samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

classic Classic list List threaded Threaded
17 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
Hi list,
I'm trying to build samba 4.6.6 for a domain member of my AD domain with
the --with-system-mitkrb5 option but after a successful configure I get
this error:

root@kdm04:~/samba/samba-4.6.6# make
WAF_MAKE=1 python ./buildtools/bin/waf build
Waf: Entering directory `/root/samba/samba-4.6.6/bin'
        Selected system MIT krb5 libraries, Heimdal use is disabled
Checking project rules ...
Unknown dependency 'kdc' in 'service_kdc.objlist'
Makefile:8: recipe for target 'all' failed
make: *** [all] Error 1

Actually server is running samba 4.6.5 (Heimdal) and is joined as member
of my samba AD domain.

I try to configure 4.6.6 with this options:

root@kdm04:~/samba/samba-4.6.6# ./configure --disable-cups
--disable-iprint --enable-gnutls --with-systemd --with-system-mitkrb5

and this is the (I think) relevant part of configure

Looking for kerberos features
Checking for program
krb5-config.heimdal                                          : not
found
Checking for program
krb5-config                                                  : /usr/bin/krb5-config
Checking
for /usr/bin/krb5-config                                                 : yes
Checking for
kdb                                                                  :
yes
Checking for
gssapi                                                               :
yes
Kerberos 5 release 1.15.1 is detected, MIT krb5 build can proceed
Checking for
com_err                                                              :
not found
Checking for
_et_list                                                             :
not found
Checking for macro
_et_list                                                       : not
found
Checking for header
com_err.h                                                     : yes
Checking for header
kdb.h                                                         : yes
Checking for header
krb5/locate_plugin.h                                          : yes
Checking for header
gssapi.h                                                      : yes
Checking for header
gssapi/gssapi_generic.h                                       : yes
Checking for header
gssapi/gssapi.h                                               : yes
Checking for header
gssapi/gssapi_ext.h                                           : yes
Checking for header
gssapi/gssapi_krb5.h                                          : yes
Checking for header
gssapi/gssapi_oid.h                                           : no
Checking for
krb5_encrypt_data                                                    :
not found
Checking for macro
krb5_encrypt_data                                              : not
found
Checking for library
crypto                                                       : not
found
Checking for
des_set_key                                                          :
not found
Checking for macro
des_set_key                                                    : not
found
Checking for library
asn1                                                         : not
found
Checking for
copy_Authenticator                                                   :
not found
Checking for macro
copy_Authenticator                                             : not
found
Checking for library
roken                                                        : not
found
Checking for
roken_getaddrinfo_hostspec                                           :
not found
Checking for macro
roken_getaddrinfo_hostspec                                     : not
found
Checking for header
profile.h                                                     : yes
Checking for
gss_display_status                                                   :
ok
Checking for
gss_wrap_iov                                                         :
ok
Checking for
gss_krb5_import_cred                                                 :
ok
Checking for
gss_get_name_attribute                                               :
ok
Checking for
gss_mech_krb5                                                        :
ok
Checking for
gss_oid_equal                                                        :
ok
Checking for
gss_inquire_sec_context_by_oid                                       :
ok
Checking for
gsskrb5_extract_authz_data_from_sec_context                          :
ok
Checking for
gss_krb5_export_lucid_sec_context                                    :
ok
Checking for
gss_import_cred                                                      :
ok
Checking for
gss_export_cred                                                      :
ok
Checking for
gss_acquire_cred_from                                                :
ok
Checking for variable
GSS_KRB5_CRED_NO_CI_FLAGS_X                                 : yes
Checking for
krb5_mk_req_extended                                                 :
ok
Checking for
krb5_kt_compare                                                      :
not found
Checking for macro
krb5_kt_compare                                                : not
found
Checking for
krb5_auth_con_getrecvsubkey                                          :
ok
Checking for
krb5_auth_con_getsendsubkey                                          :
ok
Checking for
krb5_set_default_in_tkt_etypes                                       :
not found
Checking for macro
krb5_set_default_in_tkt_etypes                                 : not
found
Checking for
krb5_set_default_tgs_enctypes                                        :
ok
Checking for
krb5_set_default_tgs_ktypes                                          :
ok
Checking for
krb5_principal2salt                                                  :
ok
Checking for
krb5_c_string_to_key                                                 :
ok
Checking for
krb5_get_pw_salt                                                     :
not found
Checking for macro
krb5_get_pw_salt                                               : not
found
Checking for
krb5_string_to_key_salt                                              :
not found
Checking for macro
krb5_string_to_key_salt                                        : not
found
Checking for
krb5_auth_con_setkey                                                 :
not found
Checking for macro
krb5_auth_con_setkey                                           : not
found
Checking for
krb5_auth_con_setuseruserkey                                         :
ok
Checking for
krb5_get_permitted_enctypes                                          :
ok
Checking for
krb5_get_default_in_tkt_etypes                                       :
not found
Checking for macro
krb5_get_default_in_tkt_etypes                                 : not
found
Checking for
krb5_free_data_contents                                              :
ok
Checking for
krb5_principal_get_comp_string                                       :
not found
Checking for macro
krb5_principal_get_comp_string                                 : not
found
Checking for
krb5_free_unparsed_name                                              :
ok
Checking for
krb5_free_keytab_entry_contents                                      :
ok
Checking for
krb5_kt_free_entry                                                   :
ok
Checking for
krb5_krbhst_init                                                     :
not found
Checking for macro
krb5_krbhst_init                                               : not
found
Checking for
krb5_krbhst_get_addrinfo                                             :
not found
Checking for macro
krb5_krbhst_get_addrinfo                                       : not
found
Checking for
krb5_crypto_init                                                     :
not found
Checking for macro
krb5_crypto_init                                               : not
found
Checking for
krb5_crypto_destroy                                                  :
not found
Checking for macro
krb5_crypto_destroy                                            : not
found
Checking for
krb5_c_verify_checksum                                               :
ok
Checking for
krb5_principal_compare_any_realm                                     :
ok
Checking for
krb5_parse_name_norealm                                              :
not found
Checking for macro
krb5_parse_name_norealm                                        : not
found
Checking for
krb5_princ_size                                                      :
not found
Checking for macro
krb5_princ_size                                                : not
found
Checking for
krb5_get_init_creds_opt_set_pac_request                              :
ok
Checking for
krb5_get_renewed_creds                                               :
ok
Checking for
krb5_free_error_contents                                             :
not found
Checking for macro
krb5_free_error_contents                                       : not
found
Checking for
initialize_krb5_error_table                                          :
ok
Checking for
krb5_get_init_creds_opt_alloc                                        :
ok
Checking for
krb5_get_init_creds_opt_free                                         :
ok
Checking for
krb5_get_init_creds_opt_get_error                                    :
not found
Checking for macro
krb5_get_init_creds_opt_get_error                              : not
found
Checking for
krb5_enctype_to_string                                               :
ok
Checking for
krb5_fwd_tgt_creds                                                   :
ok
Checking for
krb5_auth_con_set_req_cksumtype                                      :
ok
Checking for
krb5_get_creds_opt_alloc                                             :
not found
Checking for macro
krb5_get_creds_opt_alloc                                       : not
found
Checking for
krb5_get_creds_opt_set_impersonate                                   :
not found
Checking for macro
krb5_get_creds_opt_set_impersonate                             : not
found
Checking for
krb5_get_creds                                                       :
not found
Checking for macro
krb5_get_creds                                                 : not
found
Checking for
krb5_get_credentials_for_user                                        :
ok
Checking for
krb5_get_host_realm                                                  :
ok
Checking for
krb5_free_host_realm                                                 :
ok
Checking for
krb5_get_init_creds_keyblock                                         :
not found
Checking for macro
krb5_get_init_creds_keyblock                                   : not
found
Checking for
krb5_get_init_creds_keytab                                           :
ok
Checking for
krb5_make_principal                                                  :
not found
Checking for macro
krb5_make_principal                                            : not
found
Checking for
krb5_build_principal_alloc_va                                        :
ok
Checking for
krb5_cc_get_lifetime                                                 :
not found
Checking for macro
krb5_cc_get_lifetime                                           : not
found
Checking for
krb5_cc_retrieve_cred                                                :
ok
Checking for
krb5_cc_copy_creds                                                   :
ok
Checking for
krb5_free_checksum_contents                                          :
ok
Checking for
krb5_c_make_checksum                                                 :
ok
Checking for
krb5_create_checksum                                                 :
not found
Checking for macro
krb5_create_checksum                                           : not
found
Checking for
krb5_config_get_bool_default                                         :
not found
Checking for macro
krb5_config_get_bool_default                                   : not
found
Checking for
krb5_get_profile                                                     :
ok
Checking for
krb5_data_copy                                                       :
not found
Checking for macro
krb5_data_copy                                                 : not
found
Checking for
krb5_init_keyblock                                                   :
ok
Checking for
krb5_principal_set_realm                                             :
not found
Checking for macro
krb5_principal_set_realm                                       : not
found
Checking for
krb5_principal_get_type                                              :
not found
Checking for macro
krb5_principal_get_type                                        : not
found
Checking for
krb5_principal_set_type                                              :
not found
Checking for macro
krb5_principal_set_type                                        : not
found
Checking for
krb5_warnx                                                           :
not found
Checking for macro
krb5_warnx                                                     : not
found
Checking for
krb5_get_prompt_types                                                :
ok
Checking for declaration of
krb5_get_credentials_for_user                         : no
Checking for declaration of
krb5_auth_con_set_req_cksumtype                       : yes
Checking for variable
AP_OPTS_USE_SUBKEY                                          : yes
Checking for variable
KV5M_KEYTAB                                                 : yes
Checking for variable
KRB5_KU_OTHER_CKSUM                                         : no
Checking for variable
KRB5_KEYUSAGE_APP_DATA_CKSUM                                : yes
Checking for variable
ENCTYPE_AES128_CTS_HMAC_SHA1_96                             : yes
Checking for variable
ENCTYPE_AES256_CTS_HMAC_SHA1_96                             : yes
Checking for declaration of
KRB5_PDU_NONE                                         : no
Checking for declaration of KRB5_PDU_NONE (as
enum)                               : no
Checking for member key in
krb5_keytab_entry                                      : yes
Checking for member keyblock in
krb5_keytab_entry                                 : no
Checking for member magic in
krb5_address                                         : yes
Checking for member addrtype in
krb5_address                                      : yes
Checking for member ticket in
krb5_ap_req                                         : yes
Checking for member type in
krb5_prompt                                           : no
Checking for
krb5_encrypt_block                                                   :
yes
Checking whether krb5_get_init_creds_opt_free takes a context
argument            : yes
Checking whether krb5_princ_component is
available                                : yes
Checking whether krb5_enctype_to_string takes size_t
argument                     : yes
Checking whether krb5_enctype_to_string takes krb5_context
argument               : no
Checking whether the macro krb5_princ_realm is
defined                            : yes
Checking whether krb5_principal_get_realm is
defined                              : no
Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is
available    : no
Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5_56 key type definition is
available : no
Checking whether the HAVE_KEYTYPE_ARCFOUR_56 key type definition is
available     : no
Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is
available        : yes
Checking whether the ENCTYPE_ARCFOUR_HMAC_EXP key type definition is
available    : yes
Checking whether the WRFILE:-keytab is
supported                                  : yes
Checking for KRB5_DEPRECATED define taking an
identifier                          : yes
Checking whether krb5_creds have flags
property                                   : no
Checking for gnutls >=
3.4.7                                                      : yes

