ports/92619: ADS, Kerberos are disabled in net/samba-libsmbclient that makes it useless in ADS based Microsoft network

Dmitry Kazarov kazarov at mcm.ru
Sat Feb 18 15:10:17 UTC 2006 

The following reply was made to PR ports/92619; it has been noted by GNATS.

From: Dmitry Kazarov <kazarov at mcm.ru>
To: bug-followup at FreeBSD.org
Cc:  
Subject: Re: ports/92619: ADS, Kerberos are disabled in net/samba-libsmbclient that makes it useless in ADS based Microsoft network
Date: Fri, 10 Feb 2006 14:19:36 +0300

 Hi, Timur
 
 I've tested this lib with Konqueror browser of KDE. It seems that KDE does not 
 use Kerberos authentication when connecting to smb server:
 
 I've recompiled libsmbclient with those (--with-krb5 --without-ldap 
 --without-ads) parameters using 
 portupgrade -f samba-libsmbclient
 
 (
 	BTW, ldd shows that no kerberos was compiled in:
 	ldd /usr/local/lib/libsmbclient.so
 	/usr/local/lib/libsmbclient.so:
         	libcrypt.so.3 => /lib/libcrypt.so.3 (0x282f1000)
 	        libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x2830a000)
 	while with --with-krb5 --with-ldap --with-ads much more libraries are 
 included:
         libcrypt.so.3 => /lib/libcrypt.so.3 (0x28310000)
         libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28329000)
         libgssapi.so.8 => /usr/lib/libgssapi.so.8 (0x28416000)
         libkrb5.so.8 => /usr/lib/libkrb5.so.8 (0x28425000)
         libasn1.so.8 => /usr/lib/libasn1.so.8 (0x2845e000)
         libcrypto.so.4 => /lib/libcrypto.so.4 (0x28485000)
         libroken.so.8 => /usr/lib/libroken.so.8 (0x2858b000)
         libcom_err.so.3 => /usr/lib/libcom_err.so.3 (0x28598000)
         libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x2859a000)
         liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x285c8000)
         libssl.so.4 => /usr/lib/libssl.so.4 (0x285d5000)
 )
 
 I've uncommented kerberos auth in /etc/pam.d/system 
 auth           sufficient      pam_krb5.so             no_warn try_first_pass
 and logged in using MS Windows Network password.
 
 klist showed correct credential values.
 
 smbclient successfully conected to windows server using -k option (Kerberos 
 auth):
 ~[500]$ smbclient -k '\\server\c$'
 OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2]
 smb: \>
 
 
 But Konqueror, on connecting to windows server requested user and password 
 and finished with no access error while I entered correct user/password.
 
 When compiled with --with-krb5 --with-ldap --with-ads options Konqueror also 
 asks to user/password and successfully connects to server.
 
 Sincerely Yours
 Dmitry
 
 > Hi, Dmitry!
 >
 > Indeed, Samba developers confirmed that now it's necessary to link with
 > Kerberos to get ability to log into ADS domain. Last time I asked this
 > in ML i was said no libraries are necessary.
 >
 > Can you, pleasae, try this set of options and tell me, did it help to you?
 >
 > CONFIGURE_ARGS+=        --with-krb5
 > CONFIGURE_ARGS+=        --withoout-ldap
 > CONFIGURE_ARGS+=        --without-ads
 >
 > Just to reduce number of dependencies :)
 >
 > With best regads,
 > Timur Bakeyev

More information about the freebsd-ports-bugs mailing list