[Samba] helppp! security = user + public share
I'm getting killed this morning, since we did a Samba upgrade to one of our production servers this weekend and didn't expect this one. I have one share that I need unauthenticated access to from a few named workstations. Here's the config: # Samba config file created using SWAT # from UNKNOWN (x.x.x.x) # Date: 2013/03/18 14:25:33 [global] encrypt passwords = No map to guest = Bad User guest account = pcguest log level = 3 os level = 8 local master = No domain master = No idmap config * : range = idmap config * : backend = tdb [pubshare] path = /doclink read only = No guest ok = Yes hosts allow = x.x.x.x So, from the host that is named on the pubshare share, I should just be able to go to Start -- run, and enter \\server\pubshare and be in, regardless of who I'm logged in as. I also added the pcguest account into the passdb backend using 'smbpasswd -an pcguest'. And yet, it's still prompting for a password. I need this to work because several automated processes rely on the share. It works just fine if I flip it back to security = SHARE, but that breaks all the shares on the system for Windows XP clients. Anyway, huge thanks to anyone who might be able to assist!! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] helppp! security = user + public share
This is Samba 3.6.10, BTW. After further debugging, I can't get it to work under any circumstances with XP, but I can get it to allow guest shares with the following: security = USER encrypt passwords = Yes map to guest = Bad User However, I really need encrypt passwors = No. That apparently is the culprit however. Does anyone know how to allow guest access while sending unencrypted credentials? I'm guessing it fails because the user exists in the UNIX passwd file. Many thanks in advance! -Ben From: samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] on behalf of Benjamin Huntsman [bhunts...@mail2.cu-portland.edu] Sent: Monday, March 18, 2013 2:30 PM To: samba@lists.samba.org Subject: [Samba] helppp! security = user + public share I'm getting killed this morning, since we did a Samba upgrade to one of our production servers this weekend and didn't expect this one. I have one share that I need unauthenticated access to from a few named workstations. Here's the config: # Samba config file created using SWAT # from UNKNOWN (x.x.x.x) # Date: 2013/03/18 14:25:33 [global] encrypt passwords = No map to guest = Bad User guest account = pcguest log level = 3 os level = 8 local master = No domain master = No idmap config * : range = idmap config * : backend = tdb [pubshare] path = /doclink read only = No guest ok = Yes hosts allow = x.x.x.x So, from the host that is named on the pubshare share, I should just be able to go to Start -- run, and enter \\server\pubshare and be in, regardless of who I'm logged in as. I also added the pcguest account into the passdb backend using 'smbpasswd -an pcguest'. And yet, it's still prompting for a password. I need this to work because several automated processes rely on the share. It works just fine if I flip it back to security = SHARE, but that breaks all the shares on the system for Windows XP clients. Anyway, huge thanks to anyone who might be able to assist!! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot logon Samba 4 via plaintext password
There is no samba-tool binary in my build. I built 4.0.2 using the original build system, since the WAF-baed one doesn't work on AIX. Can the same effect be achieved through editing smb.conf? Thanks! -Ben From: Daniel Müller [muel...@tropenklinik.de] Sent: Sunday, February 03, 2013 10:59 PM To: 'TAKAHASHI Motonobu'; Benjamin Huntsman Cc: samba@lists.samba.org Subject: AW: [Samba] Cannot logon Samba 4 via plaintext password Did you try samba-tool: pwsettings Sets password settings set -H --quiet --complexity=on|off|default --store-plaintext=on|off|default --history-length= --min-pwd-length= --min-pwd-age= --max-pwd-age= --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von TAKAHASHI Motonobu Gesendet: Sonntag, 3. Februar 2013 17:27 An: bhunts...@mail2.cu-portland.edu Cc: samba@lists.samba.org Betreff: Re: [Samba] Cannot logon Samba 4 via plaintext password From: Benjamin Huntsman bhunts...@mail2.cu-portland.edu Date: Fri, 1 Feb 2013 21:42:29 + So, I have working builds of Samba 3.6.10, and 4.0.2 using the traditional build system on AIX, both built with XLC. For historical reasons, we're needing to use 'encrypt passwords = no', so that Samba uses the OS password. The odd thing, is, the 3.6.10 Samba works just fine, but the 4.0.2 doesn't allow connections. Here's the Samba config I'm using on both: I reproduced this problem on Linux box. I see packet captures and confirm that Samba replies to enable plaintext password, Windows client sends a plaintext password, and at last Samba replies logon failure to client. My smb.conf is: - [global] encrypt passwords = no server max protocol = nt1 ntlm auth = yes [tmp] path = /tmp writeable = yes - Hmmm, I think it is a bug... --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot logon Samba 4 via plaintext password
So then basically plaintext passwords (and by extension authentication against local UNIX accounts) is completely broken in Samba 4? Want to file a bug, or shall I? Thanks! -Ben From: TAKAHASHI Motonobu [mo...@monyo.com] Sent: Sunday, February 03, 2013 8:27 AM To: Benjamin Huntsman Cc: samba@lists.samba.org Subject: Re: [Samba] Cannot logon Samba 4 via plaintext password From: Benjamin Huntsman bhunts...@mail2.cu-portland.edu Date: Fri, 1 Feb 2013 21:42:29 + So, I have working builds of Samba 3.6.10, and 4.0.2 using the traditional build system on AIX, both built with XLC. For historical reasons, we're needing to use 'encrypt passwords = no', so that Samba uses the OS password. The odd thing, is, the 3.6.10 Samba works just fine, but the 4.0.2 doesn't allow connections. Here's the Samba config I'm using on both: I reproduced this problem on Linux box. I see packet captures and confirm that Samba replies to enable plaintext password, Windows client sends a plaintext password, and at last Samba replies logon failure to client. My smb.conf is: - [global] encrypt passwords = no server max protocol = nt1 ntlm auth = yes [tmp] path = /tmp writeable = yes - Hmmm, I think it is a bug... --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 vs Samba 3
