181558 – net-fs/samba-3.0.24-r3 - kerberos support not compiled w/ USE="kerberos -ldap"

Bug 181558 - net-fs/samba-3.0.24-r3 - kerberos support not compiled w/ USE="kerberos -ldap"

Summary: net-fs/samba-3.0.24-r3 - kerberos support not compiled w/ USE="kerberos -ldap"

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo's SAMBA Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-06-10 18:10 UTC by Clemente Aguiar
Modified:	2007-09-07 21:11 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
samba-3.0.24-r3.ebuild.patch (samba-3.0.24-r3.ebuild.patch,1.13 KB, patch) 2007-06-12 07:54 UTC, Evgeniy Kliymovich	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Clemente Aguiar 2007-06-10 18:10:24 UTC

Kerberos support not compiled when kerberos use flag defined in samba-3.0.24-r3 and LDAP use flag NOT defined.

Reproducible: Always

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2007-06-10 19:21:49 UTC

What exactly do you mean? ADS requires ldap, no way around it. So no, it won't be enabled unless you enable both use flags, not a bug.

Comment 2 Clemente Aguiar 2007-06-11 11:23:56 UTC

I will to explain the "problem" I had.

I wanted to setup PoPToP (http://www.poptop.org/) a PPTP server for establishing VPN connections.

According to instructions on the PoPtoP application, for it to work seamlessly with the MS Active Directory on my internal network I needed:
- PoPToP
- Samba (winbind) and
- Kerberos

For that I edited the /etc/portage/package.use and added:
net-fs/samba kerberos winbind

I then proceeded to emerge poptop, kerberos and samba:
# emerge pptpd
# emerge mit-krb5
# emerge samba

Configured everything according to http://www.members.optushome.com.au/~wskwok/poptop_ads_howto_1.htm and it failed on step 10 (test to see if the trust between the pptpd server and the domain is working) because there was no kerberos support.

I then figured out that was because kerberos support was not compiled even though I had specified the kerberos use flag. As a workaround I enabled the LDAP flag.

You say that ADS requires LDAP, but not all Samba deployments that require ADS authentication and trust need LDAP.

Also, from my point of view, if there is a kerberos use flag, that should mean "kerberos" support, otherwise better not have that flag.

Comment 3 Evgeniy Kliymovich 2007-06-12 07:54:10 UTC

Created attachment 121777 [details, diff]
samba-3.0.24-r3.ebuild.patch

This patch for samba-3.0.24-r3.ebuild.
Fixed dependencies ldap and kerberos use flags.

Comment 4 Tiziano Müller (RETIRED) gentoo-dev

2007-09-06 17:59:11 UTC

em, your patch is a bit inconsistent.

First you add openldap to the kerberos dependency, then you check that the ldap USE flag is set when kerberos is set.
But before you wrote that it's possible to build samba with kerberos but without openldap support.

Can you please explain this?

Comment 5 Tiziano Müller (RETIRED) gentoo-dev

2007-09-07 21:11:05 UTC

Well, I changed now the kerberos USE-flag to "ads" which makes it much clearer what's going on and added a conftest which checks that ldap is set when ads is requested.
Please reopen if you disagree on the solution.