[WHATSNEW] Samba AD with MIT Kerberos + Version change

Fri May 5 10:15:18 UTC 2017

On Fri, 05 May 2017 11:11:44 +0200
Daniele Dario <d.dario76 at gmail.com> wrote:

> 
> 
> 
> On gio, 2017-05-04 at 17:11 +0100, Rowland Penny via samba-technical
> wrote:
> > On Thu, 4 May 2017 17:49:14 +0200
> > "L.P.H. van Belle via samba-technical"
> > <samba-technical at lists.samba.org> wrote:
> > 
> > > Hai,
> > > 
> > > Now, prepair yourself im no coder.. but.. looks to me it imports
> > > only a directory Or sets it back to None. Im trying to read and
> > > follow the variables in the code. 
> > > 
> > > If i grep through the source and look for :
> > > samba.provision.kerberos
> > > 
> > 
> > I think the problem is here in
> > samba-master/python/samba/provision/kerberos.py:
> > 
> > def make_kdcconf(realm, domain, kdcconfdir, logdir):
> > 
> >     if _glue.is_heimdal_built:
> >         return
> > 
> > Which I changed to:
> > 
> >     if is_heimdal_built:
> >         return
> > 
> > The problem seems to be that 'is_heimdal_built' should be 'False'
> > and so shouldn't return, but it isn't, so it does return and
> > 'kdc.conf' doesn't get created. I commented the 'if' out and did
> > get 'kdc.conf' created, not that it helped, I still didn't get
> > anything listening on port 88.
> > 
> > I think the problem has something to do with whatever is setting
> > 'is_heimdal_built' to 'True', but I do not know what this is, or
> > indeed if it is the problem.
> > 
> > Rowland
> > 
> 
> Just curious but searching for "is_heimdal_built" in latest git tree I
> see:
> 
> find . -type f -print -follow | xargs grep -H -n -e 'is_heimdal_built'
> ./python/pyglue.c:155:static PyObject *py_is_heimdal_built(PyObject
> *self)
> ./python/pyglue.c:319:	{ "is_heimdal_built",
> (PyCFunction)py_is_heimdal_built, METH_NOARGS,
> ./python/samba/provision/kerberos.py:29:    if _glue.is_heimdal_built:
> ./python/samba/__init__.py:394:is_heimdal_built =
> _glue.is_heimdal_built ./python/samba/netcmd/domain.py:280:    if not
> samba.is_heimdal_built():
> 
> I'm not familiar with python so maybe this is not a problem but it
> looks like in kerberos.py and in __init__.py code checks for a pure
> variable and in domain.py checks the return value of a method.
> 
> As far as I understand, pyglue expose some methods and
> is_heimdal_built is a method that don't take arguments. Is it
> possible to refer to it as if it was a pure variable?
> 
> From a C perspective, I'd expect samba.is_heimdal_built to be the
> address of the method _glue.is_heimdal_built so it will have a value
> other than 0 and in an "if" statement I always expect to see it TRUE.
> 
> Instead, if I check _glue.is_heimdal_built() or
> samba.is_heimdal_built() I call the method exposed by pyglue/samba
> and check it's return value.
> 
> Just trying to learn something.
> 
> Daniele.
> 

Not sure, all I can say is that as written:

if _glue.is_heimdal_built:

Python didn't like it and threw an error ;-)

But when changed to:

if is_heimdal_built:

It worked, but because 'Heimdal' isn't built, 'is_heimdal_built' should
be False and the 'if' statement should be ignored, but it isn't being
ignored, so I suppose that 'is_heimdal_built' must be True.

I have moved on a bit, I have extracted kdc.conf from the python code
and created it manually, it now tries to start the kdc but fails with:

 krb5kdc: Unable to load requested database module 'samba': plugin
 symbol 'kdb_function_table' not found - while initializing database
 for realm TESTING.TLD

If I check samba.so for strings, 'kdb_function_table' is there.

Rowland