When choosing GSSAPI_MIT, samba413 fails to build with krb5 1.20. It builds fine with krb5 1.19.3, though. ===> The following configuration options are available for samba413-4.13.17_1: ADS=on: Active Directory client(implies LDAP) AD_DC=on: Active Directory Domain Controller(implies PYTHON3) CLUSTER=off: Clustering support CUPS=off: CUPS printing system support DOCS=on: Build and/or install documentation FAM=on: File Alteration Monitor GPGME=off: GpgME support LDAP=on: LDAP client MANDOC=off: Build manpages from DOCBOOK templates NTVFS=off: Build *DEPRECATED* NTVFS file server PROFILE=on: Profiling data PYTHON3=on: Python 3.x bindings or support QUOTAS=on: Disk quota support SPOTLIGHT=off: Spotlight server-side search support SYSLOG=on: Syslog logging support UTMP=on: UTMP accounting ====> VFS modules FRUIT=on: MacOSX and TimeMachine support GLUSTERFS=off: GlusterFS support ====> GSSAPI Security API support: you have to select exactly one of them GSSAPI_BUILTIN=off: GSSAPI support via bundled Heimdal GSSAPI_MIT=on: GSSAPI support via security/krb5 ====> Zero configuration networking: you have to select exactly one of them ZEROCONF_NONE=off: Zeroconf support is absent AVAHI=on: Zeroconf support via Avahi MDNSRESPONDER=off: Zeroconf support via mDNSResponder ====> DNS frontend: you can only select none or one of them NSUPDATE=off: Use samba NSUPDATE utility for AD DC BIND911=off: Use Bind 9.11 as AD DC DNS server frontend BIND916=off: Use Bind 9.16 as AD DC DNS server frontend [2758/3370] Compiling source4/kdc/mit_samba.c runner ['cc', '-D_SAMBA_BUILD_=4', '-DHAVE_CONFIG_H=1', '-O2', '-pipe', '-DLIBICONV_PLUG', '-fno-color-diagnostics', '-fstack-protector-strong', '-DLDAP_DEPRECATED', '-isystem', '/usr/local/include', '-fno-strict-aliasing', '-fno-omit-frame-pointer', '-MMD', '-D_GNU_SOURCE=1', '-D_XOPEN_SOURCE_EXTENDED=1', '-DHAVE_CONFIG_H=1', '-fPIC', '-D__STDC_WANT_LIB_EXT1__=1', '-D_REENTRANT', '-fstack-protector-strong', '-fstack-clash-protection', '-DSTATIC_MIT_SAMBA_MODULES=NULL', '-DSTATIC_MIT_SAMBA_MODULES_PROTO=extern void __MIT_SAMBA_dummy_module_proto(void)', '-fstack-protector-strong', '-fstack-protector-strong', '-fstack-protector-strong', '-Isource4/kdc', '-I../../source4/kdc', '-Iinclude/public', '-I../../include/public', '-Isource4', '-I../../source4', '-Ilib', '-I../../lib', '-Isource4/lib', '-I../../source4/lib', '-Isource4/include', '-I../../source4/include', '-Iinclude', '-I../../include', '-Ilib/replace', '-I../../lib/replace', '-I.', '-I../..', '-Ilibrpc', '-I../../librpc', '-Ilibcli/auth', '-I../../libcli/auth', '-Isource4/heimdal/kdc', '-I../../source4/heimdal/kdc', '-Idynconfig', '-I../../dynconfig', '-Ilibcli/nbt', '-I../../libcli/nbt', '-Isource4/libcli', '-I../../source4/libcli', '-Isource4/librpc', '-I../../source4/librpc', '-Ilibcli/dns', '-I../../libcli/dns', '-Ilibcli/lsarpc', '-I../../libcli/lsarpc', '-Isource4/libcli/ldap', '-I../../source4/libcli/ldap', '-Isource4/lib/socket', '-I../../source4/lib/socket', '-Ilibcli/util', '-I../../libcli/util', '-Isource4/lib/messaging', '-I../../source4/lib/messaging', '-Isource4/dsdb', '-I../../source4/dsdb', '-Isource4/lib/tls', '-I../../source4/lib/tls', '-Ilibds/common', '-I../../libds/common', '-Iauth/credentials', '-I../../auth/credentials', '-Iauth/gensec', '-I../../auth/gensec', '-Ilib/param', '-I../../lib/param', '-Isource3', '-I../../source3', '-Isource3/include', '-I../../source3/include', '-Isource3/lib', '-I../../source3/lib', '-Isource3/librpc/usr/local/include', '-I../../source3/librpc/usr/local/include', '-Isource3/librpc', '-I../../source3/librpc', '-Isource3/usr/local/include', '-I../../source3/usr/local/include', '-Ilib/krb5_wrap', '-I../../lib/krb5_wrap', '-Ilibcli/smb', '-I../../libcli/smb', '-Insswitch/libwbclient', '-I../../nsswitch/libwbclient', '-Isource4/lib/events', '-I../../source4/lib/events', '-Ilibcli/ldap', '-I../../libcli/ldap', '-Isource4/auth/kerberos', '-I../../source4/auth/kerberos', '-Ilib/ldb/include', '-I../../lib/ldb/include', '-Ilib/ldb', '-I../../lib/ldb', '-Isource4/param', '-I../../source4/param', '-Ilib/addns', '-I../../lib/addns', '-Ilibcli/netlogon', '-I../../libcli/netlogon', '-Iauth', '-I../../auth', '-Ilib/util/charset', '-I../../lib/util/charset', '-Ilib/messaging', '-I../../lib/messaging', '-Iauth/kerberos', '-I../../auth/kerberos', '-Ilib/ldb-samba', '-I../../lib/ldb-samba', '-Isource4/auth/gensec', '-I../../source4/auth/gensec', '-Ilib/tsocket', '-I../../lib/tsocket', '-Ilibcli/http', '-I../../libcli/http', '-Ilib/audit_logging', '-I../../lib/audit_logging', '-Isource4/libcli/smb2', '-I../../source4/libcli/smb2', '-Ilib/async_req', '-I../../lib/async_req', '-Ilib/dbwrap', '-I../../lib/dbwrap', '-Ilibcli/security', '-I../../libcli/security', '-Ilib/pthreadpool', '-I../../lib/pthreadpool', '-Insswitch', '-I../../nsswitch', '-Ilibcli/cldap', '-I../../libcli/cldap', '-Ilibcli/drsuapi', '-I../../libcli/drsuapi', '-Ilib/socket', '-I../../lib/socket', '-Ilib/crypto', '-I../../lib/crypto', '-Iauth/ntlmssp', '-I../../auth/ntlmssp', '-Isource4/auth', '-I../../source4/auth', '-Isource4/cluster', '-I../../source4/cluster', '-Isource4/lib/stream', '-I../../source4/lib/stream', '-Ilib/compression', '-I../../lib/compression', '-I/usr/local/include', '-I/usr/local/include/p11-kit-1', '../../source4/kdc/mit_samba.c', '-c', '-o/wrkdirs/usr/ports/net/samba413/work/samba-4.13.17/bin/default/source4/kdc/mit_samba.c.18.o', '-DLIBICONV_PLUG', '-isystem', '/usr/local/include'] ../../source4/kdc/mit_samba.c:73:2: warning: 'tevent_loop_allow_nesting' is deprecated [-Wdeprecated-declarations] tevent_loop_allow_nesting(base_ctx.ev_ctx); ^ /usr/local/include/tevent.h:2370:59: note: 'tevent_loop_allow_nesting' has been explicitly marked deprecated here void tevent_loop_allow_nesting(struct tevent_context *ev) _DEPRECATED_; ^ ../../lib/replace/../replace/replace.h:469:38: note: expanded from macro '_DEPRECATED_' #define _DEPRECATED_ __attribute__ ((deprecated)) ^ ../../source4/kdc/mit_samba.c:198:15: error: use of undeclared identifier 'KRB5_KDB_FLAG_CANONICALIZE' if (kflags & KRB5_KDB_FLAG_CANONICALIZE) { ^ ../../source4/kdc/mit_samba.c:201:16: error: use of undeclared identifier 'KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY' if (kflags & (KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY | ^ ../../source4/kdc/mit_samba.c:202:9: error: use of undeclared identifier 'KRB5_KDB_FLAG_INCLUDE_PAC' KRB5_KDB_FLAG_INCLUDE_PAC)) { ^ 1 warning and 3 errors generated. Waf: Leaving directory `/wrkdirs/usr/ports/net/samba413/work/samba-4.13.17/bin/default' Build failed -> task in 'MIT_SAMBA' failed with exit status 1: {task 34464479040: c mit_samba.c -> mit_samba.c.18.o} ['cc', '-D_SAMBA_BUILD_=4', '-DHAVE_CONFIG_H=1', '-O2', '-pipe', '-DLIBICONV_PLUG', '-fno-color-diagnostics', '-fstack-protector-strong', '-DLDAP_DEPRECATED', '-isystem', '/usr/local/include', '-fno-strict-aliasing', '-fno-omit-frame-pointer', '-MMD', '-D_GNU_SOURCE=1', '-D_XOPEN_SOURCE_EXTENDED=1', '-DHAVE_CONFIG_H=1', '-fPIC', '-D__STDC_WANT_LIB_EXT1__=1', '-D_REENTRANT', '-fstack-protector-strong', '-fstack-clash-protection', '-DSTATIC_MIT_SAMBA_MODULES=NULL', '-DSTATIC_MIT_SAMBA_MODULES_PROTO=extern