[WHATSNEW] Samba AD with MIT Kerberos + Version change

Fri May 5 10:27:07 UTC 2017



On ven, 2017-05-05 at 11:15 +0100, Rowland Penny via samba-technical
wrote:
> On Fri, 05 May 2017 11:11:44 +0200
> Daniele Dario <d.dario76 at gmail.com> wrote:
> 
> > 
> > 
> > 
> > On gio, 2017-05-04 at 17:11 +0100, Rowland Penny via samba-technical
> > wrote:
> > > On Thu, 4 May 2017 17:49:14 +0200
> > > "L.P.H. van Belle via samba-technical"
> > > <samba-technical at lists.samba.org> wrote:
> > > 
> > > > Hai,
> > > > 
> > > > Now, prepair yourself im no coder.. but.. looks to me it imports
> > > > only a directory Or sets it back to None. Im trying to read and
> > > > follow the variables in the code. 
> > > > 
> > > > If i grep through the source and look for :
> > > > samba.provision.kerberos
> > > > 
> > > 
> > > I think the problem is here in
> > > samba-master/python/samba/provision/kerberos.py:
> > > 
> > > def make_kdcconf(realm, domain, kdcconfdir, logdir):
> > > 
> > >     if _glue.is_heimdal_built:
> > >         return
> > > 
> > > Which I changed to:
> > > 
> > >     if is_heimdal_built:
> > >         return
> > > 
> > > The problem seems to be that 'is_heimdal_built' should be 'False'
> > > and so shouldn't return, but it isn't, so it does return and
> > > 'kdc.conf' doesn't get created. I commented the 'if' out and did
> > > get 'kdc.conf' created, not that it helped, I still didn't get
> > > anything listening on port 88.
> > > 
> > > I think the problem has something to do with whatever is setting
> > > 'is_heimdal_built' to 'True', but I do not know what this is, or
> > > indeed if it is the problem.
> > > 
> > > Rowland
> > > 
> > 
> > Just curious but searching for "is_heimdal_built" in latest git tree I
> > see:
> > 
> > find . -type f -print -follow | xargs grep -H -n -e 'is_heimdal_built'
> > ./python/pyglue.c:155:static PyObject *py_is_heimdal_built(PyObject
> > *self)
> > ./python/pyglue.c:319:	{ "is_heimdal_built",
> > (PyCFunction)py_is_heimdal_built, METH_NOARGS,
> > ./python/samba/provision/kerberos.py:29:    if _glue.is_heimdal_built:
> > ./python/samba/__init__.py:394:is_heimdal_built =
> > _glue.is_heimdal_built ./python/samba/netcmd/domain.py:280:    if not
> > samba.is_heimdal_built():
> > 
> > I'm not familiar with python so maybe this is not a problem but it
> > looks like in kerberos.py and in __init__.py code checks for a pure
> > variable and in domain.py checks the return value of a method.
> > 
> > As far as I understand, pyglue expose some methods and
> > is_heimdal_built is a method that don't take arguments. Is it
> > possible to refer to it as if it was a pure variable?
> > 
> > From a C perspective, I'd expect samba.is_heimdal_built to be the
> > address of the method _glue.is_heimdal_built so it will have a value
> > other than 0 and in an "if" statement I always expect to see it TRUE.
> > 
> > Instead, if I check _glue.is_heimdal_built() or
> > samba.is_heimdal_built() I call the method exposed by pyglue/samba
> > and check it's return value.
> > 
> > Just trying to learn something.
> > 
> > Daniele.
> > 
> 
> Not sure, all I can say is that as written:
> 
> if _glue.is_heimdal_built:
> 
> Python didn't like it and threw an error ;-)

What happens if you change
  if _glue.is_heimdal_built:
to
  if _glue.is_heimdal_built():

If is_heimdal_built is a method and not a variable this makes a lot of
difference.
> 
> But when changed to:
> 
> if is_heimdal_built:
> 
> It worked, but because 'Heimdal' isn't built, 'is_heimdal_built' should
> be False and the 'if' statement should be ignored, but it isn't being
> ignored, so I suppose that 'is_heimdal_built' must be True.
> 
> I have moved on a bit, I have extracted kdc.conf from the python code
> and created it manually, it now tries to start the kdc but fails with:
> 
>  krb5kdc: Unable to load requested database module 'samba': plugin
>  symbol 'kdb_function_table' not found - while initializing database
>  for realm TESTING.TLD
> 
> If I check samba.so for strings, 'kdb_function_table' is there.
> 
> Rowland
> 
>