[Samba] samba and ads authentication

Tom Montague tom.montague at thegriffingroup.com.au
Sun Nov 8 23:27:25 MST 2009


Thanks Seban,

I tried running the configure script with the following options...

 ./configure --with-ldap --with-ads --with-krb5 --with-winbind

I am getting the following error:-

checking for ldap_initialize... yes
checking for ldap_add_result_entry... yes
checking for kerberos 5 install path... no krb5-path given
checking for krb5-config... no
checking for working krb5-config... no. Fallback to previous krb5
detection strategy
checking for /usr/include/heimdal... no
checking for /usr/kerberos... no
checking krb5.h usability... no
checking krb5.h presence... no
checking for krb5.h... no
configure: error: Active Directory cannot be supported without krb5.h


I do have Kerberos installed and the kinit <user>@<domain> works for me.

My Kerberos krb5.conf file is located in the /etc/krb5/ directory,
should I be running the configure script and telling it this location?
Should I have a krb5.h file???



-----Original Message-----
From: sebastian.rajan at wipro.com [mailto:sebastian.rajan at wipro.com] 
Sent: Friday, 6 November 2009 2:41 PM
To: Tom Montague; samba at lists.samba.org
Subject: RE: [Samba] samba and ads authentication

Using the following option to configure for ADS

--with-ldap and --with-ads in configure command

Also, you must have Kerberos library installed, so give 
--with-krb5=$(PATH_TO_KRB_LIB)/lib/


If the configure fails, check the path and version of kerberos u r
using.

Regards,
Seban



-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Tom Montague
Sent: Thursday, November 05, 2009 9:45 AM
To: samba at lists.samba.org
Subject: [Samba] samba and ads authentication

I am looking at setting up ADS authentication for my current samba
configuration. I am quite wary of making big changes that I do not
understand as there are shares currently setup and I do not want to lose
this.

 

I have read through the "how to's" and I am at the point where I want to
"Create the computer account" and running the command :-

            Net ads join -U administrator%password

 

I am getting the error "ADS support not compiled in"

 

The fix for this says...

 

Samba must be reconfigured (remove config.cache) and recompile (make
clean all install) after the Kerberos libraries and headers files are
installed.

 

 

How do I reconfigure samba? I have inherited this samba configuration
and I am not sure how/what was configured originally and I do not want
to lose the current configuration..

 

Can someone help me with this recompile command and what entries I
should add. I have some details below of the current configuration...

 

Samba version 3.0.23c

 

I found the following details in the config.log

 

configure:34026: result: no

configure:34038: checking whether to use smbwrapper

configure:34085: result: no

configure:34093: checking whether to use AFS clear-text auth

configure:34111: result: no

configure:34119: checking whether to use AFS fake-kaserver

configure:34137: result: no

configure:34339: checking whether to use AFS fake-kaserver

configure:34357: result: no

configure:34376: checking whether to use DFS clear-text auth

configure:34398: result: no

configure:34407: checking for LDAP support

configure:34421: result: no

configure:35119: checking for Active Directory and krb5 support

configure:35133: result: auto

configure:35146: WARNING: Disabling Active Directory support (requires
LDAP support)

 

smbd -b | grep LDAP   (no output)

smbd -b | grep KRB     (no output)                                   

smbd -b | grep ADS     (no output)

smbd -b | grep WINBIND

   WITH_WINBIND

   WITH_WINBIND

 

TomMontague

 

</pre>
<br><P><HR><P>
<font size="2" face="Times">
The information in this email, including any attachments, is
confidential and may be subject to legal or other professional
privilege.  It is intended solely for the addressee and access to this
email by anyone else is unauthorised.  If you have received this email
in error, please immediately advise the sender by return email, then
delete the message from your system and destroy any copies. If you are
not the intended recipient, any use, interference with, distribution,
disclosure or copying of this material, or any action taken or omitted
to be taken in reliance on it, is unauthorised and prohibited.

The Griffin Group scans all outgoing emails for viruses, however The
Griffin Group cannot guarantee that email communications are secure or
error-free, as information could be intercepted, corrupted, amended,
lost, destroyed, arrive late or incomplete.
</font>
<br></body>
<pre>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s)
and may contain proprietary, confidential or privileged information. If
you are not the intended recipient, you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately and
destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of viruses.
The company accepts no liability for any damage caused by any virus
transmitted by this email. 

www.wipro.com
</pre>
<br><P><HR><P>
<font size="2" face="Times">
The information in this email, including any attachments, is confidential and may be subject to legal or other professional privilege.  It is intended solely for the addressee and access to this email by anyone else is unauthorised.  If you have received this email in error, please immediately advise the sender by return email, then delete the message from your system and destroy any copies. If you are not the intended recipient, any use, interference with, distribution, disclosure or copying of this material, or any action taken or omitted to be taken in reliance on it, is unauthorised and prohibited.

The Griffin Group scans all outgoing emails for viruses, however The Griffin Group cannot guarantee that email communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete.
</font>
<br></body>
<pre>




More information about the samba mailing list