[Samba] Solaris 9 --with-krb5 problems

Hai Wu hwu3 at wpo.it.luc.edu
Mon Mar 8 20:33:32 GMT 2004


Actually krb5.h is needed for Samba installation, but not avaiable in Solaris default Kerberos installation. Per Sun support, they don't want to provide that file. So I guess you have to use other options here.


>>> Diego Julian Remolina <dijuremo at math.gatech.edu> 03/05/04 14:50 PM >>>
Hi Andy,

> ## Ok as far as I'm aware the following is true, you must use MIT or Heimdal Kerberos with
> ## Solaris because Solaris Kerberos is not available with header files (Sun have no plans
> ## to include headers with their bundled distribution). Sun/MIT/Heimdal implementations of
> ## Kerberos are all gssapi compliant authentication mechanisms.

I think the above is not correct, as you can see from the following
commands; the header files for gssapi are part of the package SUNWhea:

oak:/etc/openldap/ldif # pkgchk -lp /usr/include/gssapi/gssapi.h
Pathname: /usr/include/gssapi/gssapi.h
Type: regular file
Expected mode: 0644
Expected owner: root
Expected group: bin
Expected file size (bytes): 22478
Expected sum(1) of contents: 31395
Expected last modification: Apr 06 14:12:32 2002
Referenced by the following packages:
Current status: installed

oak:/etc/openldap/ldif # pkginfo -l SUNWhea
      NAME:  SunOS Header Files
  CATEGORY:  system
      ARCH:  sparc
   VERSION:  11.9.0,REV=2002.
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  SunOS C/C++ header files for general development of software
    PSTAMP:  leo20030527173442
  INSTDATE:  Dec 30 2003 16:31
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:     1323 installed pathnames
                  32 shared pathnames
                  85 directories
               16086 blocks used (approx)

> ## You appear to have installed what looks like a second version of gssapi (I assume also Heimdal)
> ## which Samba make is not liking. I'm sorry I haven't tried installing Heimdal Kerberos myself,
> ## can you check whether it is possible to install/compile it without installing a duplicate
> ## implementation of gssapi? Or maybe someone else on the list can help?
> ## thanks Andy.

I am using heimdal because it is thread safe while mit kerberos is not.
This is very important for my openldap server.  Would you please check if
your system has the package SUNWhea installed? If it is then you should
have some header files like /usr/include/gssapi/gssapi.h

The conflicting header files are not part of any of Sun's kerberos
packages SUNWkrbr, SUNWkrbu or SUNWkrbux which I have installed since
those provide authentication.  I did not want to have to remove all the
Sun kerberos packages since I am using the pam_krb5.so from those packages
in my pam stack to authenticate users.  Even if I remove the kerberos
packages the header files will remain there so I do not think removing
those kerberos packages will help.