I tried to google for an answer and also searched for tips related to
upgrading to 4.6.6 but didn't find any reference.

Any help would be appreciated,
Daniele.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
Hai,

First, it is very handy to know the os your trying to build on.
So what the system your trying to build it on?

Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba-technical
> [mailto:[hidden email]] Namens
> Daniele Dario via samba-technical
> Verzonden: vrijdag 28 juli 2017 10:42
> Aan: samba-technical
> Onderwerp: samba 4.6.6 Unknown dependency 'kdc' in
> 'service_kdc.objlist'
>
> Hi list,
> I'm trying to build samba 4.6.6 for a domain member of my AD
> domain with the --with-system-mitkrb5 option but after a
> successful configure I get this error:
>
> root@kdm04:~/samba/samba-4.6.6# make
> WAF_MAKE=1 python ./buildtools/bin/waf build
> Waf: Entering directory `/root/samba/samba-4.6.6/bin'
> Selected system MIT krb5 libraries, Heimdal use is
> disabled Checking project rules ...
> Unknown dependency 'kdc' in 'service_kdc.objlist'
> Makefile:8: recipe for target 'all' failed
> make: *** [all] Error 1
>
> Actually server is running samba 4.6.5 (Heimdal) and is
> joined as member of my samba AD domain.
>
> I try to configure 4.6.6 with this options:
>
> root@kdm04:~/samba/samba-4.6.6# ./configure --disable-cups
> --disable-iprint --enable-gnutls --with-systemd --with-system-mitkrb5
>
> and this is the (I think) relevant part of configure
>
> Looking for kerberos features
> Checking for program
> krb5-config.heimdal                                          : not
> found
> Checking for program
> krb5-config                                                  
> : /usr/bin/krb5-config
> Checking
> for /usr/bin/krb5-config                                      
>            : yes
> Checking for
> kdb                                                                  :
> yes
> Checking for
> gssapi                                                               :
> yes
> Kerberos 5 release 1.15.1 is detected, MIT krb5 build can
> proceed Checking for
> com_err                                                              :
> not found
> Checking for
> _et_list                                                             :
> not found
> Checking for macro
> _et_list                                                       : not
> found
> Checking for header
> com_err.h                                                     : yes
> Checking for header
> kdb.h                                                         : yes
> Checking for header
> krb5/locate_plugin.h                                          : yes
> Checking for header
> gssapi.h                                                      : yes
> Checking for header
> gssapi/gssapi_generic.h                                       : yes
> Checking for header
> gssapi/gssapi.h                                               : yes
> Checking for header
> gssapi/gssapi_ext.h                                           : yes
> Checking for header
> gssapi/gssapi_krb5.h                                          : yes
> Checking for header
> gssapi/gssapi_oid.h                                           : no
> Checking for
> krb5_encrypt_data                                                    :
> not found
> Checking for macro
> krb5_encrypt_data                                              : not
> found
> Checking for library
> crypto                                                       : not
> found
> Checking for
> des_set_key                                                          :
> not found
> Checking for macro
> des_set_key                                                    : not
> found
> Checking for library
> asn1                                                         : not
> found
> Checking for
> copy_Authenticator                                                   :
> not found
> Checking for macro
> copy_Authenticator                                             : not
> found
> Checking for library
> roken                                                        : not
> found
> Checking for
> roken_getaddrinfo_hostspec                                           :
> not found
> Checking for macro
> roken_getaddrinfo_hostspec                                     : not
> found
> Checking for header
> profile.h                                                     : yes
> Checking for
> gss_display_status                                                   :
> ok
> Checking for
> gss_wrap_iov                                                         :
> ok
> Checking for
> gss_krb5_import_cred                                                 :
> ok
> Checking for
> gss_get_name_attribute                                               :
> ok
> Checking for
> gss_mech_krb5                                                        :
> ok
> Checking for
> gss_oid_equal                                                        :
> ok
> Checking for
> gss_inquire_sec_context_by_oid                                       :
> ok
> Checking for
> gsskrb5_extract_authz_data_from_sec_context                          :
> ok
> Checking for
> gss_krb5_export_lucid_sec_context                                    :
> ok
> Checking for
> gss_import_cred                                                      :
> ok
> Checking for
> gss_export_cred                                                      :
> ok
> Checking for
> gss_acquire_cred_from                                                :
> ok
> Checking for variable
> GSS_KRB5_CRED_NO_CI_FLAGS_X                                 : yes
> Checking for
> krb5_mk_req_extended                                                 :
> ok
> Checking for
> krb5_kt_compare                                                      :
> not found
> Checking for macro
> krb5_kt_compare                                                : not
> found
> Checking for
> krb5_auth_con_getrecvsubkey                                          :
> ok
> Checking for
> krb5_auth_con_getsendsubkey                                          :
> ok
> Checking for
> krb5_set_default_in_tkt_etypes                                       :
> not found
> Checking for macro
> krb5_set_default_in_tkt_etypes                                 : not
> found
> Checking for
> krb5_set_default_tgs_enctypes                                        :
> ok
> Checking for
> krb5_set_default_tgs_ktypes                                          :
> ok
> Checking for
> krb5_principal2salt                                                  :
> ok
> Checking for
> krb5_c_string_to_key                                                 :
> ok
> Checking for
> krb5_get_pw_salt                                                     :
> not found
> Checking for macro
> krb5_get_pw_salt                                               : not
> found
> Checking for
> krb5_string_to_key_salt                                              :
> not found
> Checking for macro
> krb5_string_to_key_salt                                        : not
> found
> Checking for
> krb5_auth_con_setkey                                                 :
> not found
> Checking for macro
> krb5_auth_con_setkey                                           : not
> found
> Checking for
> krb5_auth_con_setuseruserkey                                         :
> ok
> Checking for
> krb5_get_permitted_enctypes                                          :
> ok
> Checking for
> krb5_get_default_in_tkt_etypes                                       :
> not found
> Checking for macro
> krb5_get_default_in_tkt_etypes                                 : not
> found
> Checking for
> krb5_free_data_contents                                              :
> ok
> Checking for
> krb5_principal_get_comp_string                                       :
> not found
> Checking for macro
> krb5_principal_get_comp_string                                 : not
> found
> Checking for
> krb5_free_unparsed_name                                              :
> ok
> Checking for
> krb5_free_keytab_entry_contents                                      :
> ok
> Checking for
> krb5_kt_free_entry                                                   :
> ok
> Checking for
> krb5_krbhst_init                                                     :
> not found
> Checking for macro
> krb5_krbhst_init                                               : not
> found
> Checking for
> krb5_krbhst_get_addrinfo                                             :
> not found
> Checking for macro
> krb5_krbhst_get_addrinfo                                       : not
> found
> Checking for
> krb5_crypto_init                                                     :
> not found
> Checking for macro
> krb5_crypto_init                                               : not
> found
> Checking for
> krb5_crypto_destroy                                                  :
> not found
> Checking for macro
> krb5_crypto_destroy                                            : not
> found
> Checking for
> krb5_c_verify_checksum                                               :
> ok
> Checking for
> krb5_principal_compare_any_realm                                     :
> ok
> Checking for
> krb5_parse_name_norealm                                              :
> not found
> Checking for macro
> krb5_parse_name_norealm                                        : not
> found
> Checking for
> krb5_princ_size                                                      :
> not found
> Checking for macro
> krb5_princ_size                                                : not
> found
> Checking for
> krb5_get_init_creds_opt_set_pac_request                              :
> ok
> Checking for
> krb5_get_renewed_creds                                               :
> ok
> Checking for
> krb5_free_error_contents                                             :
> not found
> Checking for macro
> krb5_free_error_contents                                       : not
> found
> Checking for
> initialize_krb5_error_table                                          :
> ok
> Checking for
> krb5_get_init_creds_opt_alloc                                        :
> ok
> Checking for
> krb5_get_init_creds_opt_free                                         :
> ok
> Checking for
> krb5_get_init_creds_opt_get_error                                    :
> not found
> Checking for macro
> krb5_get_init_creds_opt_get_error                              : not
> found
> Checking for
> krb5_enctype_to_string                                               :
> ok
> Checking for
> krb5_fwd_tgt_creds                                                   :
> ok
> Checking for
> krb5_auth_con_set_req_cksumtype                                      :
> ok
> Checking for
> krb5_get_creds_opt_alloc                                             :
> not found
> Checking for macro
> krb5_get_creds_opt_alloc                                       : not
> found
> Checking for
> krb5_get_creds_opt_set_impersonate                                   :
> not found
> Checking for macro
> krb5_get_creds_opt_set_impersonate                             : not
> found
> Checking for
> krb5_get_creds                                                       :
> not found
> Checking for macro
> krb5_get_creds                                                 : not
> found
> Checking for
> krb5_get_credentials_for_user                                        :
> ok
> Checking for
> krb5_get_host_realm                                                  :
> ok
> Checking for
> krb5_free_host_realm                                                 :
> ok
> Checking for
> krb5_get_init_creds_keyblock                                         :
> not found
> Checking for macro
> krb5_get_init_creds_keyblock                                   : not
> found
> Checking for
> krb5_get_init_creds_keytab                                           :
> ok
> Checking for
> krb5_make_principal                                                  :
> not found
> Checking for macro
> krb5_make_principal                                            : not
> found
> Checking for
> krb5_build_principal_alloc_va                                        :
> ok
> Checking for
> krb5_cc_get_lifetime                                                 :
> not found
> Checking for macro
> krb5_cc_get_lifetime                                           : not
> found
> Checking for
> krb5_cc_retrieve_cred                                                :
> ok
> Checking for
> krb5_cc_copy_creds                                                   :
> ok
> Checking for
> krb5_free_checksum_contents                                          :
> ok
> Checking for
> krb5_c_make_checksum                                                 :
> ok
> Checking for
> krb5_create_checksum                                                 :
> not found
> Checking for macro
> krb5_create_checksum                                           : not
> found
> Checking for
> krb5_config_get_bool_default                                         :
> not found
> Checking for macro
> krb5_config_get_bool_default                                   : not
> found
> Checking for
> krb5_get_profile                                                     :
> ok
> Checking for
> krb5_data_copy                                                       :
> not found
> Checking for macro
> krb5_data_copy                                                 : not
> found
> Checking for
> krb5_init_keyblock                                                   :
> ok
> Checking for
> krb5_principal_set_realm                                             :
> not found
> Checking for macro
> krb5_principal_set_realm                                       : not
> found
> Checking for
> krb5_principal_get_type                                              :
> not found
> Checking for macro
> krb5_principal_get_type                                        : not
> found
> Checking for
> krb5_principal_set_type                                              :
> not found
> Checking for macro
> krb5_principal_set_type                                        : not
> found
> Checking for
> krb5_warnx                                                           :
> not found
> Checking for macro
> krb5_warnx                                                     : not
> found
> Checking for
> krb5_get_prompt_types                                                :
> ok
> Checking for declaration of
> krb5_get_credentials_for_user                         : no
> Checking for declaration of
> krb5_auth_con_set_req_cksumtype                       : yes
> Checking for variable
> AP_OPTS_USE_SUBKEY                                          : yes
> Checking for variable
> KV5M_KEYTAB                                                 : yes
> Checking for variable
> KRB5_KU_OTHER_CKSUM                                         : no
> Checking for variable
> KRB5_KEYUSAGE_APP_DATA_CKSUM                                : yes
> Checking for variable
> ENCTYPE_AES128_CTS_HMAC_SHA1_96                             : yes
> Checking for variable
> ENCTYPE_AES256_CTS_HMAC_SHA1_96                             : yes
> Checking for declaration of
> KRB5_PDU_NONE                                         : no
> Checking for declaration of KRB5_PDU_NONE (as
> enum)                               : no
> Checking for member key in
> krb5_keytab_entry                                      : yes
> Checking for member keyblock in
> krb5_keytab_entry                                 : no
> Checking for member magic in
> krb5_address                                         : yes
> Checking for member addrtype in
> krb5_address                                      : yes
> Checking for member ticket in
> krb5_ap_req                                         : yes
> Checking for member type in
> krb5_prompt                                           : no
> Checking for
> krb5_encrypt_block                                                   :
> yes
> Checking whether krb5_get_init_creds_opt_free takes a context
> argument            : yes
> Checking whether krb5_princ_component is
> available                                : yes
> Checking whether krb5_enctype_to_string takes size_t
> argument                     : yes
> Checking whether krb5_enctype_to_string takes krb5_context
> argument               : no
> Checking whether the macro krb5_princ_realm is
> defined                            : yes
> Checking whether krb5_principal_get_realm is
> defined                              : no
> Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is
> available    : no
> Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5_56 key type
> definition is available : no Checking whether the
> HAVE_KEYTYPE_ARCFOUR_56 key type definition is
> available     : no
> Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is
> available        : yes
> Checking whether the ENCTYPE_ARCFOUR_HMAC_EXP key type definition is
> available    : yes
> Checking whether the WRFILE:-keytab is
> supported                                  : yes
> Checking for KRB5_DEPRECATED define taking an
> identifier                          : yes
> Checking whether krb5_creds have flags
> property                                   : no
> Checking for gnutls >=
> 3.4.7                                                      : yes
>
> I tried to google for an answer and also searched for tips
> related to upgrading to 4.6.6 but didn't find any reference.
>
> Any help would be appreciated,
> Daniele.
>
>
>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
On Fri, 28 Jul 2017 10:41:51 +0200
Daniele Dario via samba-technical <[hidden email]>
wrote:

> Hi list,
> I'm trying to build samba 4.6.6 for a domain member of my AD domain
> with the --with-system-mitkrb5 option but after a successful
> configure I get this error:

Two things wrong with that, '--with-system-mitkrb5' will only really
work on Version 4.7.0 when it comes out and it is meant for a DC
instead of a Unix domain member.

Rowland

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
On Fri, 2017-07-28 at 10:05 +0100, Rowland Penny via samba-technical
wrote:

> On Fri, 28 Jul 2017 10:41:51 +0200
> Daniele Dario via samba-technical <[hidden email]>
> wrote:
>
> > Hi list,
> > I'm trying to build samba 4.6.6 for a domain member of my AD domain
> > with the --with-system-mitkrb5 option but after a successful
> > configure I get this error:
>
> Two things wrong with that, '--with-system-mitkrb5' will only really
> work on Version 4.7.0 when it comes out and it is meant for a DC
> instead of a Unix domain member.

No, what changes with 4.7 is that it also enables the DC.  This option
is used by all the major (non-Debian) distributions for their build of
Samba.

Adding:
--without-ad-dc

Should fix the build bug.

Andrew Bartlett

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
On Fri, 28 Jul 2017 21:16:47 +1200
Andrew Bartlett <[hidden email]> wrote:

> On Fri, 2017-07-28 at 10:05 +0100, Rowland Penny via samba-technical
> wrote:
> > On Fri, 28 Jul 2017 10:41:51 +0200
> > Daniele Dario via samba-technical <[hidden email]>
> > wrote:
> >
> > > Hi list,
> > > I'm trying to build samba 4.6.6 for a domain member of my AD
> > > domain with the --with-system-mitkrb5 option but after a
> > > successful configure I get this error:
> >
> > Two things wrong with that, '--with-system-mitkrb5' will only really
> > work on Version 4.7.0 when it comes out and it is meant for a DC
> > instead of a Unix domain member.
>
> No, what changes with 4.7 is that it also enables the DC.  This option
> is used by all the major (non-Debian) distributions for their build of
> Samba.
>
> Adding:
> --without-ad-dc
>
> Should fix the build bug.
>
> Andrew Bartlett
>

Isn't that virtually the same as saying it is meant for the DC ?

'--without-ad-dc' turns off the DC

Rowland

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
On pe, 28 heinä 2017, Rowland Penny via samba-technical wrote:

> On Fri, 28 Jul 2017 21:16:47 +1200
> Andrew Bartlett <[hidden email]> wrote:
>
> > On Fri, 2017-07-28 at 10:05 +0100, Rowland Penny via samba-technical
> > wrote:
> > > On Fri, 28 Jul 2017 10:41:51 +0200
> > > Daniele Dario via samba-technical <[hidden email]>
> > > wrote:
> > >
> > > > Hi list,
> > > > I'm trying to build samba 4.6.6 for a domain member of my AD
> > > > domain with the --with-system-mitkrb5 option but after a
> > > > successful configure I get this error:
> > >
> > > Two things wrong with that, '--with-system-mitkrb5' will only really
> > > work on Version 4.7.0 when it comes out and it is meant for a DC
> > > instead of a Unix domain member.
> >
> > No, what changes with 4.7 is that it also enables the DC.  This option
> > is used by all the major (non-Debian) distributions for their build of
> > Samba.
> >
> > Adding:
> > --without-ad-dc
> >
> > Should fix the build bug.
> >
> > Andrew Bartlett
> >
>
> Isn't that virtually the same as saying it is meant for the DC ?
>
> '--without-ad-dc' turns off the DC
>
If you want to compile against MIT Kerberos, in all released versions
prior to 4.7.0 (which is only at a release candidate phase right now)
you have to pass --without-ad-dc because this is the only supported
combination: '--without-ad-dc --with-system-mitkrb5'. Starting with 4.7.0,
--with-system-mitkrb5 can be used without and with AD DC build. However,
the latter will require very recent MIT Kerberos version.

--
/ Alexander Bokovoy

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
On Fri, 28 Jul 2017 12:44:43 +0300
Alexander Bokovoy <[hidden email]> wrote:

> >
> If you want to compile against MIT Kerberos, in all released versions
> prior to 4.7.0 (which is only at a release candidate phase right now)
> you have to pass --without-ad-dc because this is the only supported
> combination: '--without-ad-dc --with-system-mitkrb5'. Starting with
> 4.7.0, --with-system-mitkrb5 can be used without and with AD DC
> build. However, the latter will require very recent MIT Kerberos
> version.
>

Thanks Alexander for clarifying that, so it seems we were both right ;-)

Rowland


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list



On ven, 2017-07-28 at 10:57 +0100, Rowland Penny via samba-technical
wrote:

> On Fri, 28 Jul 2017 12:44:43 +0300
> Alexander Bokovoy <[hidden email]> wrote:
>
> > >
> > If you want to compile against MIT Kerberos, in all released versions
> > prior to 4.7.0 (which is only at a release candidate phase right now)
> > you have to pass --without-ad-dc because this is the only supported
> > combination: '--without-ad-dc --with-system-mitkrb5'. Starting with
> > 4.7.0, --with-system-mitkrb5 can be used without and with AD DC
> > build. However, the latter will require very recent MIT Kerberos
> > version.
> >
>
> Thanks Alexander for clarifying that, so it seems we were both right ;-)
>
> Rowland
>

I'm more confused than before :-(

There's a security release for 4.6.6 that states

Release Announcements
---------------------

These are security releases in order to address the following defect:

o  CVE-2017-11103 (Orpheus' Lyre mutual authentication validation
bypass)

=======
Details
=======

o  CVE-2017-11103 (Heimdal):
   All versions of Samba from 4.0.0 onwards using embedded Heimdal
   Kerberos are vulnerable to a man-in-the-middle attack impersonating
   a trusted server, who may gain elevated access to the domain by
   returning malicious replication or authorization data.

