[Samba] bind9 failure when using dlz_bind
Michael Tokarev
mjt at tls.msk.ru
Fri Jun 28 06:35:13 UTC 2024
On 6/28/24 08:44, Michael Tokarev wrote:
..
> Besides, it looks like samba libraries are "too dirty", so to say, - eg, I don't think
> bind_dlz.so needs any krb5 stuff, it just talks to samba-ad-dc over a unix socket.
> It needs none of samba libraries. But here I might be completely wrong. It links
> with heimdal, libwbclient, etc.
Aha.. bind_dlz talks to samba using kerberos. Somehow I thought it uses a socket in
/var/lib/samba/private/ like ntp. I was wrong indeed.
So bind_dlz obviously needs kerberos.
It looks like it should be build the same way nss_winbind & pam_winbind are built,
with all samba modules compiled into the binary.
Also, I think it would be useful if mit-krb5 and heimdal checks if both of them are
loaded into the same address space and fail to run, since symbol clashes is too
basically unavoidable in this case. This means there's no bind_dlz for heimdal-
based samba though, but it's better be sorry than crash (neither works anyway).
Samba should really switch to mit-krb5...
/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
More information about the samba
mailing list