So, I have working builds of Samba 3.6.10, and 4.0.2 using the traditional build system on AIX, both built with XLC. For historical reasons, we're needing to use 'encrypt passwords = no', so that Samba uses the OS password. The odd thing, is, the 3.6.10 Samba works just fine, but the 4.0.2 doesn't allow connections. Here's the Samba config I'm using on both: Samba 3: [global] encrypt passwords = No log level = 3 os level = 8 local master = No domain master = No idmap config * : range = idmap config * : backend = tdb [testshare] path = /testshare read only = no Samba 4: [global] encrypt passwords = No log level = 3 client max protocol = SMB2 client min protocol = SMB2 os level = 8 local master = No domain master = No idmap config * : range = idmap config * : backend = tdb [testshare] path = /testshare read only = no On both a test Windows XP and Windows 7 machine, I have the unencrypted passwords policy enabled. When running Samba 3.6.10 using the config above, I can map the share just fine. However, under 4.0.x (I've tried 4.0.0, 4.0.1, and 4.0.2), when mapping the share on Windows, the password prompt comes back immediately, and I get the following in the log: [2013/02/01 09:34:56.256107, 3] auth/auth.c:177(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [10.33.72.67]\[root]@[SAMBATEST] with the new password interface [2013/02/01 09:34:56.256176, 3] auth/auth.c:180(auth_check_ntlm_password) check_ntlm_password: mapped user is: [SYSTST]\[root]@[SAMBATEST] [2013/02/01 09:34:56.256843, 2] auth/auth.c:288(auth_check_ntlm_password) check_ntlm_password: Authentication for user [root] - [root] FAILED with error NT_STATUS_LOGON_FAILURE [2013/02/01 09:34:56.256951, 2] ../auth/gensec/spnego.c:745(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_LOGON_FAILURE [2013/02/01 09:34:56.259280, 2] smbd/smb2_server.c:3123(smbd_smb2_request_incoming) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET I am absolutely 100% certain that I'm typing the password correctly. :) Perhaps my build of Samba 4 is broken after all? Anyone know why I'd see different behavior between 3.6.10 and 4.0.2, even though the config files are basically identical (though both were generated by swat)? I really want to move to Samba 4 if I can... Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 vs Samba 3
Just to follow up, here is the excerpt from the log.smbd when running 3.6.10 and connecting to the share: [2013/02/01 13:38:58.729913, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [10.33.72.67]\[root]@[10.33.75.164] with the new password interface [2013/02/01 13:38:58.729995, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [SYSTST]\[root]@[10.33.75.164] [2013/02/01 13:38:58.744799, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for root [2013/02/01 13:38:58.746405, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: unix authentication for user [root] succeeded [2013/02/01 13:38:58.746507, 2] auth/auth.c:309(check_ntlm_password) check_ntlm_password: authentication for user [root] - [root] - [root] succeeded I notice there's nothing in there about SPNEGO. I also tried setting all the SPNEGO options to off under Samba 4.0.2, but that didn't work either, and the SPNEGO messages still appear in the log... Is there a straightforward way to get Samba 4 to use the unencrypted passwords and the local UNIX password, or is it hopeless? Thanks! -Ben From: samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] on behalf of Benjamin Huntsman [bhunts...@mail2.cu-portland.edu] Sent: Friday, February 01, 2013 9:47 AM To: samba@lists.samba.org Subject: [Samba] Samba 4 vs Samba 3 So, I have working builds of Samba 3.6.10, and 4.0.2 using the traditional build system on AIX, both built with XLC. For historical reasons, we're needing to use 'encrypt passwords = no', so that Samba uses the OS password. The odd thing, is, the 3.6.10 Samba works just fine, but the 4.0.2 doesn't allow connections. Here's the Samba config I'm using on both: Samba 3: [global] encrypt passwords = No log level = 3 os level = 8 local master = No domain master = No idmap config * : range = idmap config * : backend = tdb [testshare] path = /testshare read only = no Samba 4: [global] encrypt passwords = No log level = 3 client max protocol = SMB2 client min protocol = SMB2 os level = 8 local master = No domain master = No idmap config * : range = idmap config * : backend = tdb [testshare] path = /testshare read only = no On both a test Windows XP and Windows 7 machine, I have the unencrypted passwords policy enabled. When running Samba 3.6.10 using the config above, I can map the share just fine. However, under 4.0.x (I've tried 4.0.0, 4.0.1, and 4.0.2), when mapping the share on Windows, the password prompt comes back immediately, and I get the following in the log: [2013/02/01 09:34:56.256107, 3] auth/auth.c:177(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [10.33.72.67]\[root]@[SAMBATEST] with the new password interface [2013/02/01 09:34:56.256176, 3] auth/auth.c:180(auth_check_ntlm_password) check_ntlm_password: mapped user is: [SYSTST]\[root]@[SAMBATEST] [2013/02/01 09:34:56.256843, 2] auth/auth.c:288(auth_check_ntlm_password) check_ntlm_password: Authentication for user [root] - [root] FAILED with error NT_STATUS_LOGON_FAILURE [2013/02/01 09:34:56.256951, 2] ../auth/gensec/spnego.c:745(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_LOGON_FAILURE [2013/02/01 09:34:56.259280, 2] smbd/smb2_server.c:3123(smbd_smb2_request_incoming) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET I am absolutely 100% certain that I'm typing the password correctly. :) Perhaps my build of Samba 4 is broken after all? Anyone know why I'd see different behavior between 3.6.10 and 4.0.2, even though the config files are basically identical (though both were generated by swat)? I really want to move to Samba 4 if I can... Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6.10 not reading groups
