ports/92619: ADS, Kerberos are disabled in net/samba-libsmbclient that makes it useless in ADS based Microsoft network
Dmitry Kazarov
kazarov at mcm.ru
Sat Feb 18 15:10:17 UTC 2006
The following reply was made to PR ports/92619; it has been noted by GNATS.
From: Dmitry Kazarov <kazarov at mcm.ru>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: ports/92619: ADS, Kerberos are disabled in net/samba-libsmbclient that makes it useless in ADS based Microsoft network
Date: Fri, 10 Feb 2006 14:19:36 +0300
Hi, Timur
I've tested this lib with Konqueror browser of KDE. It seems that KDE does not
use Kerberos authentication when connecting to smb server:
I've recompiled libsmbclient with those (--with-krb5 --without-ldap
--without-ads) parameters using
portupgrade -f samba-libsmbclient
(
BTW, ldd shows that no kerberos was compiled in:
ldd /usr/local/lib/libsmbclient.so
/usr/local/lib/libsmbclient.so:
libcrypt.so.3 => /lib/libcrypt.so.3 (0x282f1000)
libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x2830a000)
while with --with-krb5 --with-ldap --with-ads much more libraries are
included:
libcrypt.so.3 => /lib/libcrypt.so.3 (0x28310000)
libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28329000)
libgssapi.so.8 => /usr/lib/libgssapi.so.8 (0x28416000)
libkrb5.so.8 => /usr/lib/libkrb5.so.8 (0x28425000)
libasn1.so.8 => /usr/lib/libasn1.so.8 (0x2845e000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x28485000)
libroken.so.8 => /usr/lib/libroken.so.8 (0x2858b000)
libcom_err.so.3 => /usr/lib/libcom_err.so.3 (0x28598000)
libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x2859a000)
liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x285c8000)
libssl.so.4 => /usr/lib/libssl.so.4 (0x285d5000)
)
I've uncommented kerberos auth in /etc/pam.d/system
auth sufficient pam_krb5.so no_warn try_first_pass
and logged in using MS Windows Network password.
klist showed correct credential values.
smbclient successfully conected to windows server using -k option (Kerberos
auth):
~[500]$ smbclient -k '\\server\c$'
OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2]
smb: \>
But Konqueror, on connecting to windows server requested user and password
and finished with no access error while I entered correct user/password.
When compiled with --with-krb5 --with-ldap --with-ads options Konqueror also
asks to user/password and successfully connects to server.
Sincerely Yours
Dmitry
> Hi, Dmitry!
>
> Indeed, Samba developers confirmed that now it's necessary to link with
> Kerberos to get ability to log into ADS domain. Last time I asked this
> in ML i was said no libraries are necessary.
>
> Can you, pleasae, try this set of options and tell me, did it help to you?
>
> CONFIGURE_ARGS+= --with-krb5
> CONFIGURE_ARGS+= --withoout-ldap
> CONFIGURE_ARGS+= --without-ads
>
> Just to reduce number of dependencies :)
>
> With best regads,
> Timur Bakeyev
More information about the freebsd-ports-bugs
mailing list