Hi Andre,
I guess it is best to compile other components too (OpenSSL, OpenLDAP and MIT Kerberos 5). Have tested with (note that gcc is
default compiler in OI):
---8<------
#!/bin/bash
export PREFIX=/opt/SFW
commonINCLUDE="-I${PREFIX}/include -I/usr/gnu/include -I/usr/include -I${PREFIX}/apr/include -I/usr/include/readline
-I/usr/include/ncurses"
export CFLAGS="-m32 -march=native -D_POSIX_PTHREAD_SEMANTICS ${commonINCLUDE}"
export CXXFLAGS="${commonINCLUDE}"
export LDFLAGS="-R${PREFIX}/lib -R${PREFIX}/apr/lib -R/usr/gnu/lib -L${PREFIX}/lib
-L${PREFIX}/apr/lib -L/usr/gnu/lib"
export LIBS="-lnsl -lsocket"
export MAKE=gmake
# Not sure if this is needed:
export LDAP_LIBS="-lliblber -llibldap"
## Already compiled and installed using same options as from above, to be used
in Kerberized Linux centric environment:
### OpenSSL
## ./Configure --openssldir=${PREFIX} solaris-x86-gcc shared zlib zlib-dynamic
### OpenLDAP
## ./configure --prefix=${PREFIX} --with-tls=openssl --enable-wrappers
--enable-crypt --enable-modules
### MIT Kerberos 5
## ./configure --prefix=${PREFIX} --sysconfdir=${PREFIX}/etc/krb5 --with-ldap
--with-readline
# Build of Samba 4:
./configure --prefix=${PREFIX} \
--with-ldap \
--with-system-mitkrb5 \
--with-ads \
--with-pam \
--with-automount \
--with-winbind
---8<-----
And (note that compilation has failed because some stupid error during preparation of man pages), but binaries has been compiled
(also note that i have tried to compile Samba 4):
Build/samba-4.1.12$ ldd ./bin/default/source3/net | grep libldap
libldap-2.4.so.2 => /opt/SFW/lib/libldap-2.4.so.2
This shows that 'net' program (samba 3 compatibility one) has been compiled
with openldap libraries!
HTH
Regards
Predrag Zečević
P.S. Similar can be done for Samba 3 compilation (with some changes)
On 09/11/14 01:44 PM, Andre Kruger wrote:
Hi Predrag
Yeah thanks, I get to the same conclusion. But on the one machine I am compiling Samba
from source. I just need to find an option to make it use openldap instead to see if that
will fix my problem. The "configure --with-ldap" option does not take any
arguments so that option does not work.
Regards
André
-----Original Message-----
From: Predrag Zecevic [Unix Systems Administrator]
[mailto:predrag.zece...@2e-systems.com]
Sent: 11 September 2014 12:35
To: openindiana-discuss@openindiana.org
Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support
Hi Andre,
I have found this interesting article:
http://docs.oracle.com/cd/E19316-01/820-3040/gdbcd/index.html which might help
you better than me (I am not using Samba, but have compiled
OpenSSL/OpenSSH/OpenLDA/MIT Kerberos5 to work together).
When i find some time, will try to compile samba too.
To conclude, OI Samba 3 is NOT using OpenLDAP or OpenSSL, that might be cause
of error you get.
Regards.
Predrag Zečević
On 09/11/14 11:58 AM, Andre Kruger wrote:
Hi Predrag
The only option that I passed to the configure script was
"--with-shared-modules=idmap_ad". I left the rest on the defaults as it looked
to satisfy my needs.
Are you saying I should pass another option to my configure script
"--with-ldap=/usr/lib/openldap/bin"? I am using the correct path?
Regards
André
-----Original Message-----
From: Predrag Zecevic [Unix Systems Administrator]
[mailto:predrag.zece...@2e-systems.com]
Sent: 11 September 2014 11:49
To: openindiana-discuss@openindiana.org
Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support
Hi Andre,
your samba 4 is compiled against "mozldap" utilities (like OI does:
https://github.com/OpenIndiana/oi-userland/blob/70e9836ac11a90774a4aa5
4e0bfdfa2e0b703fae/components/samba/samba30/Makefile)
You have to specify to configure procedure path to openldap libraries instead
(use '-with-ldap' with path):
looks like you can define variable LDAP_LIBS="-lliblber -llibldap" before
configure is running.