Helpp! :) We didn't catch this in testing and now it's killing me in production! I'm getting stuck with my fresh build of Samba 3.6.10. It isn't honoring groups specified in the valid users clause of the share configuration. I'm running in security = SHARE mode, and user authentication is working just fine. Even if I specify individual users on the valid users = line, it works. Just not groups. Here's my configuration: # Samba config file created using SWAT # from UNKNOWN (10.33.224.61) # Date: 2013/01/21 10:00:00 [global] interfaces = 10.33.72.67/22, 127.0.0.1 bind interfaces only = Yes security = SHARE encrypt passwords = No log level = 3 os level = 8 local master = No domain master = No idmap config * : range = idmap config * : backend = tdb [testshare] path = /testshare valid users = +titan, benhu read only = No I'm in the group 'titan' also. Here's the log I get at log level = 3: [2013/01/21 10:03:05.928101, 3] param/loadparm.c:9572(lp_load_ex) lp_load_ex: refreshing parameters [2013/01/21 10:03:05.928257, 3] param/loadparm.c:5192(init_globals) Initialising global parameters [2013/01/21 10:03:05.928594, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file /etc/samba-3.6.10/smb.conf [2013/01/21 10:03:05.928696, 3] param/loadparm.c:8310(do_section) Processing section [global] [2013/01/21 10:03:05.929629, 2] param/loadparm.c:8327(do_section) Processing section [testshare] [2013/01/21 10:03:05.929862, 3] param/loadparm.c:6630(lp_add_ipc) adding IPC service [2013/01/21 10:03:05.929926, 1] param/loadparm.c:9670(lp_load_ex) WARNING: The security=share option is deprecated [2013/01/21 10:03:05.930333, 2] lib/interface.c:479(interpret_interface) interpret_interface: Adding interface 10.33.72.67/22 [2013/01/21 10:03:05.930401, 2] lib/interface.c:341(add_interface) added interface 10.33.72.67/22 ip=10.33.72.67 bcast=10.33.75.255 netmask=255.255.252.0 [2013/01/21 10:03:05.930493, 2] lib/interface.c:341(add_interface) added interface lo0 ip=127.0.0.1 bcast=127.242.234.223 netmask= [2013/01/21 10:03:05.930626, 3] lib/access.c:338(allow_access) Allowed connection from 10.33.75.164 (10.33.75.164) [2013/01/21 10:03:05.930715, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2013/01/21 10:03:05.930887, 3] smbd/process.c:1662(process_smb) Transaction 0 of length 159 (0 toread) [2013/01/21 10:03:05.930970, 3] smbd/process.c:1467(switch_message) switch message SMBnegprot (pid 7864494) conn 0x0 [2013/01/21 10:03:05.931110, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2013/01/21 10:03:05.931178, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2013/01/21 10:03:05.931245, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2013/01/21 10:03:05.931313, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2013/01/21 10:03:05.931379, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2013/01/21 10:03:05.931445, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2013/01/21 10:03:05.931511, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [SMB 2.002] [2013/01/21 10:03:05.931577, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [SMB 2.???] [2013/01/21 10:03:05.931749, 3] smbd/negprot.c:401(reply_nt1) not using SPNEGO [2013/01/21 10:03:05.931811, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LM 0.12 [2013/01/21 10:03:05.933695, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 176 (0 toread) [2013/01/21 10:03:05.933776, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 7864494) conn 0x0 [2013/01/21 10:03:05.933865, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=13 flg2=0xc807 [2013/01/21 10:03:05.933953, 3] smbd/sesssetup.c:1536(reply_sesssetup_and_X) Domain=[10.33.72.67] NativeOS=[] NativeLanMan=[] PrimaryDomain=[null] [2013/01/21 10:03:05.934049, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2013/01/21 10:03:05.934111, 3] smbd/sesssetup.c:1552(reply_sesssetup_and_X) sesssetupX:name=[10.33.72.67]\[benhu]@[10.33.75.164] [2013/01/21 10:03:05.934785, 3] smbd/sesssetup.c:151(check_guest_password) Got anonymous request [2013/01/21 10:03:05.934884, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface [2013/01/21 10:03:05.934976, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: []\[]@[] [2013/01/21 10:03:05.935069, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2013/01/21
Re: [Samba] Samba 3.6.10 not reading groups
The problem seems to be when 'security = SHARE' is set. It works just fine when 'security = USER'. Seeing as 4.0 removed the option to set SHARE, I guess it's moot for that release... Unfortunate, but what can be done... -Ben From: Chris Smith [smb...@chrissmith.org] Sent: Monday, January 21, 2013 1:19 PM To: Benjamin Huntsman Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 3.6.10 not reading groups Might be related to my bug: https://bugzilla.samba.org/show_bug.cgi?id=9561 Unfortunately I'm not getting any traction on it. From my testing there still hasn't, after 10 releases, been a fully usable 3.6.x and now it's claimed to be in maintenance mode due to the release of Samba 4.x, which I guess must not have any major issues. On Mon, Jan 21, 2013 at 1:06 PM, Benjamin Huntsman bhunts...@mail2.cu-portland.edu wrote: It isn't honoring groups specified in the valid users clause of the share configuration. I'm running in security = SHARE mode, and user authentication is working just fine. Even if I specify individual users on the valid users = line, it works. Just not groups. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 man pages?
