On Mon, 2016-09-12 at 14:06 +0200, Lukas Slebodnik wrote: > On (12/09/16 11:37), Joakim Tjernlund wrote: > > > > On Mon, 2016-09-12 at 11:30 +0200, Sumit Bose wrote: > > > > > > On Mon, Sep 12, 2016 at 09:01:23AM +0000, Joakim Tjernlund wrote: > > > > > > > > > > > > On Mon, 2016-09-12 at 10:27 +0200, Lukas Slebodnik wrote: > > > > > > > > > > > > > > > On (12/09/16 08:08), Joakim Tjernlund wrote: > > > > > > > > > > > > > > > > > > > > > > > > On Mon, 2016-09-12 at 09:41 +0200, Sumit Bose wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Sep 09, 2016 at 07:07:58PM +0000, Joakim Tjernlund wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, 2016-09-09 at 20:53 +0200, Lukas Slebodnik wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On (09/09/16 18:35), Joakim Tjernlund wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, 2016-09-09 at 19:40 +0200, Lukas Slebodnik wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On (09/09/16 16:25), Sumit Bose wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Sep 09, 2016 at 02:00:53PM +0000, Joakim > > > > > > > > > > > > Tjernlund wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, 2016-09-09 at 14:48 +0200, Sumit Bose wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Sep 09, 2016 at 11:46:27AM +0000, Joakim > > > > > > > > > > > > > > Tjernlund wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Trying to bring up samba with sssd-13.4 and for > > > > > > > > > > > > > > > some reason samba fails > > > > > > > > > > > > > > > to lookup users: From smb.log I have: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On older systems I have samba 3.6.25 and sssd > > > > > > > > > > > > > > > 1.12.5 and there samba works fine. > > > > > > > > > > > > > > > Is there som change I have missed when upgrading > > > > > > > > > > > > > > > to newer samba sssd? > > > > > > > > > > > > > > > > > > > > > > > > > > > > Are you using SSSD's version of libwbclient to help > > > > > > > > > > > > > > samba to map SID to > > > > > > > > > > > > > > > > > > > > > > > > > > hmm, I got both (/usr/lib64/libwbclient.so.0 and > > > > > > > > > > > > > /usr/lib64/sssd/modules/libwbclient.so) > > > > > > > > > > > > > and wbinfo -n 'TRAN_01\jocke' reports: > > > > > > > > > > > > > wbinfo -n 'TRAN_01\jocke' > > > > > > > > > > > > > could not obtain winbind interface details: > > > > > > > > > > > > > WBC_ERR_WINBIND_NOT_AVAILABLE > > > > > > > > > > > > > could not obtain winbind separator! > > > > > > > > > > > > > failed to call wbcLookupName: > > > > > > > > > > > > > WBC_ERR_WINBIND_NOT_AVAILABLE > > > > > > > > > > > > > Could not lookup name TRAN_01\jocke > > > > > > > > > > > > > > > > > > > > > > > > > > I guess the problem is that samba uses its own > > > > > > > > > > > > > libwbclient.so and winbind > > > > > > > > > > > > > is not configured? > > > > > > > > > > > > > > > > > > > > > > > > iirc you are using gentoo. In Fedora/RHEL is is > > > > > > > > > > > > possible to switch > > > > > > > > > > > > those two libraries with the alternatives command. > > > > > > > > > > > > > > > > > > > > > > > > To make at least wbinfo try to use SSSD's version you > > > > > > > > > > > > can try calling it > > > > > > > > > > > > as: > > > > > > > > > > > > > > > > > > > > > > > > LD_LIBRARY_PATH=/usr/lib64/sssd/modules wbinfo -n > > > > > > > > > > > > 'TRAN_01\jocke' > > > > > > > > > > > > > > > > > > > > > > > > as long as wbinfo is not complied with rpath or similar > > > > > > > > > > > > it should pick > > > > > > > > > > > > /usr/lib64/sssd/modules/libwbclient.so.0 instead of > > > > > > > > > > > > /usr/lib64/libwbclient.so.0. If there is no > > > > > > > > > > > > /usr/lib64/sssd/modules/libwbclient.so.0 you should add > > > > > > > > > > > > it as a softlink > > > > > > > > > > > > to /usr/lib64/sssd/modules/libwbclient.so. I would also > > > > > > > > > > > > expect that > > > > > > > > > > > > there are link with ends with a version number like 11 > > > > > > > > > > > > or 12. > > > > > > > > > > > > > > > > > > > > > > > and samba 4.5 has libwbclient.so.0.13 > > > > > > > > > > > > > > > > > > > > > > [root@host ~]# rpm -qf > > > > > > > > > > > /usr/lib64/samba/wbclient/libwbclient.so.0.13 > > > > > > > > > > > libwbclient-4.5.0-0.0.rc1.fc26.x86_64 > > > > > > > > > > and lives in its own package. Is this new from samba >= 4.5 > > > > > > > > > > ? > > > > > > > > > > > > > > > > > > > Yes, > > > > > > > > > I cannot see it in official announcement (2 days old :-) > > > > > > > > > https://lists.samba.org/archive/samba-technical/2016-September/116033.html > > > > > > > > > but samba 4.4.5 has just a libwbclient.so.0.12 > > > > > > > > > > > > > > > > > > But if you asked about packaging then > > > > > > > > > the libwbclient (from samba) and sssd-libwbclient are > > > > > > > > > separate packages > > > > > > > > > on fedora since I remember :-) > > > > > > > > > > > > > > > > > > > > > > > > > I see, now the 1000 $ question, is sssd able to use libwbclient > > > > > > > > from samba too? > > > > > > > > > > > > > > It does not have to. libwbclient is an interface for Samba > > > > > > > components to > > > > > > > get data from winbind. The SSSD version of libwbclient implements > > > > > > > some > > > > > > > parts to the interface to allow the Samba components to get SID, > > > > > > > name, > > > > > > > POSIX ID mapping data from SSSD instead of winbind. So SSSD > > > > > > > provides the > > > > > > > interface but does not use it. > > > > > > > > > > > > > > > > > > > I guess that would be somewhat unusual case and not really needed. > > > > > > To summarize, in Fedora, the libwbclient libs from samba resp. sssd > > > > > > are installed > > > > > > under non standard search paths, are separate pkgs and there is a > > > > > > "script"(alternatives) > > > > > > that selects between the two by creating a symlink in > > > > > > /usr/lib{,64,32} to either > > > > > > samba's libwbclient or sssd's libwbclient. Is that correct? > > > > > > > > > > > > Have you considered a more direct way? That is, if sssd's > > > > > > libwbclient is built/installed > > > > > > it always takes over(eliminaiting the need for an alternatives > > > > > > script? Or just require > > > > > > that only one of libwbclient pkgs can be installed at the same time? > > > > > > > > > > > sssd-libwbclient does not implement all functions. That's reason why > > > > > it is not > > > > > a default; and just an alternative. > > > > > > > > hmm, then I wonder why my samba stopped working just from moving from > > > > samba 3.6.25 to 4.2.11/14 > > > > Maybe some bug in samba/my smb.conf ? > > > > > > The newer versions of Samba removed some fallback code e.g. to fix the > > > Badlock (http://badlock.org/) issue. The means newer versions of Samba > > > require that winbind is running in more and more use cases. In some > > > cases SSSD's version of libwbclient might be sufficient in some cases > > > (see below) it is not. > > > > > > > > > > > > > > > > > > > Not impl. all functions makes it hard to know when to use sssd's > > > > libwbclient, > > > > how to figure out when sssd's libwbclient is good enough? > > > > > > Yes and to make is worse as mentioned above there are more and more use > > > cases where Samba requires that winbind is running. If you have to run > > > winbind, e.g. if you needed to proxy NTLM authentication to a AD DC, you > > > of course have to use Samba's version of libwbclient. To make sure the > > > SID to POSIX ID mapping is consistent on the system SSSD 1.14 also > > > provides an idmapping plugin for winbind (see man idmap_sss for > > > details). With this plugin winbind will ask SSSD to do the mapping. > > > > > > > I see, thanks for this info. it might not be worth to add sssd libwbclient > > support to Gentoo just yet. > > I will see if I can get samba running with native libwbclient first. > > > BTW SSSD 1.13.4 has sssd-libwbclient as well > > > > > Speaking of sssd-1.14, I cannot build 1.14 with the same dependencies as > > 1.13, for instance: > > configure:21738: error: libhttp_parser missing http_parser_init > I will take a look > > > > > Gentoo has: > > net-libs/http-parser-2.6.2 > > > Did you use special USE flags?
No, it only has static-libs which I have off. > > > > > Maybe the deps has been updated? Is here a list with minimum deps for sssd > > 1.14? > > > Meanwhile you can disable secrets responder and thus dependency on > libhttp_parser + libjansson libjansson? I don't have that installed(installing now and retrying 1.14 ..., nope: checking for fakeroot... yes checking for py.test... no checking for HTTP_PARSER... no checking http_parser.h usability... yes checking http_parser.h presence... yes checking for http_parser.h... yes checking for http_parser_init in -lhttp_parser_strict... no checking for http_parser_init in -lhttp_parser... no configure: error: libhttp_parser missing http_parser_init Jocke > > --without-secrets > Will try this next ... _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org