So, how do you configured (compiled) samba 4?
Regards.
Predrag Zečević
On 09/11/14 11:29 AM, Andre Kruger wrote:
Hi
I have two test systems:
1. I installed Samba from the repos using the package manager.
2. I compiled Samba from source using the latest tarball on samba.org which was
4.1.11.
Both of them behave the same, but I have to note that on system 2 I did not specify to
the "configure" script to use any specific ldap client library. I mainly let it
do its own thing.
Looking at the below I can't tell which ldapsearch Samba is using:
ldd /usr/local/samba/bin/net | grep ldap
libsmbldap.so.0 => /usr/local/samba/lib/libsmbldap.so.0
libldap.so.5 => /usr/lib/libldap.so.5
libcli-ldap-common.so =>
/usr/local/samba/lib/private/libcli-ldap-common.so
libcli_cldap.so => /usr/local/samba/lib/private/libcli_cldap.so
libsmbldaphelper.so =>
/usr/local/samba/lib/private/libsmbldaphelper.so
pkg search -l /usr/lib/libldap.so.5
INDEX ACTION VALUE PACKAGE
path file usr/lib/libldap.so.5 pkg:/system/library@0.5.11-0.151.1.8
Regards
André
-----Original Message-----
From: Predrag Zecevic [Unix Systems Administrator]
[mailto:predrag.zece...@2e-systems.com]
Sent: 11 September 2014 11:20
To: openindiana-discuss@openindiana.org
Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support
Hi,
I was to fast:
$ ldd /usr/bin/net | grep ldap
libldap60.so => /usr/lib/libldap60.so
$ pkg search -l /usr/lib/libldap60.so
INDEX ACTION VALUE PACKAGE
path link usr/lib/libldap60.so
pkg:/library/samba/libsmbclient@3.6.22-2014.1.0.0
So, I guess Samba utilities are compiled against SunOS ldap utilities
(Netscape).
You might need to compile it yourself and use openldap utilities.
I might be wrong, but that is my impression.
Regards.
Predrag Zečević
On 09/11/14 11:08 AM, Andre Kruger wrote:
Hi
I do have the library/openldap package installed,
pkg list -a | grep ldap
SUNWapu13-ldap 1.3.9-0.133 --r
SUNWopenldap 2.4.11-0.133 --r
library/apr-util-13/apr-ldap 1.5.2-0.151.1.8 i--
library/openldap 2.4.34-0.151.1.8 i--
naming/ldap 0.5.11-0.151.1.8 i--
service/network/ldap/opends (opensolaris.org) 2.2.0-0.111 i--
web/library/apache/apr-util-13/apr-ldap 1.3.9-0.134 --r
And searching for the ldapsearch pakage on my system gives the following:
pkg search -l ldapsearch
INDEX ACTION VALUE PACKAGE
basename link usr/lib/openldap/bin/amd64/ldapsearch
pkg:/library/openldap@2.4.34-0.151.1.8
basename link usr/lib/openldap/bin/ldapsearch
pkg:/library/openldap@2.4.34-0.151.1.8
basename file usr/bin/ldapsearch
pkg:/naming/ldap@0.5.11-0.151.1.8
basename file usr/opends/bin/ldapsearch
pkg:/service/network/ldap/opends@2.2.0-0.111
pkg search -l openldapsearch
INDEX ACTION VALUE PACKAGE
basename file usr/bin/amd64/openldapsearch
pkg:/library/openldap@2.4.34-0.151.1.8
basename file usr/bin/openldapsearch
pkg:/library/openldap@2.4.34-0.151.1.8
I understand what you are saying but I don't know how I should use the
information. Can you please explain. I don't see where/how I can choose between
using ldapsearch or openldapsearch?
When I (try to)join my Samba server to the domain I use the Samba "net ads
join" command and that does its own thing.
