On Mon, Mar 03, 2008 at 10:39:21AM -0700, Jeff Ross wrote: > Hi all, > > I need a version of samba that is compiled with both ldap and kerberos > so that my samba server can join a MS Windows 2003 Active Directory domain. > > After hacking on the port to make my own flavor, I have been unable to > get around the same problem others have had (from stfa) in that > configure seems unable to find the OpenBSD in-tree krbv headers and > library files. > > The problem seems to be that OpenBSD splits kerberosV into two separate > places. Header files are in /usr/include/kerberosV, and library files > are in /usr/lib/. Samba's configure is also looking for a krb5-config > file that doesn't seem to exist on a standard OpenBSD -current install.
You may have a look at the x11/kde/libs3 port. There is a small script krb5-config which is copied in post-extract (see the Makefile there). Maybe this could be helpful in your case too. > The easiest way for me to compile Samba with both ldap and kerberos has > been to download the latest heimdal sources from > http://www.h5l.org/dist/src/, untar them, run ./configure && make && > sudo make install. The standard location for heimdal is in > /usr/heimdal, with the library files in /usr/heindal/lib and the header > files in /usr/heimdal/include. The krb5-config program (which turns out > to be a shell script) is in /usr/heimdal/bin. > > > I've altered the ports Makefile to add my own ads flavor by adding: > > .if ${FLAVOR:L:Mads} > CONFIGURE_ARGS+= --with-ldap --with-ads --with-krb5=/usr/heimdal > LIB_DEPENDS+= ldap,lber::databases/openldap > BUILD_DEPENDS+= ::misc/libutf8 > .else > CONFIGURE_ARGS+= --without-ldap --without-ads > .endif > > To contribute a version of samba that is built with both ldap and > kerberos support would it be better to a) use the standard in-tree > version of kerberosV and patch the configure program in samba to find > the in-tree version files. That still doesn't include the krb5-config > shell script, but I haven't yet looked into what it does or why it's needed. > > Or b), should I submit a new port of heimdal for use with samba and make > it a requirement for the new ads flavor, just like openldap is for the > existing ldap flavor. I'd imagine that heimdal ought to be installed in > usr/local/, which would then alter my samba Makefile addition as well. > That would also keep it second in line in the normal path search. > Heimdal is released under a three clause BSD license, and I was able to > configure and install it without patching or altering anything. > > One thing for sure, until this I'd forgotten what a PITA it can be to > get a program compiled and running. I'm used to pkg_add and going back > was awful! > > Thanks, > > Jeff Ross Regards, Markus