Are the man pages not included with the Samba 4 distribution? After running configure and make (using the old-style build environment under source3), a make installman gives the the following error: No manpages present. Development version maybe? How would I go about getting the man pages built and installed? Thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] pam_smbpass.so on AIX
Yet another odd one... I've got it set up now so that swat uses pam_smbpass.so, and once a user logs into swat at least once, it'll update their password in the passdb backend configured for Samba. But, I also need to ensure that when a user changes their password via passwd, it also gets updated. I added the following in /etc/security/login.cfg: usw: auth_type = PAM_AUTH and that makes telnetd, passwd, etc all go through pam. However, when I try to log in via telnet or run passwd, I get this in syslog.log: Jan 18 10:59:06 systst auth|security:debug login PAM: load_modules: /usr/lib/security/pam_aix Jan 18 10:59:06 systst auth|security:debug login PAM: load_function: successful load of pam_sm_authenticate Jan 18 10:59:06 systst auth|security:debug login PAM: load_modules: /opt/samba-4.0.0/lib/security/pam_smbpass.so Jan 18 10:59:06 systst auth|security:debug login PAM: open_module: /opt/samba-4.0.0/lib/security/pam_smbpass.so failed: A file or directory in the path name does not exist. Jan 18 10:59:06 systst auth|security:err|error login PAM: load_modules: can not open module /opt/samba-4.0.0/lib/security/pam_smbpass.so However, if I run swat, it'll load /opt/samba-4.0.0/lib/security/pam_smbpass.so just fine. No, it's not a typo, and yes, the module is present in that path. I don't know what to do. I need to deploy this tomorrow (Saturday), and the users need to be able to update their Samba passwords when they run passwd, etc. Replacing the system passwd program with a script that calls both from absolute paths is not a workable solution, though technically it would work. Anyway, any idea why swat can load pam_smbpass.so but not telnetd or passwd? Many thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] pam_smbpass.so on AIX
Run ldd on the binary. it will show the unresolved library references. Hi there! Here is the output: benhu@systst:/opt $ ldd /opt/samba-4.0.0/lib/security/pam_smbpass.so /opt/samba-4.0.0/lib/security/pam_smbpass.so needs: /usr/lib/libc.a(shr.o) /usr/lib/libpam.a(shr.o) /usr/lib/libpthread.a(shr_xpg5.o) /opt/samba-4.0.0/lib/libwbclient.so /usr/lib/librtl.a(shr.o) /unix /usr/lib/libcrypt.a(shr.o) /usr/lib/libmls.a(shr.o) /usr/lib/libpthreads.a(shr_comm.o) /usr/lib/libpthreads.a(shr_xpg5.o) /usr/lib/libmlsenc.a(shr.o) /usr/lib/libodm.a(shr.o) benhu@systst:/opt $ ldd /opt/samba-4.0.0/lib/libwbclient.so /opt/samba-4.0.0/lib/libwbclient.so needs: /usr/lib/libc.a(shr.o) /usr/lib/libpthreads.a(shr_xpg5.o) /usr/lib/librtl.a(shr.o) /unix /usr/lib/libcrypt.a(shr.o) /usr/lib/libpthreads.a(shr_comm.o) AIX doesn't have an rpath option that I know of, and it doesn't have an ld.so.conf. The closest equivalent is to define LIBPATH in /etc/environment. I have done this, since I had to do that to get swat working in the first place. But the above looks good to me, since they're absolute paths you'd think it's just work... Since it works for swat and not for passwd though, I'm wondering if it has something to do with 32-bit vs 64-bit binaries... Thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 vs UNIX password
Ok, now I'm stuck... We have several stand-alone UNIX (AIX) systems that we need to share a few SMB shares from. None of these are joined to our domain. We want the end-users to be able to map these shares to their Windows systems using the username in the form of AIXSERVER\username, and using the password from their local AIX account on the server. Asking the end-users to understand that they must run smbpasswd after updating their OS password is not realistic. In the past, we were able to get around that by specifying security = SHARE in the smb.conf file. Now that this is removed, what option do I have to ensure that users can always log in via their UNIX OS password, and don't need to run smbpasswd after running passwd? Is there such a method? pam_smbpass.so? Also, what was the last version of Samba that supported security = share? Thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 vs UNIX password
Anyone know how to set up pam_smbpass on AIX? I'm thinking that's going to be the way to go... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 on AIX with XLC
Just to report back in on this, the traditional build system under source3 worked for us, and we were able to build and install a working set of Samba binaries. At this time, we only need the file server bits. I'll give the new build system another shot when 4.0.1 comes out. Thanks again! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Antwort: Re: Samba 4 on AIX with XLC
I can build and install samba 4.0.0 - I have the same library problems as you(copy, then set LIBPATH), but after copying the libraries I can run the smbd -b command without an error. Here's my environment - disclaimer - I've compiled ALL of the necessary freeware modules locally(gettext, libiconv, python...) LDFLAGS=-blibpath:/opt/pware/lib:/opt/pware/lib32:/usr/lib CC=xlc_r CXX=xlC_r CPPFLAGS=-qmaxmem=-1 -DSYSV -D_AIX -D_AIX32 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52 -D_AIX53 -D_AIX61 -D_ALL_SOURCE -DFUNCPROTO=15 -O -I/opt/pware/include -L/opt/pware/lib CXXFLAGS=-qmaxmem=-1 -DSYSV -D_AIX -D_AIX32 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52 -D_AIX53 -D_AIX61 -D_ALL_SOURCE -DFUNCPROTO=15 -O -I/opt/pware/include -L/opt/pware/lib CFLAGS=-qmaxmem=-1 -DSYSV -D_AIX -D_AIX32 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52 -D_AIX53 -D_AIX61 -D_ALL_SOURCE -DFUNCPROTO=15 -O -I/opt/pware/include -L/opt/pware/lib OBJECT_MODE=64 ./configure --prefix=/opt/pware/samba/4.0.0 --with-acl-support --without-ads --with-winbind --without-ldap --with-libiconv=/opt/pware --with-gettext=/opt/pware --enable-selftest --enable-socket-wrapper I'm compiling only a 64 bit version Python ist version 2.7.3 All of the freeware modules are in /opt/pware[/lib/bin/include] AIX 6100-06-05-1115 hth Howard Hi there! thanks for the reply! I'm trying out your recipe now, with a few modifications. I'm using --prefix=/opt/samba-4.0.0, --sysconfdir=/etc/samba-4.0.0, --localstatedir=/var/samba-4.0.0. I've got Python 2.7.3 also, built into /opt/samba-4.0.0/python. I also excluded --without-ldap. I'm using the IBM-build freeware stuff in /opt/freeware. But for this to work for WPAR support, I need the config files to go in /etc, and state files in /var, since those are writable in a WPAR, but /opt is not. ... Didn't work, but I ran into trouble when setting OBJECT_MODE=64, so maybe all of my compiled stuff isn't 64 bit. Should have been, though. I guess I figured XLC would build 64-bit binaries by default. Hmm... Anyway, I'm going to try to build Samba 3.6.10... Thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 on AIX with XLC
