Kerberos support not compiled when kerberos use flag defined in samba-3.0.24-r3 and LDAP use flag NOT defined. Reproducible: Always
What exactly do you mean? ADS requires ldap, no way around it. So no, it won't be enabled unless you enable both use flags, not a bug.
I will to explain the "problem" I had. I wanted to setup PoPToP (http://www.poptop.org/) a PPTP server for establishing VPN connections. According to instructions on the PoPtoP application, for it to work seamlessly with the MS Active Directory on my internal network I needed: - PoPToP - Samba (winbind) and - Kerberos For that I edited the /etc/portage/package.use and added: net-fs/samba kerberos winbind I then proceeded to emerge poptop, kerberos and samba: # emerge pptpd # emerge mit-krb5 # emerge samba Configured everything according to http://www.members.optushome.com.au/~wskwok/poptop_ads_howto_1.htm and it failed on step 10 (test to see if the trust between the pptpd server and the domain is working) because there was no kerberos support. I then figured out that was because kerberos support was not compiled even though I had specified the kerberos use flag. As a workaround I enabled the LDAP flag. You say that ADS requires LDAP, but not all Samba deployments that require ADS authentication and trust need LDAP. Also, from my point of view, if there is a kerberos use flag, that should mean "kerberos" support, otherwise better not have that flag.
Created attachment 121777 [details, diff] samba-3.0.24-r3.ebuild.patch This patch for samba-3.0.24-r3.ebuild. Fixed dependencies ldap and kerberos use flags.
em, your patch is a bit inconsistent. First you add openldap to the kerberos dependency, then you check that the ldap USE flag is set when kerberos is set. But before you wrote that it's possible to build samba with kerberos but without openldap support. Can you please explain this?
Well, I changed now the kerberos USE-flag to "ads" which makes it much clearer what's going on and added a conftest which checks that ldap is set when ads is requested. Please reopen if you disagree on the solution.