 0x00 (0)
>>> secure_channel_type : SEC_CHAN_WKSTA (2)
>>> - libads/cldap.c:97(ads_cldap_netlogon)
>>> - cldap_netlogon() failed: NT_STATUS_IO_TIMEOUT
>>> libsmb/cliconnect.c:2201(cli_start_connection)
>>> Connecting to host=BORED.ProServe.com
>>> lib/util_sock.c:974(open_socket_out_send)
>>>
>>>
>>> Maybe I'm missing some rpc things? "smbd -b | tail -2" says:
>>>
>>> Builtin modules:
>>> pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_wbc_sam rpc_lsarpc rpc_winreg
>>> rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl rpc_ntsvcs rpc_netlogon
>>> rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog rpc_samr idmap_ldap idmap_tdb
>>> idmap_passdb idmap_nss idmap_rid idmap_hash nss_info_template auth_sam
>>> auth_unix auth_winbind auth_wbc auth_server auth_domain auth_builtin
>>> auth_netlogond vfs_default vfs_solarisacl vfs_zfsacl
>>>
>>>
>>> MMM
>>>
>>> On 07/15/10 04:32 PM, Gaiseric Vandal wrote:
>>>
>>>> I compiled Samba 3.4.x on Solaris 10. (I have a Samba 3.4.x pdc with
>>>> two Samba 3.0.x BDC's.) Samba 3.0.x DC"s will not support Windows 7 clients
>>>> (don't have any yet but it is probably inevitable) and doesn't seem to
>>>> support trusts with Windows 2003 Native domains (at least it didn't for me.)
>>>>
>>>>
>>>> If you following the opensolaris forums it seems unlikely that there
>>>> will be compiled build of 3.4.x or 3.5.x of samba in Solaris 10 or
>>>> OpenSolaris in the near future. I don't think it really is a licensing or
>>>> even major technical issue. There is seems to more interest in CIFS
>>>> project as an alternative to Samba. Oracle/Sun sells a NAS server that
>>>> runs on opensolaris and users CIFS so I don't think they have much interest
>>>> in Samba. I don't see Oracle/Sun paying any one work on Samba 3.4.x or
>>>> 3.5.x integration when they have "better" solutions and more important
>>>> priorities.
>>>>
>>>> To be specific, Samba doesn't require OpenLDAP but it does require LDAP
>>>> with certain functionality. The Solaris-bundled Samba does use OpenLDAP.
>>>> But if you are compiling it yourself OpenLDAP is the way to do it.
>>>> Easiest to just get the openldap precompiled from blastwave or
>>>> sunfreeware.com. And there is precompiled Samba available from
>>>> Sunfreeware and Blastwave but it may lack the features you need, so you
>>>> probably need to compile anyway.
>>>>
>>>> If you don't need AD support, then then the Sun ldap client
>>>> functionality should be sufficient.
>>>>
>>>>
>>>> I didn't know about the NGROUPS_MAX option. I would have disabled it if
>>>> I had known, since I am subject to the 16 group NFS v3 limit. (What I
>>>> really need to do is switch to NFS v4 and use kerberos authentication for
>>>> NFS clients.)
>>>>
>>>> The OpenSolaris developer build (from earlier this year- not the
>>>> official release from last year- has updated GCC and other tools that may
>>>> make compiling easier. Gcc from Sun (and even Sunfreeware) use
>>>> "/usr/ccs/bin/ld" as the linker. You may need to renamed the file and
>>>> symlink it to gld (gnu linker.) Samba compiling also requires that you
>>>> get set the CPPFLAGS and LDFLAGS as well.
>>>>
>>>> e.g.
>>>>
>>>>
>>>> PATH=/usr/swf/bin:/usr/ccs/bin:$PATH
>>>> PATH=/usr/local/samba-3.4.5/bin:/usr/local/samba-3.4.5/sbin:$PATH
>>>> LD_LIBRARY_PATH=/usr/sfw/lib:/usr/ccs/lib:$LD_LIBRARY PATH
>>>> LD_LIBRARY_PATH=/usr/local/samba- 3.4.5:$LD_LIBRARY_PATH
>>>>
>>>> export LD_LIBRARY_PATH
>>>> export CPPFLAGS="-I/usr/local/include -I/usr/local/ssl/include
>>>> -I/usr/include"
>>>> export LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib
>>>> -L/usr/local/lib -R/usr/local/lib -L/usr/lib -R/usr/lib"
>>>>
>>>>
>>>>
>>>>
>>>> I posted questions/results to the list earlier this year about my
>>>> experiences.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 07/14/2010 05:38 PM, Mārcis Lielturks wrote:
>>>>
>>>>>
>>>>>
>>>>> On 15 July 2010 00:28, Jeremy Allison <jra at samba.org <mailto:
>>>>> jra at samba.org>> wrote:
>>>>>
>>>>> On Thu, Jul 15, 2010 at 12:26:05AM +0300, Mārcis Lielturks wrote:
>>>>> > Thanks, machine wont provide NFS or ssh login services, so
>>>>> fiddling with max
>>>>> > groups should do no harm!
>>>>> >
>>>>> > I googled a bit at found that samba should be recompiled to take
>>>>> advantage
>>>>> > of new NGROUPS_MAX. "./configure" logs also suggested that
>>>>> NGROUPS_MAX is
>>>>> > evaluated only at compile time.
>>>>>
>>>>> Yep. Recompilation should do the trick once the kernel understands
>>>>> large numbers of groups.
>>>>>
>>>>> > Can anybody share experience on compiling samba on OpenSolaris?
>>>>> What's the
>>>>> > most painless way? I'm considering to use latest 3.5.5 but maybe
>>>>> I should
>>>>> > use same version Sun (Oracle) is using - 3.0.37? I have to set
>>>>> up Samba on 2
>>>>> > servers, which already replicate storage, so ID mapping must be
>>>>> consistent
>>>>> > between both Samba servers. Servers have to provide shares also
>>>>> to trusted
>>>>> > domains, but 3.0.37 doesn't have idmap_hash and seems that
>>>>> idmap_rid is not
>>>>> > supported to provide mappings for more than one domain, so
>>>>> anything newer
>>>>> > than 3.0.37 sounds like the right choice.
>>>>>
>>>>> The only reason they use 3.0.x is they're still unable to cope
>>>>> with the GPLv3 in (Open?)Solaris. Which is ironic as Oracle
>>>>> Linux has been shipping GPLv3 Samba for a while. But it's a big
>>>>> company, you can't expect one part to know what another part is
>>>>> up to :-).
>>>>>
>>>>> Yeah, I read about that, but still, I was thinking that as they ship
>>>>> 3.0.37, it should also be easier to compile because OS has all that's
>>>>> necessary for 3.0.37. Newer Samba versions may have some dependencies (new
>>>>> libs or newer version of libs), that might be harder to satisfy. I have
>>>>> never compiled samba so far and all I know at the moment (from
>>>>> documentation) is that AD support requires krb5 and openldap development
>>>>> libraries and files.
>>>>>
>>>>>
>>>>> Jeremy.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> ML
>>>>>
>>>>
>>>>
>>
--
ML
More information about the samba
mailing list