Sorry to be an annoyance, but I'm at a loss here and begging for help... The Python-based build says it completes successfully, and the make install also says it completes successfully. Yet it doesn't copy all the required shared libraries, and the resultant binaries don't run. I copied the missing shared objects by hand, which may or may not be a very good solution. I put them all in /opt/samba-4.0.0/lib, but I suspect some of them were intended to live in different subdirectories thereof. Once the named libraries were copied, it then tells me it can't find the following symbols: aixacl_to_smbacl aixacl_smb_to_aixacl Don't know what to do next... So, my questions are: 1. What can be done about the libraries not getting copied? Is this a bug in my build, or in the build system? 2. Do I need to move certain ones of them to other subdirectories in the lib directory? 3. If I tracked down the ones below and copied them by hand, might there be others still that I missed? 4. With all the subdirectories under lib, am I going to have to define a pretty complicated LD_LIBRARY_PATH to get this to run? 5. Is there a way I can build the whole thing static from the Python-based build system? I didn't see an option for that with ./configure --help. Anyway, I think we're crazy close, but I'm still missing that last little hurdle. Many thanks in advance!! -Ben From: samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] on behalf of Benjamin Huntsman [bhunts...@mail2.cu-portland.edu] Sent: Wednesday, January 09, 2013 3:18 PM To: samba@lists.samba.org Subject: Re: [Samba] Samba 4 on AIX with XLC Just FYI, here are at least some of the shared objects that don't get copied to the destination when running make install: libtalloc.so libgssapi-samba4.so libtdb.so libtevent.so libkrb5-samba4.so libroken-samba4.so libasn1-samba4.so libhcrypto-samba4.so libcom_err-samba4.so libwind-samba4.so libldb.so libheimbase-samba4.so libhx509-samba4.so libpyldb-util.so There may be others, but by copying those into /opt/samba-4.0.0/lib, I was able to get my compiled smbd to at least spit out the following message: bash-3.2# /opt/samba-4.0.0/sbin/smbd -b exec(): 0509-036 Cannot load program /opt/samba-4.0.0/sbin/smbd because of the following errors: rtld: 0712-001 Symbol aixacl_to_smbacl was referenced from module /opt/samba-4.0.0/lib/private/libsmbd_base.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol aixacl_smb_to_aixacl was referenced from module /opt/samba-4.0.0/lib/private/libsmbd_base.so(), but a runtime definition of the symbol was not found. bash-3.2# So looks like I'm still missing aixacl_to_smbacl and aixacl_smb_to_aixacl. Any idea where I'd get those, and why they're not being found? Thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 on AIX with XLC
Those should have been linked into smbd directly as configure on AIX adds vfs_aixacl to the list of modules to be compiled statically. Would you mind opening a bug on https://bugzilla.samba.org for tracking? Cheers, Christian Hi there! Thanks for the reply! I have added Bug 9557: https://bugzilla.samba.org/show_bug.cgi?id=9557 Any chance it'll be patched by the end of next week? :) har har. In the mean time, I think I'm going to revert to trying to build the most recent stable version of Samba 3.6.x. I'll happily provide whatever data I can and assist with testing to get Samba 4 building and running on AIX... Just let me know. Thanks again! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 on AIX with XLC
Just FYI, here are at least some of the shared objects that don't get copied to the destination when running make install: libtalloc.so libgssapi-samba4.so libtdb.so libtevent.so libkrb5-samba4.so libroken-samba4.so libasn1-samba4.so libhcrypto-samba4.so libcom_err-samba4.so libwind-samba4.so libldb.so libheimbase-samba4.so libhx509-samba4.so libpyldb-util.so There may be others, but by copying those into /opt/samba-4.0.0/lib, I was able to get my compiled smbd to at least spit out the following message: bash-3.2# /opt/samba-4.0.0/sbin/smbd -b exec(): 0509-036 Cannot load program /opt/samba-4.0.0/sbin/smbd because of the following errors: rtld: 0712-001 Symbol aixacl_to_smbacl was referenced from module /opt/samba-4.0.0/lib/private/libsmbd_base.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol aixacl_smb_to_aixacl was referenced from module /opt/samba-4.0.0/lib/private/libsmbd_base.so(), but a runtime definition of the symbol was not found. bash-3.2# So looks like I'm still missing aixacl_to_smbacl and aixacl_smb_to_aixacl. Any idea where I'd get those, and why they're not being found? Thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 on AIX with XLC
See if there's a config.log. Look for things to do with nls, i18n, l10n, gettext etc. Btw, I think OpenLDAP and Active Directory support are only relevant to client/member support for AD. The Samba 4.x AD server has its own built-in LDAP and Kerberos components. -- Michael Wood esiot...@gmail.com Hi! There is no config.log, but there is a setting in the ./configure options, --with-gettext= So do I need to get gettext? Is it strictly required for Samba 4? Many thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 on AIX with XLC
I would ensure gettext is available. That's how it's mostly been tested. Jeremy. Hee hee... that worked. Got samba 4 compiled, so, for the record, gettext is absolutely required. I also had to use xlC_r (note the capital C) as the compiler, since XLC will choke on using C++-style comments in straight C code. Anyway, thanks again everyone!! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 on AIX with XLC
Hi again! I'll stop making so much noise shortly, but I've got to get this proved by say, tomorrow, or take a different direction on my project. I got Samba 4 to compile on AIX using the following: # export CFLAGS=-I/opt/openldap-2.4.32/include -qlanglvl=extc99 # CFLAGS=$CFLAGS ./configure --prefix=/opt/samba-4.0.0 --sysconfdir=/etc/samba-4.0.0 --localstatedir=/var/samba-4.0.0 --with-gettext=/opt/freeware ... # make ... # make install ... # Now unfortunately, while the compile completes, something's not right. If I try to run /opt/samba-4.0.0/sbin/smbd -b, I get the following error: bash-3.2# ./smbd -v exec(): 0509-036 Cannot load program ./smbd because of the following errors: rtld: 0712-001 Symbol aixacl_to_smbacl was referenced from module default/source3/libsmbd_base.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol aixacl_smb_to_aixacl was referenced from module default/source3/libsmbd_base.so(), but a runtime definition of the symbol was not found. bash-3.2# CFLAGS=$CFLAGS ./configure --prefix=/opt/samba-4.0.0 --sysconfdir=/etc/samba-4.0.0 --localstatedir=/var/samba-4.0.0 --with-gettext=/opt/freeware bash-3.2# echo $CFLAGS -I/opt/openldap-2.4.32/include -qlanglvl=extc99 bash-3.2# What's this aixacl_smb_to_aixacl thing? The last time I built this earlier today, I'd had -qlanglvl=extended set, and was instead tripping up because it couldn't find the symbol va_copy. The following article suggested rebuilding with -qlanglvl=extc99: http://lists.samba.org/archive/samba-technical/2006-October/049777.html After doing so, that's where I get the missing aixacl_to_smbacl problem. Whatever shall I do? There's got to be a way to get the shared libraries installed, and find all the right stuff. On the previous attempt, I just copied all the .so's in place one-at-a-time until it hit the va_copy thing. Many thanks!! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 on AIX with XLC
Also, shouldn't make clean delete all the .so's in the build tree? It doesn't. After figuring out that that may be tripping me up, I used 'find . name *.so -print | while read so; do rm $so; done' to take care of that. Who knows what other cruft may be lying around though... at this point I may have to just nuke the build tree and re-extract the tarball... Thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AIX and ADS support?
