[Samba] Still having touble with Redhat 7.1 and windows 2003 DC authentication.

Gavin Davenport gavdav at gavdav.demon.co.uk
Wed Oct 8 20:54:06 GMT 2003

Hi there.

I've been trying to coax a redhat 7.1 and 8.0 system to accept new krb RPMs
without resorting to --nodeps. Unsuccessfully.

There seems to have been a major change between a krb5-libs-1.2.4x RPM and a
krb5-libs-1.3.1x RPM - including that a 1.3 RPM does NOT provide a
Lots of things seem to depend on this krb5 .so being present (including
openssh, cyrus-sasl, nss-ldap).

I stripped back what I could, but when the next things to be uninstalled to
break the dependency chain were packagess like 'passwd' - I stopped.

I managed to find this from rpmfind:
* Wed Jun 18 2003 Nalin Dahyabhai <nalin at redhat.com> 1.3-0.beta.4
  - test update to 1.3 beta 4
  - ditch statglue build option
  - krb5-devel requires e2fsprogs-devel, which now provides libss and

I have had to upgrade my e2fsprogs(&devel) to suit this.

I finally chose to resort to a --nodeps upgrade of the krb5 and cyrus-sasl
packages on the redhat 8.0 machine

I also symlinked the libcome_err.so so it can be found in the libpath:
-rwxr-xr-x    1 root     root         9699 Oct  8 15:03
lrwxrwxrwx    1 root     root           17 Oct  8 15:10
/lib/libcom_err.so.2 -> libcom_err.so.2.1
lrwxrwxrwx    1 root     root           17 Oct  8 21:03
/lib/libcom_err.so.3 -> libcom_err.so.2.1
so sshd starts without complaint.

As this .so used to be provided by krb-libs-1.2.x, can anyone shed any light
on why this is now offered by e2fsprogs ?

It seems krb5-devel-1.3.1 contains a subset of whats in krb5-devel-1.2.4-11,
and files are delivered into different places, e.g. :
1.2.4x - /usr/kerberos/include/krb5.h
1.3.1x = /usr/include/krb5.h.

There are a number of other files in krb5-1.2.4 that are now not in
krb5-1.3.1 and dispersed across other (rawhide) RPMs, meaning the SRPM build
doesn't find the krb5.h and fails.

I don't know if any other redhat users have succeeded in getting samba 3.0.0
talking to a 2003 ADS server - I think this is really unpleasant.

BTW - when I installed MIT krb5 from
I specified it in the samba3.spec file delivered by the src rpm.
(using         --with-krb5=/usr/local/kerberos \) (where I installed it)

I don't know whether the rpmbuild process prefers to use the system resident
krb5 stuff
(at /usr/kerberos)
but it ignored the krb installation I specified. Is that a (build) bug or
did I do it wrong ??

Gavin Davenport

More information about the samba mailing list