[Samba] Re: Hi again timur
Timur I. Bakeyev
timur at com.bat.ru
Wed May 19 14:40:54 GMT 2004
On Tue, 18 May 2004 13:15:13 -0700
Tom Skeren <tms3 at fsklaw.net> wrote:
>I am completely frustrated at this point. The following
>is not meant against you personally, but I'm the ONLY
>I.T. person for 100 users in 6 different offices, and I
>don't know what to do at this point but beg.
That's sad... We have 14 SA on 100 of emplyees...
>I finally figured out what Heimdal is, and I believe is
>the main problem. Installed 5.2.1 on a machine.
> Installed krb5 from ports. Changed make.conf adding
>KRB5_HOME=/usr/local. Rebooted. Got the newest port for
>samba-devel. Did make, make depends, make install.
I should admit, that situation with Kerberos not so clear
in the FreeBSD world at the moment - mainly, cause it's a
(disablable) part of the base system.
So, the most prefferable way on my opinion for 5.2.x would
Check, that your system comes with Heimdal in the base
system - it's there and enabled by default for FreeBSD 5.
Thus, check in /usr/lib that you have *krb5* libraries.
Or, alternativelly, grep output of 'ldconfig -r' for krb5.
It's 90% probability, that you already have it there.
If not - check your make.conf does NOT contain:
NO_KERBEROS= true # do not build and install Kerberos
5 (KTH Heimdal)
line and recompile the 'world'(If you are using stock
FreeBSD5.2.1 release, that shouldn't be the case).
Remove Heimdal port - on FreeBSD 5 it's not really
necessary(unless you have very special requirements).
Set the HEIMDAL_HOME=/usr in make.conf(and for port, if
you kept it - /usr/local).
Reinstall samba-devel port, taking the latest version of
Make sure, that you configured it with ADS support, for
what you issue 'make reconfig' in the port directory
before compilation and check, that ADS support is actually
make; make insall
You may check, that Kerberos libraries are compiled in by
timur at timur$ ldd `which smbd`
And get something like:
libldap.so.2 => /usr/local/lib/libldap.so.2
liblber.so.2 => /usr/local/lib/liblber.so.2
libgssapi.so.7 => /usr/lib/libgssapi.so.7
libkrb5.so.7 => /usr/lib/libkrb5.so.7
libasn1.so.7 => /usr/lib/libasn1.so.7
libcrypto.so.3 => /lib/libcrypto.so.3
libroken.so.7 => /usr/lib/libroken.so.7
libcrypt.so.2 => /lib/libcrypt.so.2 (0x484bd000)
libcom_err.so.2 => /usr/lib/libcom_err.so.2
libcups.so.2 => /usr/local/lib/libcups.so.2
libssl.so.3 => /usr/lib/libssl.so.3 (0x484f4000)
libpam.so.2 => /usr/lib/libpam.so.2 (0x48521000)
libpopt.so.0 => /usr/local/lib/libpopt.so.0
libc.so.5 => /lib/libc.so.5 (0x4852f000)
>"net ads testjoin". Machine responds "ADS support not
>compiled in". Either I get it compiled in but net ads
>join/testjoin always error out because of some
>incompatibility in Heimdal Kerberos, or this happens. I
The steps abouve should make clear, that Kerberos is
compiled into the binary.
>really am getting up against a wall here. I've gotta get
>this thing working. It took me three hours to do this on
>a Redhat machine. I've been trying to do the same thing
>in FreeBSD for three weeks straight. I really don't
>want to rebuild all of my servers with Redhat, I don't
>know Redhat very well at all, and that means replacing 4
>production servers. I could really use a bit of help.
Unfortunatelly, on the configuration step I can't help too
much - I don't run AD server in my network at the
moment... So, asking in the samba at lists.samba.org and in
ports at freebsd.org for the advice could be better option...
With best regards,
More information about the samba