[Samba] Can't configure Samba with Kerberos support

Daniel Ramaley daniel.ramaley at DRAKE.EDU
Fri Jul 2 13:35:17 GMT 2004 

I'm trying to compile Samba 3.0.4 with Active Directory support on 
OpenBSD 3.5, using the native Kerberos libraries (which happens to be 
Heimdal 0.6). Unfortunately, ./configure isn't working right. I think 
i'm missing a switch or something. If anyone can help me figure out 
what the problem is, i would really appreciate it.

First a bit of info on OpenBSD's Kerberos path layout:
    /usr/libexec   - daemons such as: kadmind, kdc, kpasswdd
    /usr/sbin      - admin programs such as: kadmin, kstash, ktutil
    /usr/bin       - user programs such as: kauth, kinit, krb5-config,
                                            kdestroy, klist
    /usr/lib       - libraries
    /etc/kerberosV - configuration file: krb5.conf
    /usr/include/kerberosV - include files

Below is the configure command i'm using:

# ./configure --prefix=/usr/local/samba \
              --localstatedir="/var" \
              --with-configdir="/etc/samba" \
              --with-lockdir="/var/spool/samba" \
              --with-piddir="/var/run" \
              --with-logfilebase="/var/log" \
              --with-privatedir="/etc/samba" \
              --with-ads \
              --with-winbind \
              --with-krb5 \
              --with-ssl \
              --with-sslinc="/usr/include/ssl" \
              --with-ssllib="/usr/lib" \
              > configure.out 2> configure.err

I've tried several variants on the --with-krb5 line. These have all been 
tried, none of them work:
attempt 1:    --with-krb5
attempt 2:    --with-krb5=/usr
attempt 3:    --with-krb5 --with-krb5inc=/usr/include/kerberosV
              --with-krb5lib=/usr/lib
attempt 4:    --with-krb5=/usr/lib ## NO
attempt 5: First i symlinked the Kerberos header files to /usr/include:
           # ln -s /usr/include/kerberosV/* /usr/include
           Then i tried "--with-krb5=/usr" again. As usual, it failed.
Between attempts, to make sure i have a clean Samba source tree, i've 
been deleting the source tree and untarring it again.

After it fails, configure.err ends with this this error:

    configure: error: libkrb5 is needed for Active Directory support

I don't understand why libkrb5 isn't found. As i stated previously, 
Kerberos libraries are stored in /usr/lib:
  $ ls -l /usr/lib/libkrb5.*
  -r--r--r--  5 root  bin  648812 Mar 29 13:51 /usr/lib/libkrb5.a
  -r--r--r--  4 root  bin  457791 Mar 29 13:51 /usr/lib/libkrb5.so.13.0
ldconfig even knows about libkrb5:
  $ ldconfig -r | grep krb5
          12:-lkrb5.13.0 => /usr/lib/libkrb5.so.13.0

I won't bog the list down with the entirety of configure.out (unless it 
would help), but here are the last few lines of the file, that deal 
with Kerberos:

checking for Active Directory and krb5 support... yes
checking for krb5-config... /usr/bin/krb5-config
checking for working krb5-config... yes
checking krb5.h usability... yes
checking krb5.h presence... yes
checking for krb5.h... yes
checking gssapi.h usability... yes
checking gssapi.h presence... yes
checking for gssapi.h... yes
checking gssapi/gssapi_generic.h usability... no
checking gssapi/gssapi_generic.h presence... no
checking for gssapi/gssapi_generic.h... no
checking gssapi/gssapi.h usability... no
checking gssapi/gssapi.h presence... no
checking for gssapi/gssapi.h... no
checking com_err.h usability... yes
checking com_err.h presence... yes
checking for com_err.h... yes
checking for _et_list in -lcom_err... no
checking for krb5_encrypt_data in -lk5crypto... no
checking for des_set_key in -lcrypto... no
checking for copy_Authenticator in -lasn1... no
checking for roken_getaddrinfo_hostspec in -lroken... no
checking for gss_display_status in -lgssapi... no
checking for krb5_mk_req_extended in -lkrb5... no
checking for gss_display_status in -lgssapi_krb5... no
checking for krb5_set_real_time... no
checking for krb5_set_default_in_tkt_etypes... no
checking for krb5_set_default_tgs_ktypes... no
checking for krb5_principal2salt... no
checking for krb5_use_enctype... no
checking for krb5_string_to_key... no
checking for krb5_get_pw_salt... no
checking for krb5_string_to_key_salt... no
checking for krb5_auth_con_setkey... no
checking for krb5_auth_con_setuseruserkey... no
checking for krb5_locate_kdc... no
checking for krb5_get_permitted_enctypes... no
checking for krb5_get_default_in_tkt_etypes... no
checking for krb5_free_ktypes... no
checking for krb5_free_data_contents... no
checking for krb5_principal_get_comp_string... no
checking for addrtype in krb5_address... no
checking for addr_type in krb5_address... yes
checking for enc_part2 in krb5_ticket... no
checking for keyvalue in krb5_keyblock... yes
checking for ENCTYPE_ARCFOUR_HMAC_MD5... yes
checking for KEYTYPE_ARCFOUR_56... no
checking for AP_OPTS_USE_SUBKEY... yes
checking for the krb5_princ_component macro... no
checking for key in krb5_keytab_entry... no
checking for keyblock in krb5_keytab_entry... yes

-- 
------------------------------------------------------------------------
Dan Ramaley
Digital Media Library Specialist
(515) 271-1934
Cowles Library 140, Drake University

More information about the samba mailing list