   Samba binaries built against MIT Kerberos are not vulnerable.
...

From that info I thought it was intended to ask/tell people that
upgrading to 4.6.6 and enabling system mit would be a good idea.

I'm building on an Ubuntu 16.04LTS x64 and samba is a member of my AD
domain. Actually, I just use winbindd from samba 4.6.5 suite on this
server. I built Kerberos 5 release 1.15.1 and cifs-utils 6.4 in order
allow some users part of domain to login through ssh and auto-mount some
shares (from another DM server).

So actually cifs-utils uses MIT krb and winbindd Heimdal. I thought this
server to be a good candidate on my env to see what happens upgrading
and gave it a shot.

So, my question: is it possible to build 4.6.6 with system MIT Krb5
1.15.1 to work as a domain member of an AD domain or did I just
misunderstood the release announcement?

Daniele.



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
On Fri, 28 Jul 2017 12:21:28 +0200
Daniele Dario <[hidden email]> wrote:

>
>
>
> On ven, 2017-07-28 at 10:57 +0100, Rowland Penny via samba-technical
> wrote:
> > On Fri, 28 Jul 2017 12:44:43 +0300
> > Alexander Bokovoy <[hidden email]> wrote:
> >
> > > >
> > > If you want to compile against MIT Kerberos, in all released
> > > versions prior to 4.7.0 (which is only at a release candidate
> > > phase right now) you have to pass --without-ad-dc because this is
> > > the only supported combination: '--without-ad-dc
> > > --with-system-mitkrb5'. Starting with 4.7.0,
> > > --with-system-mitkrb5 can be used without and with AD DC build.
> > > However, the latter will require very recent MIT Kerberos version.
> > >
> >
> > Thanks Alexander for clarifying that, so it seems we were both
> > right ;-)
> >
> > Rowland
> >
>
> I'm more confused than before :-(
>
> There's a security release for 4.6.6 that states
>
> Release Announcements
> ---------------------
>
> These are security releases in order to address the following defect:
>
> o  CVE-2017-11103 (Orpheus' Lyre mutual authentication validation
> bypass)
>
> =======
> Details
> =======
>
> o  CVE-2017-11103 (Heimdal):
>    All versions of Samba from 4.0.0 onwards using embedded Heimdal
>    Kerberos are vulnerable to a man-in-the-middle attack impersonating
>    a trusted server, who may gain elevated access to the domain by
>    returning malicious replication or authorization data.
>
>    Samba binaries built against MIT Kerberos are not vulnerable.
> ...
>
> From that info I thought it was intended to ask/tell people that
> upgrading to 4.6.6 and enabling system mit would be a good idea.
>
> I'm building on an Ubuntu 16.04LTS x64 and samba is a member of my AD
> domain. Actually, I just use winbindd from samba 4.6.5 suite on this
> server. I built Kerberos 5 release 1.15.1 and cifs-utils 6.4 in order
> allow some users part of domain to login through ssh and auto-mount
> some shares (from another DM server).
>
> So actually cifs-utils uses MIT krb and winbindd Heimdal. I thought
> this server to be a good candidate on my env to see what happens
> upgrading and gave it a shot.
>
> So, my question: is it possible to build 4.6.6 with system MIT Krb5
> 1.15.1 to work as a domain member of an AD domain or did I just
> misunderstood the release announcement?
>
> Daniele.
>
>

From my understanding, both ;-)

Yes you can build 4.6.6 with MIT, but only without the DC

Yes, I think you did misunderstand the release announcement

The patches applied to create the release should have fixed the
potential problem, so you should just build Samba in the normal way for
your distro.

Rowland

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list



On ven, 2017-07-28 at 11:36 +0100, Rowland Penny via samba-technical
wrote:

> On Fri, 28 Jul 2017 12:21:28 +0200
> Daniele Dario <[hidden email]> wrote:
>
> >
> >
> >
> > On ven, 2017-07-28 at 10:57 +0100, Rowland Penny via samba-technical
> > wrote:
> > > On Fri, 28 Jul 2017 12:44:43 +0300
> > > Alexander Bokovoy <[hidden email]> wrote:
> > >
> > > > >
> > > > If you want to compile against MIT Kerberos, in all released
> > > > versions prior to 4.7.0 (which is only at a release candidate
> > > > phase right now) you have to pass --without-ad-dc because this is
> > > > the only supported combination: '--without-ad-dc
> > > > --with-system-mitkrb5'. Starting with 4.7.0,
> > > > --with-system-mitkrb5 can be used without and with AD DC build.
> > > > However, the latter will require very recent MIT Kerberos version.
> > > >
> > >
> > > Thanks Alexander for clarifying that, so it seems we were both
> > > right ;-)
> > >
> > > Rowland
> > >
> >
> > I'm more confused than before :-(
> >
> > There's a security release for 4.6.6 that states
> >
> > Release Announcements
> > ---------------------
> >
> > These are security releases in order to address the following defect:
> >
> > o  CVE-2017-11103 (Orpheus' Lyre mutual authentication validation
> > bypass)
> >
> > =======
> > Details
> > =======
> >
> > o  CVE-2017-11103 (Heimdal):
> >    All versions of Samba from 4.0.0 onwards using embedded Heimdal
> >    Kerberos are vulnerable to a man-in-the-middle attack impersonating
> >    a trusted server, who may gain elevated access to the domain by
> >    returning malicious replication or authorization data.
> >
> >    Samba binaries built against MIT Kerberos are not vulnerable.
> > ...
> >
> > From that info I thought it was intended to ask/tell people that
> > upgrading to 4.6.6 and enabling system mit would be a good idea.
> >
> > I'm building on an Ubuntu 16.04LTS x64 and samba is a member of my AD
> > domain. Actually, I just use winbindd from samba 4.6.5 suite on this
> > server. I built Kerberos 5 release 1.15.1 and cifs-utils 6.4 in order
> > allow some users part of domain to login through ssh and auto-mount
> > some shares (from another DM server).
> >
> > So actually cifs-utils uses MIT krb and winbindd Heimdal. I thought
> > this server to be a good candidate on my env to see what happens
> > upgrading and gave it a shot.
> >
> > So, my question: is it possible to build 4.6.6 with system MIT Krb5
> > 1.15.1 to work as a domain member of an AD domain or did I just
> > misunderstood the release announcement?
> >
> > Daniele.
> >
> >
>
> From my understanding, both ;-)
>
> Yes you can build 4.6.6 with MIT, but only without the DC
>
> Yes, I think you did misunderstand the release announcement
>
> The patches applied to create the release should have fixed the
> potential problem, so you should just build Samba in the normal way for
> your distro.
>
> Rowland
>

Sorry for being just a dumb end user :-(

Let me try to say it with my words:
      * if I build samba in the normal way I can use the suite to run a
        DC or a DM (no difference in build)
      * if I build 4.6.6 specifying --with-system-mitkrb5 I have to also
        add --without-ad-dc or it won't build.