I'm getting the impression that ADS support isn't available on AIX at all. I built a copy of OpenLDAP, and while the configure script detects the ldap headers, it still says that Active Directory support is not available. Has anyone had any luck getting this working on AIX? Thanks in advance! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 on AIX with XLC
Has anyone tried building Samba 4.0 on AIX with XLC? I'm moving right along, but tripping up on some bugs in source3/utils/net_rpc.c, source3/utils/net_rpc_printer.c, and source3/utils/net_cache.c where there is an invalid use of the : operator. According to some other posts on the PostgreSQL forum, this shouldn't compile anywhere, even though GCC apparently allows it?? (http://archives.postgresql.org/pgsql-hackers/1998-09/msg00211.php) Maybe there's a way to skip building these components? Anyway, here's what I'm seeing on the console: bash-3.2# make WAF_MAKE=1 ./buildtools/bin/waf build Waf: Entering directory `/admin/tst/build/samba-4.0.0/bin' Selected embedded Heimdal build [ 8/3655] Generating VERSION [ 44/3655] Generating smbd/build_options.c [2833/3655] Compiling source3/utils/net_rpc.c [2838/3655] Compiling source3/utils/net_cache.c [2844/3655] Compiling source3/utils/net_rpc_printer.c [2851/3655] Compiling source3/utils/net_rpc_shell.c ../source3/utils/net_cache.c, line 87.56: 1506-226 (S) The : operator is not allowed between char[1] and int. ../source3/utils/net_cache.c, line 86.18: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_cache.c, line 96.35: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_cache.c, line 184.35: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_cache.c, line 189.26: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_cache.c, line 193.27: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_cache.c, line 216.26: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_cache.c, line 220.27: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_cache.c, line 251.27: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/include/smb_ldap.h, line 69.9: 1506-236 (W) Macro name LDAP_CONST has been redefined. ../source3/include/smb_ldap.h, line 69.9: 1506-358 (I) LDAP_CONST is defined on line 50 of /opt/openldap-2.4.32/include/ldap_cdefs.h. ../source3/utils/net_rpc.c, line 88.35: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 281.35: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 389.24: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 446.35: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 482.26: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 487.26: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 539.35: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 546.35: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 559.35: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 565.35: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 580.26: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 582.26: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 583.26: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 585.26: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 586.26: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 587.26: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 645.18: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 731.34: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line 736.26: 1506-280 (W) Function argument assignment between types const char* and int is not allowed. ../source3/utils/net_rpc.c, line
Re: [Samba] Samba 4 on AIX with XLC
As a further follow-up, here's an example, from source3/utils/net_cache.c: d_printf(_(Key: %s\t Timeout: %s\t Value: %s %s\n), keystr, timeout_str, datastr, timeout now_t ? : _((expired))); My C skills aren't good enough to understand what's being done here, but the offending bit is the last argument to d_printf: timeout now_t ? : _((expired)) Is there a way we can re-write this in more compatible way? Apparently, this construction is supposed to look like: (condition) ? (t_result) : (f_result) and t_result and f_result must be of the same type. So do I read that is a char, and _((expired)) is an int? Something like: timeout now_t ? atoi():_((expired)) maybe? Again, just grasping here... ... or maybe there's a flag to XLC to let us get by this? Many thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 on AIX with XLC
On Mon, Jan 07, 2013 at 10:58:08PM +, Benjamin Huntsman wrote: As a further follow-up, here's an example, from source3/utils/net_cache.c: d_printf(_(Key: %s\t Timeout: %s\t Value: %s %s\n), keystr, timeout_str, datastr, timeout now_t ? : _((expired))); My C skills aren't good enough to understand what's being done here, but the offending bit is the last argument to d_printf: timeout now_t ? : _((expired)) Is there a way we can re-write this in more compatible way? Apparently, this construction is supposed to look like: (condition) ? (t_result) : (f_result) and t_result and f_result must be of the same type. So do I read that is a char, and _((expired)) is an int? Something like: timeout now_t ? atoi():_((expired)) maybe? Again, just grasping here... ... or maybe there's a flag to XLC to let us get by this? No, both and _((expired)) should evaluate to a const char *. Looks like the error is that _() isn't evaluating to a string on AIX with xlc. Hi there! Many many thanks for responding!! Any idea how we could track it back to see why that'd be? Did I mess it up during the configure, or am I the first person to try to build samba-4.0.0 on AIX with XLC? Thanks!! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 on AIX with XLC
_(...) is how the localisation is done AFAIK. i.e. it's for translating messages into different languages. Maybe there's something wrong with internationalisation/localisation (i18n/l10n) on the system? See what the configure output says about it (maybe gettext). -- Michael Wood esiot...@gmail.com Hi there! Thanks so much for the response! Very interesting idea. But I'm not sure what I'd be looking for. Is gettext required? It's almost certainly no present, as this is a clean build of AIX just for this compile, and I've only been installing things on an as-needed basis... How would I check the configure output? Many thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AIX: TypeError: unsupported operand type(s) for +: '_hashlib.HASH' and 'str'
I had to build a python 2.7.3 on AIX to get the waf scripts working - the Version from Perzl has a bug... Howard I've been killing myself trying to get the reccomended Python 2.6.5 from the install_with_python.sh script to work. Even rebuilt the AIX build system with minimal packages only and nothing from perzl. Still no-go. Anyone manage to get Python 2.6.5 to build on AIX with XLC, and if so, what configure options did you use? If it pukes this one last time, I think I'll give up and try 2.7.3 like you suggest. What options did you use to build that? Were you using XLC or GCC? Thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AIX: TypeError: unsupported operand type(s) for +: '_hashlib.HASH' and 'str'
If it pukes this one last time, I think I'll give up and try 2.7.3 like you suggest. 2.6.5 failed. I'm building Samba into /opt/samba-4.0.0. I built a private copy of 2.7.3 into /opt/samba-4.0.0/python using only the options specified in install_with_python.sh. Worked no prob. Thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] AIX and ADS support?
