[Samba] Re: Hi again timur

Timur I. Bakeyev timur at com.bat.ru
Wed May 19 14:40:54 GMT 2004

On Tue, 18 May 2004 13:15:13 -0700
  Tom Skeren <tms3 at fsklaw.net> wrote:
>I am completely frustrated at this point.  The following 
>is not meant against you personally, but I'm the ONLY 
>I.T. person for 100 users in  6 different offices, and I 
>don't know what to do at this point but beg.

That's sad... We have 14 SA on 100 of emplyees...

>I finally figured out what Heimdal is, and I believe is 
>the main problem.  Installed 5.2.1 on a machine. 
> Installed krb5 from ports.  Changed make.conf adding 
>KRB5_HOME=/usr/local.  Rebooted.  Got the newest port for 
>samba-devel.  Did make, make depends, make install. 

I should admit, that situation with Kerberos not so clear 
in the FreeBSD world at the moment - mainly, cause it's a 
(disablable) part of the base system.

So, the most prefferable way on my opinion for 5.2.x would 

Check, that your system comes with Heimdal in the base 
system - it's there and enabled by default for FreeBSD 5. 
Thus, check in /usr/lib that you have *krb5* libraries. 
Or, alternativelly, grep output of 'ldconfig -r' for krb5.

It's 90% probability, that you already have it there.
If not - check your make.conf does NOT contain:

NO_KERBEROS=   true    # do not build and install Kerberos 
5 (KTH Heimdal)

line and recompile the 'world'(If you are using stock 
FreeBSD5.2.1 release, that shouldn't be the case).

Remove Heimdal port - on FreeBSD 5 it's not really 
necessary(unless you have very special requirements).

Set the HEIMDAL_HOME=/usr in make.conf(and for port, if 
you kept it - /usr/local).

Reinstall samba-devel port, taking the latest version of 

Make sure, that you configured it with ADS support, for 
what you issue 'make reconfig' in the port directory 
before compilation and check, that ADS support is actually 

make; make insall

You may check, that Kerberos libraries are compiled in by 

timur at timur$ ldd `which smbd`

And get something like:

         libldap.so.2 => /usr/local/lib/libldap.so.2 
         liblber.so.2 => /usr/local/lib/liblber.so.2 
         libgssapi.so.7 => /usr/lib/libgssapi.so.7 
         libkrb5.so.7 => /usr/lib/libkrb5.so.7 
         libasn1.so.7 => /usr/lib/libasn1.so.7 
         libcrypto.so.3 => /lib/libcrypto.so.3 
         libroken.so.7 => /usr/lib/libroken.so.7 
         libcrypt.so.2 => /lib/libcrypt.so.2 (0x484bd000)
         libcom_err.so.2 => /usr/lib/libcom_err.so.2 
         libcups.so.2 => /usr/local/lib/libcups.so.2 
         libssl.so.3 => /usr/lib/libssl.so.3 (0x484f4000)
         libpam.so.2 => /usr/lib/libpam.so.2 (0x48521000)
         libpopt.so.0 => /usr/local/lib/libpopt.so.0 
         libc.so.5 => /lib/libc.so.5 (0x4852f000)

> Try 
>"net ads testjoin".  Machine responds "ADS support not 
>compiled in".  Either I get it compiled in but net ads 
>join/testjoin always error out because of some 
>incompatibility in Heimdal Kerberos, or this happens.  I 

The steps abouve should make clear, that Kerberos is 
compiled into the binary.

>really am getting up against a wall here.  I've gotta get 
>this thing working.  It took me three hours to do this on 
>a Redhat machine.  I've been trying to do the same thing 
>in  FreeBSD for three weeks straight.  I really don't 
>want to rebuild all of my servers with Redhat, I don't 
>know Redhat very well at all, and that means replacing 4 
>production servers.  I could really use a bit of help. 

Unfortunatelly, on the configuration step I can't help too 
much - I don't run AD server in my network at the 
moment... So, asking in the samba at lists.samba.org and in 
ports at freebsd.org for the advice could be better option...

With best regards,
Timur Bakeyev.

More information about the samba mailing list