Hi!
First of all, thanks for replies to all ;)!
Using GCC was a fail for me - too much errors and 2 additional things
must be compiled (tdb & talloc) . I only managed to compile using
Sun's cc and gmake and will stick to them. I'm a bit further now. Now
I don't get PKCS 11 erros, when trying to do "net ads join". I
recompiled openldap with slapd (but with null backend) and "-lpkcs11"
in LDFLAGS (I think this is what helped). However now I'm getting
following when doing "net ads join"
[2010/07/16 12:16:54, 3] param/loadparm.c:9158(lp_load_ex)
lp_load_ex: refreshing parameters
[2010/07/16 12:16:54, 3] param/loadparm.c:4929(init_globals)
Initialising global parameters
[2010/07/16 12:16:54, 2] param/loadparm.c:4785(max_open_files)
rlimit_max: rlimit_max (256) below minimum Windows limit (16384)
[2010/07/16 12:16:54.047848, 3] ../lib/util/params.c:550(pm_process)
params.c:pm_process() - Processing configuration file
"/opt/samba/lib/smb.conf"
[2010/07/16 12:16:54.047875, 3] param/loadparm.c:7842(do_section)
Processing section "[global]"
[2010/07/16 12:16:54.048365, 2] lib/interface.c:338(add_interface)
added interface e1000g0:3 ip=192.168.0.84 bcast=192.168.0.255
netmask=255.255.255.0
[2010/07/16 12:16:54.048517, 1] libnet/libnet_join.c:1947(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'SAMBA-DEV'
domain_name : *
domain_name : 'mydomain.COM'
account_ou : NULL
admin_account : 'Administrator'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
[2010/07/16 12:17:00.052208, 2] libads/cldap.c:97(ads_cldap_netlogon)
cldap_netlogon() failed: NT_STATUS_IO_TIMEOUT
[2010/07/16 12:17:00.141661, 3]
libsmb/cliconnect.c:2201(cli_start_connection)
Connecting to host=BORED.mydomain.com
[2010/07/16 12:17:00.141828, 3]
lib/util_sock.c:974(open_socket_out_send)
Connecting to 192.168.0.94 at port 445
[2010/07/16 12:17:00.143207, 3]
libsmb/cliconnect.c:991(cli_session_setup_spnego)
Doing spnego session setup (blob length=107)
[2010/07/16 12:17:00.143274, 3]
libsmb/cliconnect.c:1019(cli_session_setup_spnego)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
[2010/07/16 12:17:00.143302, 3]
libsmb/cliconnect.c:1029(cli_session_setup_spnego)
got principal=bor...@mydomain.com
[2010/07/16 12:17:00.143856, 3]
libsmb/ntlmssp.c:1101(ntlmssp_client_challenge)
Got challenge flags:
[2010/07/16 12:17:00.143870, 3]
libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62898215
[2010/07/16 12:17:00.143883, 3]
libsmb/ntlmssp.c:1123(ntlmssp_client_challenge)
NTLMSSP: Set final flags:
[2010/07/16 12:17:00.143894, 3]
libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60088215
[2010/07/16 12:17:00.143984, 3]
libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
NTLMSSP Sign/Seal - Initialising with flags:
[2010/07/16 12:17:00.143997, 3]
libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60088215
[2010/07/16 12:17:00.177128, 3]
libsmb/cliconnect.c:1249(cli_session_setup)
SPNEGO login failed: Logon failure
[2010/07/16 12:17:00.177159, 1]
libsmb/cliconnect.c:2307(cli_full_connection)
failed session setup with NT_STATUS_LOGON_FAILURE
[2010/07/16 12:17:00.177271, 1] libnet/libnet_join.c:1978(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : NULL
dns_domain_name : NULL
forest_name : NULL
dn : NULL
domain_sid : NULL
domain_sid : (NULL SID)
modified_config : 0x00 (0)
error_string : 'failed to lookup DC info
for domain 'mydomain.COM' over rpc: Logon failure'
domain_is_ad : 0x00 (0)
result : WERR_LOGON_FAILURE
[2010/07/16 12:17:00.177442, 2] utils/net.c:916(main)
Intersting is that if I supply wrong username output doesn't differ
much. Below you can see differences (I stripped time to be able to
use diff).