The question is: can I build 4.6.6 --with-system-mitkrb5 --without-ad-dc
and run it as DM part of my AD domain as well as if I'd have built it in
the normal way (so using heimdal krb5 and the with ad dc)?

Daniele.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
On Fri, 28 Jul 2017 13:12:20 +0200
Daniele Dario <[hidden email]> wrote:

>
> Sorry for being just a dumb end user :-(

No apology required ;-)
 
>
> Let me try to say it with my words:
>       * if I build samba in the normal way I can use the suite to run
> a DC or a DM (no difference in build)

Yes

>       * if I build 4.6.6 specifying --with-system-mitkrb5 I have to
> also add --without-ad-dc or it won't build.

Yes

>
> The question is: can I build 4.6.6 --with-system-mitkrb5
> --without-ad-dc and run it as DM part of my AD domain as well as if
> I'd have built it in the normal way (so using heimdal krb5 and the
> with ad dc)?

Provided 'DM' stands for 'Unix domain member', yes

Rowland


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list



On ven, 2017-07-28 at 12:40 +0100, Rowland Penny via samba-technical
wrote:

> On Fri, 28 Jul 2017 13:12:20 +0200
> Daniele Dario <[hidden email]> wrote:
>
> >
> > Sorry for being just a dumb end user :-(
>
> No apology required ;-)
>  
> >
> > Let me try to say it with my words:
> >       * if I build samba in the normal way I can use the suite to run
> > a DC or a DM (no difference in build)
>
> Yes
>
> >       * if I build 4.6.6 specifying --with-system-mitkrb5 I have to
> > also add --without-ad-dc or it won't build.
>
> Yes
>
> >
> > The question is: can I build 4.6.6 --with-system-mitkrb5
> > --without-ad-dc and run it as DM part of my AD domain as well as if
> > I'd have built it in the normal way (so using heimdal krb5 and the
> > with ad dc)?
>
> Provided 'DM' stands for 'Unix domain member', yes
>
> Rowland
>
>

OK, so configured --with-system-mitkrb5 --without-ad-dc and build went
fine. Yuppie :-)

After install, I started winbindd. Normal tests did work:  wbinfo -P ok,
wbinfo -u/-g did show domain users/groups, id user looks correct. I
tried a login through ssh and it worked as well.

Looking through logs, I noticed in log.wb-SAITEL (domain name) a lot of
lines like this one:

ldb: unable to dlopen /usr/local/samba/lib/ldb/acl.so :
/usr/local/samba/lib/private/libauthkrb5-samba4.so: version
`SAMBA_4.6.5' not found (required by /usr/local/samba/lib/ldb/acl.so)
...

Daniele.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
On pe, 28 heinä 2017, Daniele Dario via samba-technical wrote:

>
>
>
> On ven, 2017-07-28 at 12:40 +0100, Rowland Penny via samba-technical
> wrote:
> > On Fri, 28 Jul 2017 13:12:20 +0200
> > Daniele Dario <[hidden email]> wrote:
> >
> > >
> > > Sorry for being just a dumb end user :-(
> >
> > No apology required ;-)
> >  
> > >
> > > Let me try to say it with my words:
> > >       * if I build samba in the normal way I can use the suite to run
> > > a DC or a DM (no difference in build)
> >
> > Yes
> >
> > >       * if I build 4.6.6 specifying --with-system-mitkrb5 I have to
> > > also add --without-ad-dc or it won't build.
> >
> > Yes
> >
> > >
> > > The question is: can I build 4.6.6 --with-system-mitkrb5
> > > --without-ad-dc and run it as DM part of my AD domain as well as if
> > > I'd have built it in the normal way (so using heimdal krb5 and the
> > > with ad dc)?
> >
> > Provided 'DM' stands for 'Unix domain member', yes
> >
> > Rowland
> >
> >
>
> OK, so configured --with-system-mitkrb5 --without-ad-dc and build went
> fine. Yuppie :-)
>
> After install, I started winbindd. Normal tests did work:  wbinfo -P ok,
> wbinfo -u/-g did show domain users/groups, id user looks correct. I
> tried a login through ssh and it worked as well.
>
> Looking through logs, I noticed in log.wb-SAITEL (domain name) a lot of
> lines like this one:
>
> ldb: unable to dlopen /usr/local/samba/lib/ldb/acl.so :
> /usr/local/samba/lib/private/libauthkrb5-samba4.so: version
> `SAMBA_4.6.5' not found (required by /usr/local/samba/lib/ldb/acl.so)
> ...
This is a result of unclean setup. You have files left over from the
previous Samba version. In this case it is an LDB plugin module. It is
built with explicit versioning to prevent loading it into a wrong samba
version. I don't think your --without-ad-dc build should have any of
these modules built, actually. You need to remove offending files.
--
/ Alexander Bokovoy

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list



On ven, 2017-07-28 at 16:45 +0300, Alexander Bokovoy wrote:

> On pe, 28 heinä 2017, Daniele Dario via samba-technical wrote:
> >
> >
> >
> > On ven, 2017-07-28 at 12:40 +0100, Rowland Penny via samba-technical
> > wrote:
> > > On Fri, 28 Jul 2017 13:12:20 +0200
> > > Daniele Dario <[hidden email]> wrote:
> > >
> > > >
> > > > Sorry for being just a dumb end user :-(
> > >
> > > No apology required ;-)
> > >  
> > > >
> > > > Let me try to say it with my words:
> > > >       * if I build samba in the normal way I can use the suite to run
> > > > a DC or a DM (no difference in build)
> > >
> > > Yes
> > >
> > > >       * if I build 4.6.6 specifying --with-system-mitkrb5 I have to
> > > > also add --without-ad-dc or it won't build.
> > >
> > > Yes
> > >
> > > >
> > > > The question is: can I build 4.6.6 --with-system-mitkrb5
> > > > --without-ad-dc and run it as DM part of my AD domain as well as if
> > > > I'd have built it in the normal way (so using heimdal krb5 and the
> > > > with ad dc)?
> > >
> > > Provided 'DM' stands for 'Unix domain member', yes
> > >
> > > Rowland
> > >
> > >
> >
> > OK, so configured --with-system-mitkrb5 --without-ad-dc and build went
> > fine. Yuppie :-)
> >
> > After install, I started winbindd. Normal tests did work:  wbinfo -P ok,
> > wbinfo -u/-g did show domain users/groups, id user looks correct. I
> > tried a login through ssh and it worked as well.
> >
> > Looking through logs, I noticed in log.wb-SAITEL (domain name) a lot of
> > lines like this one:
> >
> > ldb: unable to dlopen /usr/local/samba/lib/ldb/acl.so :
> > /usr/local/samba/lib/private/libauthkrb5-samba4.so: version
> > `SAMBA_4.6.5' not found (required by /usr/local/samba/lib/ldb/acl.so)
> > ...
> This is a result of unclean setup. You have files left over from the
> previous Samba version. In this case it is an LDB plugin module. It is
> built with explicit versioning to prevent loading it into a wrong samba
> version. I don't think your --without-ad-dc build should have any of
> these modules built, actually. You need to remove offending files.

Yes, I just built/installed 4.6.6 on a server which was running 4.6.5.
Did not re-joined to the domain nor changed/removed anything else.

I removed the offending files and restarted and everything looks good.

Thanks a lot for the help and explanations and can't wait for 4.7 to
update also the DCs and the file server DM.

