[Samba] Can't configure Samba with Kerberos support
Daniel Ramaley
daniel.ramaley at DRAKE.EDU
Fri Jul 2 13:35:17 GMT 2004
I'm trying to compile Samba 3.0.4 with Active Directory support on
OpenBSD 3.5, using the native Kerberos libraries (which happens to be
Heimdal 0.6). Unfortunately, ./configure isn't working right. I think
i'm missing a switch or something. If anyone can help me figure out
what the problem is, i would really appreciate it.
First a bit of info on OpenBSD's Kerberos path layout:
/usr/libexec - daemons such as: kadmind, kdc, kpasswdd
/usr/sbin - admin programs such as: kadmin, kstash, ktutil
/usr/bin - user programs such as: kauth, kinit, krb5-config,
kdestroy, klist
/usr/lib - libraries
/etc/kerberosV - configuration file: krb5.conf
/usr/include/kerberosV - include files
Below is the configure command i'm using:
# ./configure --prefix=/usr/local/samba \
--localstatedir="/var" \
--with-configdir="/etc/samba" \
--with-lockdir="/var/spool/samba" \
--with-piddir="/var/run" \
--with-logfilebase="/var/log" \
--with-privatedir="/etc/samba" \
--with-ads \
--with-winbind \
--with-krb5 \
--with-ssl \
--with-sslinc="/usr/include/ssl" \
--with-ssllib="/usr/lib" \
> configure.out 2> configure.err
I've tried several variants on the --with-krb5 line. These have all been
tried, none of them work:
attempt 1: --with-krb5
attempt 2: --with-krb5=/usr
attempt 3: --with-krb5 --with-krb5inc=/usr/include/kerberosV
--with-krb5lib=/usr/lib
attempt 4: --with-krb5=/usr/lib ## NO
attempt 5: First i symlinked the Kerberos header files to /usr/include:
# ln -s /usr/include/kerberosV/* /usr/include
Then i tried "--with-krb5=/usr" again. As usual, it failed.
Between attempts, to make sure i have a clean Samba source tree, i've
been deleting the source tree and untarring it again.
After it fails, configure.err ends with this this error:
configure: error: libkrb5 is needed for Active Directory support
I don't understand why libkrb5 isn't found. As i stated previously,
Kerberos libraries are stored in /usr/lib:
$ ls -l /usr/lib/libkrb5.*
-r--r--r-- 5 root bin 648812 Mar 29 13:51 /usr/lib/libkrb5.a
-r--r--r-- 4 root bin 457791 Mar 29 13:51 /usr/lib/libkrb5.so.13.0
ldconfig even knows about libkrb5:
$ ldconfig -r | grep krb5
12:-lkrb5.13.0 => /usr/lib/libkrb5.so.13.0
I won't bog the list down with the entirety of configure.out (unless it
would help), but here are the last few lines of the file, that deal
with Kerberos:
checking for Active Directory and krb5 support... yes
checking for krb5-config... /usr/bin/krb5-config
checking for working krb5-config... yes
checking krb5.h usability... yes
checking krb5.h presence... yes
checking for krb5.h... yes
checking gssapi.h usability... yes
checking gssapi.h presence... yes
checking for gssapi.h... yes
checking gssapi/gssapi_generic.h usability... no
checking gssapi/gssapi_generic.h presence... no
checking for gssapi/gssapi_generic.h... no
checking gssapi/gssapi.h usability... no
checking gssapi/gssapi.h presence... no
checking for gssapi/gssapi.h... no
checking com_err.h usability... yes
checking com_err.h presence... yes
checking for com_err.h... yes
checking for _et_list in -lcom_err... no
checking for krb5_encrypt_data in -lk5crypto... no
checking for des_set_key in -lcrypto... no
checking for copy_Authenticator in -lasn1... no
checking for roken_getaddrinfo_hostspec in -lroken... no
checking for gss_display_status in -lgssapi... no
checking for krb5_mk_req_extended in -lkrb5... no
checking for gss_display_status in -lgssapi_krb5... no
checking for krb5_set_real_time... no
checking for krb5_set_default_in_tkt_etypes... no
checking for krb5_set_default_tgs_ktypes... no
checking for krb5_principal2salt... no
checking for krb5_use_enctype... no
checking for krb5_string_to_key... no
checking for krb5_get_pw_salt... no
checking for krb5_string_to_key_salt... no
checking for krb5_auth_con_setkey... no
checking for krb5_auth_con_setuseruserkey... no
checking for krb5_locate_kdc... no
checking for krb5_get_permitted_enctypes... no
checking for krb5_get_default_in_tkt_etypes... no
checking for krb5_free_ktypes... no
checking for krb5_free_data_contents... no
checking for krb5_principal_get_comp_string... no
checking for addrtype in krb5_address... no
checking for addr_type in krb5_address... yes
checking for enc_part2 in krb5_ticket... no
checking for keyvalue in krb5_keyblock... yes
checking for ENCTYPE_ARCFOUR_HMAC_MD5... yes
checking for KEYTYPE_ARCFOUR_56... no
checking for AP_OPTS_USE_SUBKEY... yes
checking for the krb5_princ_component macro... no
checking for key in krb5_keytab_entry... no
checking for keyblock in krb5_keytab_entry... yes
--
------------------------------------------------------------------------
Dan Ramaley
Digital Media Library Specialist
(515) 271-1934
Cowles Library 140, Drake University
More information about the samba
mailing list