[Samba] krb5 library issues when Compiling 3.5.2 and 3.4.7 on AIX 5.3

Sun Apr 18 17:56:02 MDT 2010

Hi,

Thank you for your response.

I am already specifying the -brtl option.  I only listed the configure line of my build script.
I really should have included all of the script.  Here it is.
I actually used the "do-it" script from the pware site as the basis for my script.

#!/usr/bin/ksh93

PATH=/usr/bin:/etc:/usr/sbin:/usr/bin/X11:/sbin:/opt/pware/bin:/opt/pware/sbin:/usr/java14/jre/bin:/usr/java14/bin:/usr/vac/bin:/usr/local/bin:/root
export PATH

SrcDir="/intsupport/samba/samba-3.4.7/source3"

env CC="gcc -maix32 -O2 -Wl,-blibpath:/opt/pware/lib:/usr/lib:/lib,-brtl" \
CPPFLAGS="-I/opt/pware/include" \
CFLAGS="-O2 -I/opt/pware/include" \
LDFLAGS="-lcrypto -L/opt/pware/lib " \

(cd ${SrcDir} && \
./configure --with-acl-support --with-utmp --with-ads \
--with-ldap --with-krb5=/opt/pware --with-pam \
--with-libiconv=/opt/pware --with-sendfile-support \
--prefix=/opt/pware/samba/3.4.7 --with-syslog --with-quotas \
--with-winbind=yes --with-aio-support=yes --with-automount \
--with-static-modules="vfs_aixacl2,vfs_aixacl" \
--with-shared-modules="idmap_rid,idmap_ad,idmap_tdb2" \
--with-dnsupdate | tee ${SrcDir}/config-3.4.7.log )

The only kerberos components installed on the server is the krb5 package from the pware site.
IE: There no AIX krb components installed .

The output from "lslpp -l | grep -i krb" returns "  pware53.krb5.rte           1.7.1.1  COMMITTED  MIT Kerberos 1.7.1".

I have tried using the samba packages from the pware site and have had issues with integrating AIX with ADS.
Refer to thread "AIX 5.3 Active Directory Synchronisation using Winbind".
I thought I had overcome my issues by using 3.5.2 from the pware site but when I tried un-installing and re-installing 3.5.2 I had issues.
I could not get "wbinfo -i user" to work.  I kept getting "Could not get info for user xxxxx" or it would return data for the user but it would not use the uid and gid that was specified via SFU3.5 in the AD.

If I used 3.4.7 from the pware site then "wbinfo -i" would always verify the user and return the correct uid and gid as specified in the AD.
However when you tried to telnet into the server an error would occur that implied that the group id was not in the group file.
But it is listed and there is definitely nothing wrong with the passwd, group or /etc/security file(s).

So I thought I would go back to compiling samba from scratch to see if could overcome the issues of AD integration.

I will export the vars CC, CPPFLAGS, CFLAGS and LDFLAGS and then run configure.
The more I think about it this is most likely the issue.
It takes approx 2 hrs to run the configure script before it fails so I will update you once I have been able to test this.

Regards,

Craig Green
Support Consultant - Unix

Ultradata - Vision to Reality
+61 3 9291 1742
www.ultradata.com.au

> -----Original Message-----
> From: samba-bounces at lists.samba.org
> [mailto:samba-bounces at lists.samba.org] On Behalf Of William Jojo
> Sent: Sunday, 18 April 2010 1:49 AM
> To: Michael Wood; christoph.beyer at desy.de
> Cc: Samba
> Subject: Re: [Samba] krb5 library issues when Compiling 3.5.2
> and 3.4.7 on AIX 5.3
>
>
>
> ---- Original message ----
> >Date: Fri, 16 Apr 2010 10:38:09 +0200
> >From: Michael Wood <esiotrot at gmail.com>
> >Subject: Re: [Samba] krb5 library issues when Compiling
> 3.5.2 and 3.4.7
> >on AIX 5.3
> >To: christoph.beyer at desy.de
> >Cc: Samba <samba at lists.samba.org>
> >
> >Hi
> >
> >On 16 April 2010 09:59,  <christoph.beyer at desy.de> wrote:
> >> Hi,
> >>
> >> try --with-krb5=/path/to/your/kerberos/installation/root
> >
> >I suggested this at the bottom of his message and then
> realised that he
> >had done this.
> >
>
>
> The real problem is the ld command will not search for libs
> that end with .so unless you provide the -brtl option.
>
> BTW, 3.5.2 is available on the site, unless there are
> features you don't need. :-)
>
> The method of configuring Samba that I use for pWare is:
>
> env CC="gcc -O2
> -Wl,-blibpath:/opt/pware/lib:/usr/lib:/lib,-brtl" \
> CPPFLAGS="-I/opt/pware/include" \
> CFLAGS="-O2 -I/opt/pware/include" \
> LDFLAGS="-L/opt/pware/lib " \
> ./configure --with-acl-support --with-utmp \ --with-ldap
> --with-krb5=/opt/pware \ --with-libiconv=/opt/pware
> --with-sendfile-support \ --prefix=/opt/pware --with-syslog
> --with-quotas \ --with-winbind=yes --with-aio-support=yes
> --with-automount \ --with-pam --with-acl-support \
> --with-static-modules="vfs_aixacl2,vfs_aixacl" \
> --with-shared-modules="idmap_rid,idmap_ad,vfs_gpfs,idmap_tdb2"
>
>
> Cheers,
> Bill
>
>
> >> or
> >>
> >> export CPPFLAGS="-I/your/krb/dir/include"
> >> export LDFLAGS="$LDFLAGS -L/your/krb/dir/lib"
> >
> >This might be worth a try.
> >
> >--
> >Michael Wood <esiotrot at gmail.com>
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Disclaimer Notice

This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action or place any reliance on it. If you have received this message in error please notify Ultradata immediately on +61 3 9291 1600. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Ultradata Australia Pty. Ltd.

To unsubscribe from receiving commercial electronic messages from Ultradata Australia please email unsubscribe at ultradata.com.au with the subject heading "Unsubscribe".