Have a good weekend,


> The problem is with the header files.  It tries to use the ones from
> Solaris 9 kerberos implementatoin which are located in /usr/include as
> opposed to the ones from heimdal in /opt/local/include).  This happens
> using both cc and gcc.
> configure works  fine but make fails.
> I also changed /var/ld/ld.config, but the problem is not the libraries, is
> the include files. This is what crle shows:
> oak:/tmp/samba-3.0.2a/source % crle
> Configuration file [3]: /var/ld/ld.config
>   Default Library Path (ELF):   /opt/local/lib:/usr/lib
>   Trusted Directories (ELF):    /usr/lib/secure  (system default)
> Command line:
>   crle -c /var/ld/ld.config -l /opt/local/lib:/usr/lib
> The last few lines of configure are:
> ----------------snip------------
> checking how to build vfs_cap... shared
> Using libraries:
>     LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl  -liconv
>     KRB5_LIBS = -lcom_err  -L/opt/local/encap/heimdal-0.6/lib -lgssapi
> -lkrb5 -lasn1 -L/opt/local/lib -lcrypto -lroken
>     LDAP_LIBS = -lldap -llber
>     AUTH_LIBS =
> checking configure summary... yes
> configure: creating ./config.status
> config.status: creating include/stamp-h
> config.status: creating Makefile
> config.status: creating script/findsmb
> config.status: creating smbadduser
> config.status: creating script/gen-8bit-gap.sh
> config.status: creating include/config.h
> Then when I type make:
> oak:/tmp/samba-3.0.2a/source % make
> Using FLAGS =  -O -I/opt/local/encap/heimdal-0.6/include
> -I/opt/local/include  -Iinclude -I/tmp/samba-3.0.2a/source/include
> -I/tmp/samba-3.0.2a/source/ubiqx -I/tmp/samba-3.0.2a/source/smbwrapper
> -I/opt/local/encap/heimdal-0.6/include -I/opt/local/include
> -I/tmp/samba-3.0.2a/source
>       LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -liconv
>       LDSHFLAGS = -G
>       LDFLAGS =
> Generating smbd/build_options.c
> Building include/proto.h
> creating /tmp/samba-3.0.2a/source/include/proto.h
> Building include/wrepld_proto.h
> creating /tmp/samba-3.0.2a/source/include/wrepld_proto.h
> Building include/build_env.h
> creating /tmp/samba-3.0.2a/source/nsswitch/winbindd_proto.h
> creating /tmp/samba-3.0.2a/source/web/swat_proto.h
> creating /tmp/samba-3.0.2a/source/client/client_proto.h
> creating /tmp/samba-3.0.2a/source/utils/net_proto.h
> Compiling dynconfig.c
> In file included from include/includes.h:421,
>                  from dynconfig.c:21:
> /opt/local/encap/heimdal-0.6/include/gssapi.h:50: warning: redefinition of
> `OM_uint32'
> /usr/include/gssapi/gssapi.h:87: warning: `OM_uint32' previously declared
> here
> /opt/local/encap/heimdal-0.6/include/gssapi.h:52: warning: redefinition of
> `gss_uint32'
> /usr/include/gssapi/gssapi.h:64: warning: `gss_uint32' previously declared
> here
> /opt/local/encap/heimdal-0.6/include/gssapi.h:64: error: conflicting types
> for `gss_name_t'
> /usr/include/gssapi/gssapi.h:57: error: previous declaration of
> `gss_name_t'
> /opt/local/encap/heimdal-0.6/include/gssapi.h:76: error: conflicting types
> for `gss_ctx_id_t'
> .
> .
> .  keeps going.. it is a long list
> .
> .
> /usr/include/gssapi/gssapi.h:695: error: previous declaration of
> `gss_seal'
> /opt/local/encap/heimdal-0.6/include/gssapi.h:765: error: conflicting
> types for `gss_unseal'
> /usr/include/gssapi/gssapi.h:704: error: previous declaration of
> `gss_unseal'
> make: *** [dynconfig.o] Error 1
> Any ideas?
> ----------------------------------
> Diego Julian Remolina
> System Administrator
> School of Mathematics
> Georgia Institute of Technology
> (404) 894-7385
> (404) 894-1309
> ----------------------------------
> On Fri, 5 Mar 2004, ww m-pubsyssamba wrote:
> > Hi,
> >
> > I am running configure with the option --with-krb5=/opt/local which is
> > where I have heimdal installed.  The problem is that after running make,
> > it still tries to use the include files from SUN that are in /usr/ and this
> > screws up the compile.
> >
> > ## Mmm strange, I've not had any problems on Solaris 9 with MIT Kerberos...
> > ## What files is it accidentally using, and in what way does this screw up your compile?
> >
> > Since I only need samba to be a PDC for my windows workstations,
> > Should I just build it without kerberos support?  I will store all samba
> > user information in ldap and so authentication will be done against the
> > ldap LMpasswd and NTpasswd entries and not through kerberos.  This is my
> > understanding so please correct me if I am wrong.
> >
> > ## I think there are some ways of implementing MIT KDC server with Samba as a PDC but this is not a normal configuration.
> > ## If all you want is a Samba PDC using NTLM authentication then I do not beleive you need any Kerberos support
> > ## hope this helps, Andy.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list