So, if I read this right, Samba4 should be able to participate as a domain controller, if I specify the option --with-ads, right? I'm using the following options: --with-winbind --with-swat --with-ads --with-ldap --with-acl-support --with-dnsupdate --with-aio-support --prefix=/opt/samba-4.0.0 --sysconfdir=/etc/samba-4.0.0 --localstatedir=/var/samba-4.0.0 The configure script pukes at the end: Checking for header ldap.h : no Checking for header lber.h : no Checking for header ldap_pvt.h : no Checking for ber_tag_t : not found Checking for library lber : not found Checking for ber_scanf : not found Checking for ber_sockbuf_add_io : not found Checking for variable LDAP_OPT_SOCKBUF : not found Checking for variable LBER_OPT_LOG_PRINT_FN : not found Checking for library ldap : not found Checking for ldap_init : not found Checking for ldap_init_fd : not found Checking for ldap_initialize : not found Checking for ldap_set_rebind_proc : not found Checking for library ldap : not found Checking for ldap_add_result_entry : not found Checking whether ldap_set_rebind_proc takes 3 arguments : ok Active Directory support not available: LDAP support ist not available. /admin/tst/build/samba-4.0.0/source3/wscript:733: error: Active Directory support not found. Use --without-ads for building without Active Directory support. bash-3.2# What am I missing? If I run configure with just --with-ldap but not --with-ads, the configure completes. I also read the samba4 has it's own built-in LDAP, so what's missing? Do I need to build OpenLDAP for the DC and/or AD functionality? Thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] AIX: TypeError: unsupported operand type(s) for +: '_hashlib.HASH' and 'str'
Hi there! We're trying to compile Samba 4.0.0 on a fresh install of AIX 6.1 (6100-02-01-0847), with Python RPM's from perzl.org installed into /opt/freeware. We're also using XLC 12.1. Unfortunately, we can't even run ./configure, as we're getting errors from the waf system. Here's what we get: bash-4.2# pwd /admin/tst/build/samba-4.0.0 bash-4.2# ./configure --help Traceback (most recent call last): File ./buildtools/bin/waf, line 75, in module import Scripting File /admin/tst/build/samba-4.0.0/buildtools/wafadmin/Scripting.py, line 9, in module import Utils, Configure, Build, Logs, Options, Environment, Task File /admin/tst/build/samba-4.0.0/buildtools/wafadmin/Utils.py, line 134, in module from hashlib import md5 File /opt/freeware/lib/python2.6/hashlib.py, line 117, in module exec funcName + ' = f' TypeError: unsupported operand type(s) for +: '_hashlib.HASH' and 'str' bash-4.2# Python was installed just for this purpose, but otherwise we don't deal with it much. I'd like to be able to build as many of the Samba 4.0 features as possible, so I don't want to revert to the old toolchain, but I'm under a deadline of ~1 week, so I'll try that next if I can't get the waf system to work. Anyone have any insight as to what we might be hanging up on? Many many thanks in advance!! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AIX: TypeError: unsupported operand type(s) for +: '_hashlib.HASH' and 'str'
I think the next step is to change your python install to something as close to the upstream python as possible. We supply an 'install_with_python.sh' script which installs a (now old) but known working version, but you should also have reasonable luck with just the current python 2.7 http://python.org/download/releases/2.7.3/ Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Hi there! Thanks for the reply!! So the install_with_python.sh script should work on AIX? Is there a recommended location for obtaining pre-built versions of Python for AIX? Many thanks!! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] samba-3.3.4 AD/krb5/pam build failure on AIX 5.3/6.1UNKNOWN_CREATE_KEY_FUNCTIONS
As I suspected, changing a few things like winbind makes no difference. At the bottom of this message is the error I get. Reading through the IBM-supplied krb5.h shows a MIT copyright, so it ought to be compatible. Given the errors in the build, can we determine where it's choking or what its missing from krb5.h? IBM has documentation on how to make their Kerberos talk to Active Directory, so it's obviously capable... Can I look for something? I'll happily post the IBM-supplied krb5.h if no one here thinks that'd be a copyright violation. I don't see much documentation on it around, but it looks like it's not finding what encryption protocols the IBM Kerberos supports. I'm still hoping this can work, because I really don't want to have to replace the IBM Kerberos unless we discover that it's absolutely necessary. (Plus that'll be good for the community to have a definite no, it won't work for AIX). Many thanks all for your help! -Ben ... Compiling libsmb/clikrb5.c libsmb/clikrb5.c:258:2: #error UNKNOWN_CREATE_KEY_FUNCTIONS libsmb/clikrb5.c:1011:2: #error UNKNOWN_KRB5_VERIFY_CHECKSUM_FUNCTION libsmb/clikrb5.c: In function `handle_krberror_packet': libsmb/clikrb5.c:1527: error: `ERROR_TABLE_BASE_krb5' undeclared (first use in t his function) libsmb/clikrb5.c:1527: error: (Each undeclared identifier is reported only once libsmb/clikrb5.c:1527: error: for each function it appears in.) libsmb/clikrb5.c:1608:2: #error UNKNOWN_KRB5_ENCTYPE_TO_STRING_FUNCTION The following command failed: gcc -I. -I/bk/compile/samba-3.3.4/build/source -I/bk/compile/samba-3.3.4/openld ap/include -O -D_SAMBA_BUILD_=3 -I/bk/compile/samba-3.3.4/build/source/popt -I/b k/compile/samba-3.3.4/build/source/iniparser/src -Iinclude -I./include -I. -I. -I./lib/replace -I./lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc -DHAV E_CONFIG_H -Iinclude -I./include -I. -I. -I./lib/replace -I./lib/talloc -I./lib /tdb/include -I./libaddns -I./librpc -I./popt -DLDAP_DEPRECATED -I/include -I/ bk/compile/samba-3.3.4/build/source/lib -D_SAMBA_BUILD_=3 -c libsmb/clikrb5.c - o libsmb/clikrb5.o make: 1254-004 The error code from the last command is 1. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] samba-3.3.4 AD/krb5/pam build failure on AIX 5.3/6.1UNKNOWN_CREATE_KEY_FUNCTIONS