--- pass_ok_stripped.txt 2010-07-16 12:19:11.869234402 +0300
+++ pass_wrong_stripped.txt 2010-07-16 12:19:22.318101275 +0300
@@ -19,7 +19,7 @@
domain_name : *
domain_name : 'mydomain.COM'
account_ou : NULL
- admin_account : 'Administrator'
+ admin_account : 'Adminisdgasgasdtor'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
@@ -43,8 +43,6 @@
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
- libads/cldap.c:97(ads_cldap_netlogon)
- cldap_netlogon() failed: NT_STATUS_IO_TIMEOUT
libsmb/cliconnect.c:2201(cli_start_connection)
Connecting to host=BORED.ProServe.com
lib/util_sock.c:974(open_socket_out_send)
Maybe I'm missing some rpc things? "smbd -b | tail -2" says:
Builtin modules:
pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_wbc_sam rpc_lsarpc
rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl
rpc_ntsvcs rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss
rpc_eventlog rpc_samr idmap_ldap idmap_tdb idmap_passdb idmap_nss
idmap_rid idmap_hash nss_info_template auth_sam auth_unix
auth_winbind auth_wbc auth_server auth_domain auth_builtin
auth_netlogond vfs_default vfs_solarisacl vfs_zfsacl
MMM
On 07/15/10 04:32 PM, Gaiseric Vandal wrote:
I compiled Samba 3.4.x on Solaris 10. (I have a Samba 3.4.x pdc
with two Samba 3.0.x BDC's.) Samba 3.0.x DC"s will not support
Windows 7 clients (don't have any yet but it is probably inevitable)
and doesn't seem to support trusts with Windows 2003 Native domains
(at least it didn't for me.)
If you following the opensolaris forums it seems unlikely that
there will be compiled build of 3.4.x or 3.5.x of samba in Solaris
10 or OpenSolaris in the near future. I don't think it really is
a licensing or even major technical issue. There is seems to
more interest in CIFS project as an alternative to Samba.
Oracle/Sun sells a NAS server that runs on opensolaris and users
CIFS so I don't think they have much interest in Samba. I don't see
Oracle/Sun paying any one work on Samba 3.4.x or 3.5.x integration
when they have "better" solutions and more important priorities.
To be specific, Samba doesn't require OpenLDAP but it does require
LDAP with certain functionality. The Solaris-bundled Samba does
use OpenLDAP. But if you are compiling it yourself OpenLDAP is
the way to do it. Easiest to just get the openldap precompiled
from blastwave or sunfreeware.com. And there is precompiled Samba
available from Sunfreeware and Blastwave but it may lack the
features you need, so you probably need to compile anyway.
If you don't need AD support, then then the Sun ldap client
functionality should be sufficient.
I didn't know about the NGROUPS_MAX option. I would have disabled
it if I had known, since I am subject to the 16 group NFS v3 limit.
(What I really need to do is switch to NFS v4 and use kerberos
authentication for NFS clients.)
The OpenSolaris developer build (from earlier this year- not the
official release from last year- has updated GCC and other tools
that may make compiling easier. Gcc from Sun (and even
Sunfreeware) use "/usr/ccs/bin/ld" as the linker. You may need to
renamed the file and symlink it to gld (gnu linker.) Samba
compiling also requires that you get set the CPPFLAGS and LDFLAGS as
well.
e.g.
PATH=/usr/swf/bin:/usr/ccs/bin:$PATH
PATH=/usr/local/samba-3.4.5/bin:/usr/local/samba-3.4.5/sbin:$PATH
LD_LIBRARY_PATH=/usr/sfw/lib:/usr/ccs/lib:$LD_LIBRARY PATH
LD_LIBRARY_PATH=/usr/local/samba- 3.4.5:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH
export CPPFLAGS="-I/usr/local/include -I/usr/local/ssl/include
-I/usr/include"
export LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib
-L/usr/local/lib -R/usr/local/lib -L/usr/lib -R/usr/lib"
I posted questions/results to the list earlier this year about my
experiences.
On 07/14/2010 05:38 PM, Mārcis Lielturks wrote:
On 15 July 2010 00:28, Jeremy Allison <j...@samba.org
<mailto:j...@samba.org>> wrote:
On Thu, Jul 15, 2010 at 12:26:05AM +0300, Mārcis Lielturks wrote:
> Thanks, machine wont provide NFS or ssh login services, so
fiddling with max
> groups should do no harm!
>
> I googled a bit at found that samba should be recompiled to take
advantage
> of new NGROUPS_MAX. "./configure" logs also suggested that
NGROUPS_MAX is
> evaluated only at compile time.
Yep. Recompilation should do the trick once the kernel understands
large numbers of groups.
> Can anybody share experience on compiling samba on OpenSolaris?
What's the
> most painless way? I'm considering to use latest 3.5.5 but maybe
I should
> use same version Sun (Oracle) is using - 3.0.37? I have to set
up Samba on 2
> servers, which already replicate storage, so ID mapping must be
consistent
> between both Samba servers. Servers have to provide shares also
to trusted
> domains, but 3.0.37 doesn't have idmap_hash and seems that
idmap_rid is not
> supported to provide mappings for more than one domain, so
anything newer
> than 3.0.37 sounds like the right choice.
The only reason they use 3.0.x is they're still unable to cope
with the GPLv3 in (Open?)Solaris. Which is ironic as Oracle
Linux has been shipping GPLv3 Samba for a while. But it's a big
company, you can't expect one part to know what another part is
up to :-).
Yeah, I read about that, but still, I was thinking that as they
ship 3.0.37, it should also be easier to compile because OS has all
that's necessary for 3.0.37. Newer Samba versions may have some
dependencies (new libs or newer version of libs), that might be
harder to satisfy. I have never compiled samba so far and all I
know at the moment (from documentation) is that AD support requires
krb5 and openldap development libraries and files.
Jeremy.
--
ML
