Date: Sat, 18 Feb 2006 15:10:08 GMT From: Dmitry Kazarov <kazarov@mcm.ru> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/92619: ADS, Kerberos are disabled in net/samba-libsmbclient that makes it useless in ADS based Microsoft network Message-ID: <200602181510.k1IFA811016663@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/92619; it has been noted by GNATS. From: Dmitry Kazarov <kazarov@mcm.ru> To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/92619: ADS, Kerberos are disabled in net/samba-libsmbclient that makes it useless in ADS based Microsoft network Date: Fri, 10 Feb 2006 14:19:36 +0300 Hi, Timur I've tested this lib with Konqueror browser of KDE. It seems that KDE does not use Kerberos authentication when connecting to smb server: I've recompiled libsmbclient with those (--with-krb5 --without-ldap --without-ads) parameters using portupgrade -f samba-libsmbclient ( BTW, ldd shows that no kerberos was compiled in: ldd /usr/local/lib/libsmbclient.so /usr/local/lib/libsmbclient.so: libcrypt.so.3 => /lib/libcrypt.so.3 (0x282f1000) libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x2830a000) while with --with-krb5 --with-ldap --with-ads much more libraries are included: libcrypt.so.3 => /lib/libcrypt.so.3 (0x28310000) libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28329000) libgssapi.so.8 => /usr/lib/libgssapi.so.8 (0x28416000) libkrb5.so.8 => /usr/lib/libkrb5.so.8 (0x28425000) libasn1.so.8 => /usr/lib/libasn1.so.8 (0x2845e000) libcrypto.so.4 => /lib/libcrypto.so.4 (0x28485000) libroken.so.8 => /usr/lib/libroken.so.8 (0x2858b000) libcom_err.so.3 => /usr/lib/libcom_err.so.3 (0x28598000) libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x2859a000) liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x285c8000) libssl.so.4 => /usr/lib/libssl.so.4 (0x285d5000) ) I've uncommented kerberos auth in /etc/pam.d/system auth sufficient pam_krb5.so no_warn try_first_pass and logged in using MS Windows Network password. klist showed correct credential values. smbclient successfully conected to windows server using -k option (Kerberos auth): ~[500]$ smbclient -k '\\server\c$' OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2] smb: \> But Konqueror, on connecting to windows server requested user and password and finished with no access error while I entered correct user/password. When compiled with --with-krb5 --with-ldap --with-ads options Konqueror also asks to user/password and successfully connects to server. Sincerely Yours Dmitry > Hi, Dmitry! > > Indeed, Samba developers confirmed that now it's necessary to link with > Kerberos to get ability to log into ADS domain. Last time I asked this > in ML i was said no libraries are necessary. > > Can you, pleasae, try this set of options and tell me, did it help to you? > > CONFIGURE_ARGS+= --with-krb5 > CONFIGURE_ARGS+= --withoout-ldap > CONFIGURE_ARGS+= --without-ads > > Just to reduce number of dependencies :) > > With best regads, > Timur Bakeyev
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602181510.k1IFA811016663>