Björn- Many thanks for your assistance. Per your request, I have submitted the relevant information from this thread to Bugzilla. This is now Bugzilla Bug 6464. Please keep me posted. I'd really like to see this work with IBM's Kerberos, as it would be ideal in our situation to avoid replacing IBM-supplied components unless strictly necessary. Thanks! -Ben -Original Message- From: Björn Jacke [mailto:b...@sernet.de] Sent: Wed 6/10/2009 2:25 PM To: Benjamin Huntsman Cc: samba@lists.samba.org Subject: Re: [Samba] samba-3.3.4 AD/krb5/pam build failure on AIX 5.3/6.1UNKNOWN_CREATE_KEY_FUNCTIONS Hi Benjamin, On 2009-06-09 at 15:48 -0700 Benjamin Huntsman sent off: Perhaps someone here could tell me if this has been seen before. can you please file a bug at bugzilla.samba.org including what you wrote here and in addition to that the config.log? Thanks! Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba-3.3.4 AD/krb5/pam build failure on AIX 5.3/6.1 UNKNOWN_CREATE_KEY_FUNCTIONS
Hi all! Perhaps someone here could tell me if this has been seen before. We're trying to build samba-3.3.4 for IBM AIX with support for PAM, Active Directory, and Kerberos. The end goal is to be able to join the AIX system to our Active Directory domain so that users can log in via their AD username/password, and have access to their home directory via the Windows pass-through authentication system. We are building as STATIC on the latest AIX 5.3 with gcc 3.3.2, and deploying on AIX 6.1. We have IBM's Kerberos installed in /usr/krb5, where it is properly found by the configure script. Here are the errors from 'make': Compiling libsmb/clikrb5.c libsmb/clikrb5.c:258:2: #error UNKNOWN_CREATE_KEY_FUNCTIONS libsmb/clikrb5.c:1011:2: #error UNKNOWN_KRB5_VERIFY_CHECKSUM_FUNCTION libsmb/clikrb5.c: In function `handle_krberror_packet': libsmb/clikrb5.c:1527: error: `ERROR_TABLE_BASE_krb5' undeclared (first use in t his function) libsmb/clikrb5.c:1527: error: (Each undeclared identifier is reported only once libsmb/clikrb5.c:1527: error: for each function it appears in.) libsmb/clikrb5.c:1608:2: #error UNKNOWN_KRB5_ENCTYPE_TO_STRING_FUNCTION The following command failed: gcc -I. -I/bk/compile/samba-3.3.4/build/source -I/bk/compile/samba-3.3.4/openld ap/include -O -D_SAMBA_BUILD_=3 -I/bk/compile/samba-3.3.4/build/source/popt -I/b k/compile/samba-3.3.4/build/source/iniparser/src -Iinclude -I./include -I. -I. -I./lib/replace -I./lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc -DHAV E_CONFIG_H -Iinclude -I./include -I. -I. -I./lib/replace -I./lib/talloc -I./lib /tdb/include -I./libaddns -I./librpc -I./popt -DLDAP_DEPRECATED -I/include -I/ bk/compile/samba-3.3.4/build/source/lib -D_SAMBA_BUILD_=3 -c libsmb/clikrb5.c - o libsmb/clikrb5.o make: 1254-004 The error code from the last command is 1. And, here are the options to configure that we're using: ./configure --prefix=/opt/samba-3.3.4 \ --sysconfdir=/etc/samba-3.3.4 \ --localstatedir=/var/adm/samba-3.3.4 \ --enable-static=yes \ --enable-shared=no \ --with-privatedir=/etc/samba-3.3.4/private \ --with-lockdir=/var/adm/samba-3.3.4/locks \ --with-piddir=/var/adm/samba-3.3.4/locks \ --with-swatdir=/opt/samba-3.3.4/swat \ --with-configdir=/etc/samba-3.3.4/conf \ --with-logfilebase=/var/adm/samba-3.3.4/logs \ --with-localedir=/etc/samba-3.3.4/locale \ --with-aio-support \ --without-winbind \ --with-ldap \ --with-ads \ --with-krb5 \ --with-pam \ Can anyone spot why the errors are occurring? I don't have much experience with Samba or Kerberos, but it would seem to me that the IBM Kerberos won't cut it. Has anyone here successfully compiled samba with Active Directory support on AIX with IBM's Kerberos? Many thanks to all in advance! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] samba-3.3.4 AD/krb5/pam build failure on AIX 5.3/6.1 UNKNOWN_CREATE_KEY_FUNCTIONS
Bill- Thanks for the quick response! If it's found by the script, why isn't it listed in the any of the -I options below? IBM puts krb5.h, etc in /usr/include. Only the libs live in /usr/krb5: $ ls /usr/krb5 COPYRIGHT README.ZH_TW README.ko_KR bin scripts README.KO_KR README.Zh_CN README.pt_BR ldif README.PT_BR README.Zh_TW README.zh_CN lib README.ZH_CN README.en_US README.zh_TW sbin $ ls /usr/include/krb5.h /usr/include/krb5.h $ If you're using AD, you're likely going to want winbindd (and maybe WINBIND LAM) unless there is another way you plan on mapping SIDs to Unix user/group id values. Yes, you're right. That's my mistake. I will change that to --with-winbind. I'm not sure that adding winbind will fix the build error, but we'll see. I'm reconfiguring now... this generally takes 2 hours on our build box. Thanks again!! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