Daniele.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
On Fri, 2017-07-28 at 14:02 +0200, Daniele Dario via samba-technical
wrote:
>
> Looking through logs, I noticed in log.wb-SAITEL (domain name) a lot of
> lines like this one:
>
> ldb: unable to dlopen /usr/local/samba/lib/ldb/acl.so :
> /usr/local/samba/lib/private/libauthkrb5-samba4.so: version
> `SAMBA_4.6.5' not found (required by /usr/local/samba/lib/ldb/acl.so)
> ...

You need to remove the old binaries before you upgrade.  Some of these
refer to your previous version, and so break the new version.

Sorry,

Andrew Bartlett

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
On Friday, 28 July 2017 10:41:51 CEST Daniele Dario via samba-technical wrote:

> Hi list,
> I'm trying to build samba 4.6.6 for a domain member of my AD domain with
> the --with-system-mitkrb5 option but after a successful configure I get
> this error:
>
> root@kdm04:~/samba/samba-4.6.6# make
> WAF_MAKE=1 python ./buildtools/bin/waf build
> Waf: Entering directory `/root/samba/samba-4.6.6/bin'
> Selected system MIT krb5 libraries, Heimdal use is disabled
> Checking project rules ...
> Unknown dependency 'kdc' in 'service_kdc.objlist'
> Makefile:8: recipe for target 'all' failed
> make: *** [all] Error 1
>
> Actually server is running samba 4.6.5 (Heimdal) and is joined as member
> of my samba AD domain.
>
> I try to configure 4.6.6 with this options:
>
> root@kdm04:~/samba/samba-4.6.6# ./configure --disable-cups
> --disable-iprint --enable-gnutls --with-systemd --with-system-mitkrb5

You need to add --without-ad-dc


        Andreas

>
> and this is the (I think) relevant part of configure
>
> Looking for kerberos features
> Checking for program
> krb5-config.heimdal                                          : not
> found
> Checking for program
> krb5-config                                                  :
> /usr/bin/krb5-config Checking
> for /usr/bin/krb5-config                                                 :
> yes Checking for
> kdb                                                                  :
> yes
> Checking for
> gssapi                                                               :
> yes
> Kerberos 5 release 1.15.1 is detected, MIT krb5 build can proceed
> Checking for
> com_err                                                              :
> not found
> Checking for
> _et_list                                                             :
> not found
> Checking for macro
> _et_list                                                       : not
> found
> Checking for header
> com_err.h                                                     : yes
> Checking for header
> kdb.h                                                         : yes
> Checking for header
> krb5/locate_plugin.h                                          : yes
> Checking for header
> gssapi.h                                                      : yes
> Checking for header
> gssapi/gssapi_generic.h                                       : yes
> Checking for header
> gssapi/gssapi.h                                               : yes
> Checking for header
> gssapi/gssapi_ext.h                                           : yes
> Checking for header
> gssapi/gssapi_krb5.h                                          : yes
> Checking for header
> gssapi/gssapi_oid.h                                           : no
> Checking for
> krb5_encrypt_data                                                    :
> not found
> Checking for macro
> krb5_encrypt_data                                              : not
> found
> Checking for library
> crypto                                                       : not
> found
> Checking for
> des_set_key                                                          :
> not found
> Checking for macro
> des_set_key                                                    : not
> found
> Checking for library
> asn1                                                         : not
> found
> Checking for
> copy_Authenticator                                                   :
> not found
> Checking for macro
> copy_Authenticator                                             : not
> found
> Checking for library
> roken                                                        : not
> found
> Checking for
> roken_getaddrinfo_hostspec                                           :
> not found
> Checking for macro
> roken_getaddrinfo_hostspec                                     : not
> found
> Checking for header
> profile.h                                                     : yes
> Checking for
> gss_display_status                                                   :
> ok
> Checking for
> gss_wrap_iov                                                         :
> ok
> Checking for
> gss_krb5_import_cred                                                 :
> ok
> Checking for
> gss_get_name_attribute                                               :
> ok
> Checking for
> gss_mech_krb5                                                        :
> ok
> Checking for
> gss_oid_equal                                                        :
> ok
> Checking for
> gss_inquire_sec_context_by_oid                                       :
> ok
> Checking for
> gsskrb5_extract_authz_data_from_sec_context                          :
> ok
> Checking for
> gss_krb5_export_lucid_sec_context                                    :
> ok
> Checking for
> gss_import_cred                                                      :
> ok
> Checking for
> gss_export_cred                                                      :
> ok
> Checking for
> gss_acquire_cred_from                                                :
> ok
> Checking for variable
> GSS_KRB5_CRED_NO_CI_FLAGS_X                                 : yes
> Checking for
> krb5_mk_req_extended                                                 :
> ok
> Checking for
> krb5_kt_compare                                                      :
> not found
> Checking for macro
> krb5_kt_compare                                                : not
> found
> Checking for
> krb5_auth_con_getrecvsubkey                                          :
> ok
> Checking for
> krb5_auth_con_getsendsubkey                                          :
> ok
> Checking for
> krb5_set_default_in_tkt_etypes                                       :
> not found
> Checking for macro
> krb5_set_default_in_tkt_etypes                                 : not
> found
> Checking for
> krb5_set_default_tgs_enctypes                                        :
> ok
> Checking for
> krb5_set_default_tgs_ktypes                                          :
> ok
> Checking for
> krb5_principal2salt                                                  :
> ok
> Checking for
> krb5_c_string_to_key                                                 :
> ok
> Checking for
> krb5_get_pw_salt                                                     :
> not found
> Checking for macro
> krb5_get_pw_salt                                               : not
> found
> Checking for
> krb5_string_to_key_salt                                              :
> not found
> Checking for macro
> krb5_string_to_key_salt                                        : not
> found
> Checking for
> krb5_auth_con_setkey                                                 :
> not found
> Checking for macro
> krb5_auth_con_setkey                                           : not
> found
> Checking for
> krb5_auth_con_setuseruserkey                                         :
> ok
> Checking for
> krb5_get_permitted_enctypes                                          :
> ok
> Checking for
> krb5_get_default_in_tkt_etypes                                       :
> not found
> Checking for macro
> krb5_get_default_in_tkt_etypes                                 : not
> found
> Checking for
> krb5_free_data_contents                                              :
> ok
> Checking for
> krb5_principal_get_comp_string                                       :
> not found
> Checking for macro
> krb5_principal_get_comp_string                                 : not
> found
> Checking for
> krb5_free_unparsed_name                                              :
> ok
> Checking for
> krb5_free_keytab_entry_contents                                      :
> ok
> Checking for
> krb5_kt_free_entry                                                   :
> ok
> Checking for
> krb5_krbhst_init                                                     :
> not found
> Checking for macro
> krb5_krbhst_init                                               : not
> found
> Checking for
> krb5_krbhst_get_addrinfo                                             :
> not found
> Checking for macro
> krb5_krbhst_get_addrinfo                                       : not
> found
> Checking for
> krb5_crypto_init                                                     :