void __MIT_SAMBA_dummy_module_proto(void)', '-fstack-protector-strong', '-fstack-protector-strong', '-fstack-protector-strong', '-Isource4/kdc', '-I../../source4/kdc', '-Iinclude/public', '-I../../include/public', '-Isource4', '-I../../source4', '-Ilib', '-I../../lib', '-Isource4/lib', '-I../../source4/lib', '-Isource4/include', '-I../../source4/include', '-Iinclude', '-I../../include', '-Ilib/replace', '-I../../lib/replace', '-I.', '-I../..', '-Ilibrpc', '-I../../librpc', '-Ilibcli/auth', '-I../../libcli/auth', '-Isource4/heimdal/kdc', '-I../../source4/heimdal/kdc', '-Idynconfig', '-I../../dynconfig', '-Ilibcli/nbt', '-I../../libcli/nbt', '-Isource4/libcli', '-I../../source4/libcli', '-Isource4/librpc', '-I../../source4/librpc', '-Ilibcli/dns', '-I../../libcli/dns', '-Ilibcli/lsarpc', '-I../../libcli/lsarpc', '-Isource4/libcli/ldap', '-I../../source4/libcli/ldap', '-Isource4/lib/socket', '-I../../source4/lib/socket', '-Ilibcli/util', '-I../../libcli/util', '-Isource4/lib/messaging', '-I../../source4/lib/messaging', '-Isource4/dsdb', '-I../../source4/dsdb', '-Isource4/lib/tls', '-I../../source4/lib/tls', '-Ilibds/common', '-I../../libds/common', '-Iauth/credentials', '-I../../auth/credentials', '-Iauth/gensec', '-I../../auth/gensec', '-Ilib/param', '-I../../lib/param', '-Isource3', '-I../../source3', '-Isource3/include', '-I../../source3/include', '-Isource3/lib', '-I../../source3/lib', '-Isource3/librpc/usr/local/include', '-I../../source3/librpc/usr/local/include', '-Isource3/librpc', '-I../../source3/librpc', '-Isource3/usr/local/include', '-I../../source3/usr/local/include', '-Ilib/krb5_wrap', '-I../../lib/krb5_wrap', '-Ilibcli/smb', '-I../../libcli/smb', '-Insswitch/libwbclient', '-I../../nsswitch/libwbclient', '-Isource4/lib/events', '-I../../source4/lib/events', '-Ilibcli/ldap', '-I../../libcli/ldap', '-Isource4/auth/kerberos', '-I../../source4/auth/kerberos', '-Ilib/ldb/include', '-I../../lib/ldb/include', '-Ilib/ldb', '-I../../lib/ldb', '-Isource4/param', '-I../../source4/param', '-Ilib/addns', '-I../../lib/addns', '-Ilibcli/netlogon', '-I../../libcli/netlogon', '-Iauth', '-I../../auth', '-Ilib/util/charset', '-I../../lib/util/charset', '-Ilib/messaging', '-I../../lib/messaging', '-Iauth/kerberos', '-I../../auth/kerberos', '-Ilib/ldb-samba', '-I../../lib/ldb-samba', '-Isource4/auth/gensec', '-I../../source4/auth/gensec', '-Ilib/tsocket', '-I../../lib/tsocket', '-Ilibcli/http', '-I../../libcli/http', '-Ilib/audit_logging', '-I../../lib/audit_logging', '-Isource4/libcli/smb2', '-I../../source4/libcli/smb2', '-Ilib/async_req', '-I../../lib/async_req', '-Ilib/dbwrap', '-I../../lib/dbwrap', '-Ilibcli/security', '-I../../libcli/security', '-Ilib/pthreadpool', '-I../../lib/pthreadpool', '-Insswitch', '-I../../nsswitch', '-Ilibcli/cldap', '-I../../libcli/cldap', '-Ilibcli/drsuapi', '-I../../libcli/drsuapi', '-Ilib/socket', '-I../../lib/socket', '-Ilib/crypto', '-I../../lib/crypto', '-Iauth/ntlmssp', '-I../../auth/ntlmssp', '-Isource4/auth', '-I../../source4/auth', '-Isource4/cluster', '-I../../source4/cluster', '-Isource4/lib/stream', '-I../../source4/lib/stream', '-Ilib/compression', '-I../../lib/compression', '-I/usr/local/include', '-I/usr/local/include/p11-kit-1', '../../source4/kdc/mit_samba.c', '-c', '-o/wrkdirs/usr/ports/net/samba413/work/samba-4.13.17/bin/default/source4/kdc/mit_samba.c.18.o', '-DLIBICONV_PLUG', '-isystem', '/usr/local/include'] *** Error code 1 Stop. make: stopped in /usr/ports/net/samba413