Regards
André
-----Original Message-----
From: Predrag Zecevic [Unix Systems Administrator]
[mailto:predrag.zece...@2e-systems.com]
Sent: 11 September 2014 10:12
To: openindiana-discuss@openindiana.org
Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support
Hi,
I guess OI has 2 versions of ldap:
a) SunOS one
b) OpenLDAP
You might want to use (for example) openldapsearch command instead
of ldapsearch [NOTE 'open' prefix]
$ pkg search -l ldapsearch
INDEX ACTION VALUE PACKAGE
basename file usr/share/bash-completion/completions/ldapsearch
pkg:/utility/bash-completion@2.1-2014.0.1.0
basename file usr/bin/ldapsearch
pkg:/naming/ldap@0.5.11-2014.1.2.14627
basename link usr/lib/openldap/bin/amd64/ldapsearch
pkg:/library/openldap@2.4.39-2014.1.2.2
basename link usr/lib/openldap/bin/ldapsearch
pkg:/library/openldap@2.4.39-2014.1.2.2
So, you might need to install library/openldap package and add
/usr/lib/openldap/bin to path before /usr/bin (if you wanna use only name
'ldapsearch') **or** use commands specifying 'open' prefix:
$ pkg search -l openldapsearch
INDEX ACTION VALUE PACKAGE
basename file usr/bin/amd64/openldapsearch
pkg:/library/openldap@2.4.39-2014.1.2.2
basename file usr/bin/openldapsearch
pkg:/library/openldap@2.4.39-2014.1.2.2
$ ldd /usr/lib/openldap/bin/ldapsearch
libldap-2.4.so.2 => /usr/lib/libldap-2.4.so.2
liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2
libsasl.so.1 => /usr/lib/libsasl.so.1
libnsl.so.1 => /lib/libnsl.so.1
libc.so.1 => /lib/libc.so.1
libresolv.so.2 => /lib/libresolv.so.2
libsocket.so.1 => /lib/libsocket.so.1
libssl.so.1.0.0 => /lib/libssl.so.1.0.0
libcrypto.so.1.0.0 => /lib/libcrypto.so.1.0.0
libmd.so.1 => /lib/libmd.so.1
libmp.so.2 => /lib/libmp.so.2
libdl.so.1 => /lib/libdl.so.1
libgcc_s.so.1 => /usr/lib/libgcc_s.so.1
libm.so.2 => /lib/libm.so.2
HTH
Regards.
Predrag Zečević
On 09/11/14 10:03 AM, Andre Kruger wrote:
I don't think this is a Samba problem I am only providing the info to help the
reader understand where I am coming from.
I am trying to join my Samba server to my domain. This previously worked but
our AD admins enabled LDAPS on the DCs which broke the connection. Upon
retrying to join the domain, running the samba join command in debug mode I get
the following:
Successfully contacted LDAP server 1.1.1.1 Connected to LDAP server
DC1.ad.domain.com StartTLS not supported by LDAP client libraries!
Is StartTLS supported by the ldap client we have in OI?
According to this site earlier versions of Solaris did not support it yet so I
am not sure if it is supported on the current release of OI.
http://www.informit.com/articles/article.aspx?p=30339&seqNum=3
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile: +49 174 3109 288, Skype: predrag.zecevic
E-mail: predrag.zece...@2e-systems.com
Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
65812 Bad Soden am Taunus, Germany Company
registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
[***]===---
According to the latest official figures, 43% of all statistics are totally
worthless.
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile: +49 174 3109 288, Skype: predrag.zecevic
E-mail: predrag.zece...@2e-systems.com
Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
65812 Bad Soden am Taunus, Germany Company
registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
[***]===---
Happiness is twin floppies.
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile: +49 174 3109 288, Skype: predrag.zecevic
E-mail: predrag.zece...@2e-systems.com
Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
65812 Bad Soden am Taunus, Germany Company
registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
[***]===---
Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail
Installation Guide"
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile: +49 174 3109 288, Skype: predrag.zecevic
E-mail: predrag.zece...@2e-systems.com
Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
65812 Bad Soden am Taunus, Germany Company
registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
[***]===---
From the cradle to the coffin underwear comes first. -- Bertolt Brecht
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile: +49 174 3109 288, Skype: predrag.zecevic
E-mail: predrag.zece...@2e-systems.com
Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
[***]===---
May Euell Gibbons eat your only copy of the manual!
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