> not found
> Checking for macro
> krb5_crypto_init                                               : not
> found
> Checking for
> krb5_crypto_destroy                                                  :
> not found
> Checking for macro
> krb5_crypto_destroy                                            : not
> found
> Checking for
> krb5_c_verify_checksum                                               :
> ok
> Checking for
> krb5_principal_compare_any_realm                                     :
> ok
> Checking for
> krb5_parse_name_norealm                                              :
> not found
> Checking for macro
> krb5_parse_name_norealm                                        : not
> found
> Checking for
> krb5_princ_size                                                      :
> not found
> Checking for macro
> krb5_princ_size                                                : not
> found
> Checking for
> krb5_get_init_creds_opt_set_pac_request                              :
> ok
> Checking for
> krb5_get_renewed_creds                                               :
> ok
> Checking for
> krb5_free_error_contents                                             :
> not found
> Checking for macro
> krb5_free_error_contents                                       : not
> found
> Checking for
> initialize_krb5_error_table                                          :
> ok
> Checking for
> krb5_get_init_creds_opt_alloc                                        :
> ok
> Checking for
> krb5_get_init_creds_opt_free                                         :
> ok
> Checking for
> krb5_get_init_creds_opt_get_error                                    :
> not found
> Checking for macro
> krb5_get_init_creds_opt_get_error                              : not
> found
> Checking for
> krb5_enctype_to_string                                               :
> ok
> Checking for
> krb5_fwd_tgt_creds                                                   :
> ok
> Checking for
> krb5_auth_con_set_req_cksumtype                                      :
> ok
> Checking for
> krb5_get_creds_opt_alloc                                             :
> not found
> Checking for macro
> krb5_get_creds_opt_alloc                                       : not
> found
> Checking for
> krb5_get_creds_opt_set_impersonate                                   :
> not found
> Checking for macro
> krb5_get_creds_opt_set_impersonate                             : not
> found
> Checking for
> krb5_get_creds                                                       :
> not found
> Checking for macro
> krb5_get_creds                                                 : not
> found
> Checking for
> krb5_get_credentials_for_user                                        :
> ok
> Checking for
> krb5_get_host_realm                                                  :
> ok
> Checking for
> krb5_free_host_realm                                                 :
> ok
> Checking for
> krb5_get_init_creds_keyblock                                         :
> not found
> Checking for macro
> krb5_get_init_creds_keyblock                                   : not
> found
> Checking for
> krb5_get_init_creds_keytab                                           :
> ok
> Checking for
> krb5_make_principal                                                  :
> not found
> Checking for macro
> krb5_make_principal                                            : not
> found
> Checking for
> krb5_build_principal_alloc_va                                        :
> ok
> Checking for
> krb5_cc_get_lifetime                                                 :
> not found
> Checking for macro
> krb5_cc_get_lifetime                                           : not
> found
> Checking for
> krb5_cc_retrieve_cred                                                :
> ok
> Checking for
> krb5_cc_copy_creds                                                   :
> ok
> Checking for
> krb5_free_checksum_contents                                          :
> ok
> Checking for
> krb5_c_make_checksum                                                 :
> ok
> Checking for
> krb5_create_checksum                                                 :
> not found
> Checking for macro
> krb5_create_checksum                                           : not
> found
> Checking for
> krb5_config_get_bool_default                                         :
> not found
> Checking for macro
> krb5_config_get_bool_default                                   : not
> found
> Checking for
> krb5_get_profile                                                     :
> ok
> Checking for
> krb5_data_copy                                                       :
> not found
> Checking for macro
> krb5_data_copy                                                 : not
> found
> Checking for
> krb5_init_keyblock                                                   :
> ok
> Checking for
> krb5_principal_set_realm                                             :
> not found
> Checking for macro
> krb5_principal_set_realm                                       : not
> found
> Checking for
> krb5_principal_get_type                                              :
> not found
> Checking for macro
> krb5_principal_get_type                                        : not
> found
> Checking for
> krb5_principal_set_type                                              :
> not found
> Checking for macro
> krb5_principal_set_type                                        : not
> found
> Checking for
> krb5_warnx                                                           :
> not found
> Checking for macro
> krb5_warnx                                                     : not
> found
> Checking for
> krb5_get_prompt_types                                                :
> ok
> Checking for declaration of
> krb5_get_credentials_for_user                         : no
> Checking for declaration of
> krb5_auth_con_set_req_cksumtype                       : yes
> Checking for variable
> AP_OPTS_USE_SUBKEY                                          : yes
> Checking for variable
> KV5M_KEYTAB                                                 : yes
> Checking for variable
> KRB5_KU_OTHER_CKSUM                                         : no
> Checking for variable
> KRB5_KEYUSAGE_APP_DATA_CKSUM                                : yes
> Checking for variable
> ENCTYPE_AES128_CTS_HMAC_SHA1_96                             : yes
> Checking for variable
> ENCTYPE_AES256_CTS_HMAC_SHA1_96                             : yes
> Checking for declaration of
> KRB5_PDU_NONE                                         : no
> Checking for declaration of KRB5_PDU_NONE (as
> enum)                               : no
> Checking for member key in
> krb5_keytab_entry                                      : yes
> Checking for member keyblock in
> krb5_keytab_entry                                 : no
> Checking for member magic in
> krb5_address                                         : yes
> Checking for member addrtype in
> krb5_address                                      : yes
> Checking for member ticket in
> krb5_ap_req                                         : yes
> Checking for member type in
> krb5_prompt                                           : no
> Checking for
> krb5_encrypt_block                                                   :
> yes
> Checking whether krb5_get_init_creds_opt_free takes a context
> argument            : yes
> Checking whether krb5_princ_component is
> available                                : yes
> Checking whether krb5_enctype_to_string takes size_t
> argument                     : yes
> Checking whether krb5_enctype_to_string takes krb5_context
> argument               : no
> Checking whether the macro krb5_princ_realm is
> defined                            : yes
> Checking whether krb5_principal_get_realm is
> defined                              : no
> Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is
> available    : no
> Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5_56 key type definition is
> available : no
> Checking whether the HAVE_KEYTYPE_ARCFOUR_56 key type definition is
> available     : no
> Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is
> available        : yes
> Checking whether the ENCTYPE_ARCFOUR_HMAC_EXP key type definition is
> available    : yes
> Checking whether the WRFILE:-keytab is
> supported                                  : yes
> Checking for KRB5_DEPRECATED define taking an
> identifier                          : yes
> Checking whether krb5_creds have flags
> property                                   : no
> Checking for gnutls >=
> 3.4.7                                                      : yes
>
> I tried to google for an answer and also searched for tips related to
> upgrading to 4.6.6 but didn't find any reference.
>
> Any help would be appreciated,
> Daniele.


