[Samba] SerNet.de Release and krb problems

Mark Proehl M.Proehl at science-computing.de
Tue May 9 14:15:10 GMT 2006


the same problem happens to me with a RHEL4 system.

Another point is that using "net ads join" with existing kerberos
credentials is not working:

  [root at rhws tmp]# kinit Administrator
  Password for Administrator at W2K3.EXAMPLE.COM: 
  [root at rhws tmp]# klist -5
  Ticket cache: FILE:/tmp/krb5cc_0
  Default principal: Administrator at W2K3.EXAMPLE.COM
  Valid starting     Expires            Service principal
  05/09/06 16:07:35  05/10/06 02:07:36  krbtgt/W2K3.EXAMPLE.COM at W2K3.EXAMPLE.COM
          renew until 05/10/06 16:07:35
  [root at rhws tmp]# /usr/bin/net ads join
  root's password: 

(It should not ask for root's password, but use the name
"Administrator" from the kerberos credential cache instead).

On Mon, May 08, 2006 at 10:37:18PM -0500, Matt Sellers wrote:
> Hello All,
>         Im using a fresh install of CentOS 4.3 fully updated with the
>         latest
>         Samba packages from SerNet.de
>         http://enterprisesamba.org/index.php?id=64
>         While I have used Samba/Winbind for quite some time, Im have a
>         peculiar
>         problem with these RPM's. When I try to "net ads join -U
>         <username>" to
>         join of ADS realm, I get this error...
>         [root at ctilinux3 sernet-samba]# net -V
>         Version 3.0.22-SerNet-RedHat
>         [root at ctilinux3 sernet-samba]# net ads join -U msellers
>         msellers's password:
>         [2006/05/08 23:02:12, 0] utils/net_ads.c:ads_startup(191)
>           ads_connect: Program lacks support for encryption type
>         [root at ctilinux3 sernet-samba]#
>         While I do have the latest krb5 libs installed from the CentOS
>         repo, its
>         my understanding that Sernet statically compiles their own
>         kerberos
>         libraries for compatibility, at least what their site says....

ldd /usr/bin/smbd looks like Sernet's package is linked against the
system kerberos library (MIT kerberos):

  [root at rhws tmp]# rpm -qf /usr/sbin/smbd 
  [root at rhws tmp]# rpm -qi samba3
  Name        : samba3                       Relocations: (not relocatable)
  Version     : 3.0.22                            Vendor: Service Network GmbH, Goettingen
  Release     : 26                            Build Date: Fri 31 Mar 2006 01:30:19 PM CEST
  Install Date: Mon 08 May 2006 12:56:45 PM CEST      Build Host: opi
  Group       : Productivity/Networking/Samba   Source RPM: samba3-3.0.22-26.src.rpm
  Size        : 44867747                         License: GNU GPL
  Signature   : (none)
  Packager    : SerNet Samba Team <Samba at SerNet.DE>
  URL         : http://www.samba.org
  Summary     : An SMB/CIFS file server
  Description :
  Samba is a suite of programs which work together to allow clients to
  access Unix filespace and printers via the SMB/CIFS protocol.
  [root at rhws tmp]# ldd /usr/sbin/smbd | grep krb
          libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00319000)
          libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x002c7000)
  [root at rhws tmp]# 

but it also seems to have some parts of heimdal included:

  [root at rhws tmp]# strings /usr/sbin/smbd | grep -i heimd
  Heimdal 0.7.2
  @(#)$Version: Heimdal 0.7.2 by root on opi (i686-pc-linux-gnu) Fri Mar 31 05:23:15 EST 2006 $
  [root at rhws tmp]# 

I don't know if that is the reason for the problem, but linking
against two differnt kerberos libraries might cause trouble.


>         I have successfully compiled samba from source on CentOS, but
>         have never
>         gotten these SerNet binaries to work.  Can anybody point me in
>         the
>         direction to fix this, or explain?  
>         Thanks all :-)
>         --
>         Matt Sellers
>         matt at indigo.nu   
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list