This is due to this (https://github.com/krb5/krb5/commit/a441fbe329ebbd7775eb5d4ccc4a05eef370f08b) change in MIT KRB5. They have redefined "Entry get flags" in kdb.h. We don't have 4.16 yet but it appears that 4.16 also has the problem. We will need samba depend on krb5-119 until samba.org adds support for this change to 4.16.
Additinal info: The commit fixing it is here: https://github.com/samba-team/samba/commit/f1ca16f309a1794f7ce44c4112d3c0d458169158 Looks like it will be in samba 4.17. I tried backporting it to 4.13, and although I somehow got it to compile, I failed. Just maybe, it would be easier on 4.16, if someone wants to try.
(In reply to Felix Palmen from comment #2) Hi, Felix and Cy! Thanks for pointing to that relevant patch in the Samba tree, I've cherry-picked it into the samba416 and, at least, it compiles now with the current MIT Kerberos. Checking how it works would be another tricky thing :) With regards, Timur
(In reply to Ting-Wei Lan from comment #0) Hi Ting-Wei! Out of curiosity I wonder, why do you actually need to build Samba with MIT Kerberos? While it's possible, it is less featurefull than default Heimdal build. With regards, Timur
(In reply to Timur I. Bakeyev from comment #4) I don't want to argue with your point asking why the user wants to use MIT KRB5 when Heimdal KRB5 builds. But, can you explain how Heimdal is "more featureful" than MIT KRB5, please? Still, your answer to why you believe Heimdal is "more featureful" than MIT doesn't mitigate your point that the user should try to build against base Heimdal. Which BTW, I've been asked to upgrade our ancient Heimdal 1.5 in base to 7.7.0. Heimdal 7.7.0 may pose the same challenge as MIT 1.20 whereas Heimdal 1.5 in base does not. (I would think both MIT 1.20 and Heimdal 7.7.0 support newer KRB5 standards than our ancient 1.5 in base.) Can the user please try building Samba413 with Heimdal 7.7.0 in ports. I'm interested in what the result might be.
(In reply to Timur I. Bakeyev from comment #4) The reason I have to use MIT Kerberos is that gnome-control-center upstream only supports MIT Kerberos. I know that FreeBSD ports patch gnome-control-center in an unsupported way to make it use Heimdal Kerberos, but I want to be able to directly build from upstream sources. Since installing security/krb5 port causes many things to automatically pick up MIT Kerberos at the build time, I switch all ports installed on my systems to use MIT Kerberos to prevent executables and libraries from linking to two libkrb5.so.
I've backported a number of patches to net/samba412 so that it builds in DPorts (2022Q3). Just in case somebody wants to give it a go in FreeBSD Ports: https://github.com/DragonFlyBSD/DeltaPorts/commit/2bc2d1f517ba8476b No testing whatsoever has been done but I'm happy to test it if anybody knows how to do it. Also, if anybody wants to test it themselves, I'm happy to help too.
*** Bug 267366 has been marked as a duplicate of this bug. ***
Is this still a problem with net/samba416 or net/samba419 ?
(In reply to Rene Ladan from comment #9) No, these versions have support upstream.
Closing this as net/samba413 is removed as of 55ba831d1e3093830deab253b6788bfa13c14802