Samba with kerberos

Mon, 03 Mar 2008 09:42:45 -0800 

Hi all,
I need a version of samba that is compiled with both ldap and kerberos so that my samba server can join a MS Windows 2003 Active Directory domain. 


After hacking on the port to make my own flavor, I have been unable to 
get around the same problem others have had (from stfa) in that 
configure seems unable to find the OpenBSD in-tree krbv headers and 
library files.



The problem seems to be that OpenBSD splits kerberosV into two separate 
places.  Header files are in /usr/include/kerberosV, and library files 
are in /usr/lib/.  Samba's configure is also looking for a krb5-config 
file that doesn't seem to exist on a standard OpenBSD -current install.



The easiest way for me to compile Samba with both ldap and kerberos has 
been to download the latest heimdal sources from 
http://www.h5l.org/dist/src/, untar them, run ./configure && make && 
sudo make install.  The standard location for heimdal is in 
/usr/heimdal, with the library files in /usr/heindal/lib and the header 
files in /usr/heimdal/include.  The krb5-config program (which turns out 
to be a shell script) is in /usr/heimdal/bin.



I've altered the ports Makefile to add my own ads flavor by adding:

.if ${FLAVOR:L:Mads}
CONFIGURE_ARGS+= --with-ldap --with-ads --with-krb5=/usr/heimdal
LIB_DEPENDS+=   ldap,lber::databases/openldap
BUILD_DEPENDS+= ::misc/libutf8
.else
CONFIGURE_ARGS+= --without-ldap --without-ads
.endif


To contribute a version of samba that is built with both ldap and 
kerberos support would it be better to a)  use the standard in-tree 
version of kerberosV and patch the configure program in samba to find 
the in-tree version files.  That still doesn't include the krb5-config 
shell script, but I haven't yet looked into what it does or why it's needed.



Or b), should I submit a new port of heimdal for use with samba and make 
it a requirement for the new ads flavor, just like openldap is for the 
existing ldap flavor.  I'd imagine that heimdal ought to be installed in 
usr/local/, which would then alter my samba Makefile addition as well. 
That would also keep it second in line in the normal path search. 
Heimdal is released under a three clause BSD license, and I was able to 
configure and install it without patching or altering anything.



One thing for sure, until this I'd forgotten what a PITA it can be to 
get a program compiled and running.  I'm used to pkg_add and going back 
was awful!


Thanks,

Jeff Ross























					Reply via email to