Bug 92619
| Summary: | ADS, Kerberos are disabled in net/samba-libsmbclient that makes it useless in ADS based Microsoft network | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Dmitry Kazarov <kazarov> |
| Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
Dmitry Kazarov
2006-01-31 14:40:02 UTC
State Changed From-To: open->feedback Awaiting maintainers feedback Hi, Dmitry! Indeed, Samba developers confirmed that now it's necessary to link with Kerberos to get ability to log into ADS domain. Last time I asked this in ML i was said no libraries are necessary. Can you, pleasae, try this set of options and tell me, did it help to you? CONFIGURE_ARGS+= --with-krb5 CONFIGURE_ARGS+= --withoout-ldap CONFIGURE_ARGS+= --without-ads Just to reduce number of dependencies :) With best regads, Timur Bakeyev Hi, Timur
I've tested this lib with Konqueror browser of KDE. It seems that KDE does not
use Kerberos authentication when connecting to smb server:
I've recompiled libsmbclient with those (--with-krb5 --without-ldap
--without-ads) parameters using
portupgrade -f samba-libsmbclient
(
BTW, ldd shows that no kerberos was compiled in:
ldd /usr/local/lib/libsmbclient.so
/usr/local/lib/libsmbclient.so:
libcrypt.so.3 => /lib/libcrypt.so.3 (0x282f1000)
libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x2830a000)
while with --with-krb5 --with-ldap --with-ads much more libraries are
included:
libcrypt.so.3 => /lib/libcrypt.so.3 (0x28310000)
libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28329000)
libgssapi.so.8 => /usr/lib/libgssapi.so.8 (0x28416000)
libkrb5.so.8 => /usr/lib/libkrb5.so.8 (0x28425000)
libasn1.so.8 => /usr/lib/libasn1.so.8 (0x2845e000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x28485000)
libroken.so.8 => /usr/lib/libroken.so.8 (0x2858b000)
libcom_err.so.3 => /usr/lib/libcom_err.so.3 (0x28598000)
libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x2859a000)
liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x285c8000)
libssl.so.4 => /usr/lib/libssl.so.4 (0x285d5000)
)
I've uncommented kerberos auth in /etc/pam.d/system
auth sufficient pam_krb5.so no_warn try_first_pass
and logged in using MS Windows Network password.
klist showed correct credential values.
smbclient successfully conected to windows server using -k option (Kerberos
auth):
~[500]$ smbclient -k '\\server\c$'
OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2]
smb: \>
But Konqueror, on connecting to windows server requested user and password
and finished with no access error while I entered correct user/password.
When compiled with --with-krb5 --with-ldap --with-ads options Konqueror also
asks to user/password and successfully connects to server.
Sincerely Yours
Dmitry
> Hi, Dmitry!
>
> Indeed, Samba developers confirmed that now it's necessary to link with
> Kerberos to get ability to log into ADS domain. Last time I asked this
> in ML i was said no libraries are necessary.
>
> Can you, pleasae, try this set of options and tell me, did it help to you?
>
> CONFIGURE_ARGS+= --with-krb5
> CONFIGURE_ARGS+= --withoout-ldap
> CONFIGURE_ARGS+= --without-ads
>
> Just to reduce number of dependencies :)
>
> With best regads,
> Timur Bakeyev
State Changed From-To: feedback->closed Maintainer submitted PR 93553 with a patch for this issue. I checked with him on IRC and he said this PR should be closed. |
