[Samba] Compiling samba on Solaris 8 --with-ads

David Michaels dragon at raytheon.com
Sat Mar 5 00:22:34 GMT 2005 

>
>
>> For historical reasons, the administrator is member in lots of groups. As
>> a result the ticket size is too big for UDB, so the W2k3-server sends an
>> KRB5KRB_ERR_RESPONSE_TOO_BIG (Response too big for UDP, retry with TCP)
>> error back to kinit.
>>
>> Unfortunatly this case is not handled in lib/krb5/get_in_tck.c -
>> krb5_get_in_cred(). Only the KRB5KDC_ERR_PREAUTH_REQUIRED error is
>> handled.
>
>Sorry for not responding eailer,
>
>If you grap the latest heimdal-0.6-<date>.tar.gz snapshot it will contains
>code that support falling back to TCP when UDP failes or the error
>KRB5KRB_ERR_RESPONSE_TOO_BIG is returned.
>
>If you don't want to upgrade you can force tcp in krb5.conf
>
>[realms]
>        MY.REALM = {
>                 kdc = tcp/my.first.kdc.my.realm
>                 kdc = tcp/my.second.kdc.my.realm
>        }
>


I'm trying to get ADS support in Samba 3.0.11 on Solaris 8 to work.  I 
am pretty close, but Samba doesn't recognize the 'realm' keyword in the 
smb.conf file.  It seems to be okay with security = ads, but that 
doesn't do much good if it can't determine the realm. ;)  Also, I'm 
running into the same udp-too-big error, and the above fix using 
/etc/krb5.conf does not work.  I end up with:

    kinit: krb5_get_init_creds: unable to reach any KDC in realm {MY.REALM}


I'm pulling down the latest heimdal now, but I had to do a trick to get 
even 0.6.3 to compile -- I had to close permissions to 
/usr/include/gssapi (otherwise it complained about duplicate definitions 
of stuff).  I tried using MIT's kerberos (1.4), but it has a problem 
finding freeifaddrs and getifaddrs:

    gcc -L../../../lib -R/usr/local/lib -g -O2 -Wall
    -Wmissing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wshadow
    -pedantic  -o client client.o rpc_test_clnt.o \
            -lgssrpc -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
    -lkrb5support  -lresolv -lsocket -lnsl
    Undefined                       first referenced
     symbol                             in file
    freeifaddrs                         ../../../lib/libkrb5.so
    getifaddrs                          ../../../lib/libkrb5.so
    ld: fatal: Symbol referencing errors. No output written to client
    collect2: ld returned 1 exit status

The only place I found those referenced were in the Heimdal files (in 
the libroken.a library).  But I can't compile a shared version of that 
library, because --enable-shared for Heimdal results in huge lists of 
undefined symbols when compiling libsl.so.

I can't seem to win here.  I saw Joseph Gaude's message that said:

>I used:
>MIT Kerberos 1.3.4
>OpenSSL 0.9.7d
>OpenLdap 2.2.14
>Samba 3.0.7
>all compiled from source. Do not use the Sunfreeware supplied packages as
>the libraries will not work.
>
>Also,
>installed ncurses, popt, libiconv from Sunfreeware.
>

How did you get MID Kerberos to install?  (i.e., where are its 
freeifaddrs and getifaddrs functions coming from?)

I've got OpenLdap 2.2.23 installed, OpenSSL 0.9.7d, Heimdal 0.6.3, and 
Samba 3.0.11.

Any ideas?

--Dave "Dragon" Michaels

More information about the samba mailing list