--
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             [hidden email]
www.samba.org

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: samba 4.6.6 Unknown dependency 'kdc' in 'service_kdc.objlist'

Samba - samba-technical mailing list
On Mon, 2017-07-31 at 09:52 +0200, Andreas Schneider via samba-
technical wrote:

> On Friday, 28 July 2017 10:41:51 CEST Daniele Dario via samba-technical wrote:
> > Hi list,
> > I'm trying to build samba 4.6.6 for a domain member of my AD domain with
> > the --with-system-mitkrb5 option but after a successful configure I get
> > this error:
> >
> > root@kdm04:~/samba/samba-4.6.6# make
> > WAF_MAKE=1 python ./buildtools/bin/waf build
> > Waf: Entering directory `/root/samba/samba-4.6.6/bin'
> > Selected system MIT krb5 libraries, Heimdal use is disabled
> > Checking project rules ...
> > Unknown dependency 'kdc' in 'service_kdc.objlist'
> > Makefile:8: recipe for target 'all' failed
> > make: *** [all] Error 1
> >
> > Actually server is running samba 4.6.5 (Heimdal) and is joined as member
> > of my samba AD domain.
> >
> > I try to configure 4.6.6 with this options:
> >
> > root@kdm04:~/samba/samba-4.6.6# ./configure --disable-cups
> > --disable-iprint --enable-gnutls --with-systemd --with-system-mitkrb5
>
> You need to add --without-ad-dc

I'm wondering, should we patch 4.6 to make that the default when --
with-system-mitkrb5 is specified?  (As the MIT KDC only really became
available with 4.7).

Thanks,

Andrew Bartlett


--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


Loading...