* [meta-networking][PATCH 0/2 v2] samba: fixes for AD DC service
@ 2017-11-07 5:44 jackie.huang
2017-11-07 5:44 ` [meta-networking][PATCH 1/2 v2] samba: add missing RDEPENDS jackie.huang
2017-11-07 5:44 ` [meta-networking][PATCH 2/2 v2] samba: fix for AD DC service jackie.huang
0 siblings, 2 replies; 3+ messages in thread
From: jackie.huang @ 2017-11-07 5:44 UTC (permalink / raw)
To: openembedded-devel
From: Jackie Huang <jackie.huang@windriver.com>
v2 comments:
* disable ad-dc and enable mitkrb5 by default to avoid an known issue.
--
The following changes since commit 5d6d21e98ed594809169d2b2f6964e90a3369a96:
libreport: fix Nothing RPROVIDES 'lib32-python3-libreport' (2017-10-27 16:39:34 +0000)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib.git jhuang0/d_samba-ad-dc-v2_171107_0
http://git.pokylinux.org/cgit.cgi//log/?h=jhuang0/d_samba-ad-dc-v2_171107_0
Jackie Huang (2):
samba: add missing RDEPENDS
samba: fix for AD DC service
.../recipes-connectivity/samba/samba_4.6.7.bb | 43 +++++++++++++++++-----
1 file changed, 34 insertions(+), 9 deletions(-)
--
2.11.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* [meta-networking][PATCH 1/2 v2] samba: add missing RDEPENDS
2017-11-07 5:44 [meta-networking][PATCH 0/2 v2] samba: fixes for AD DC service jackie.huang
@ 2017-11-07 5:44 ` jackie.huang
2017-11-07 5:44 ` [meta-networking][PATCH 2/2 v2] samba: fix for AD DC service jackie.huang
1 sibling, 0 replies; 3+ messages in thread
From: jackie.huang @ 2017-11-07 5:44 UTC (permalink / raw)
To: openembedded-devel
From: Jackie Huang <jackie.huang@windriver.com>
* samba-tool requires the python modules from samba-python
or it fails with:
Traceback (most recent call last):
File "/usr/bin/samba-tool", line 33, in <module>
from samba.netcmd.main import cmd_sambatool
ImportError: No module named samba.netcmd.main
* Provisioning with samba-tool requires samba-dsdb-modules
or it fails with:
Setting up secrets.ldb
ldb: unable to stat module /usr/lib64/samba/ldb : No such file or directory
WARNING: Module [samba_secrets] not found - do you need to set LDB_MODULES_PATH?
Unable to load modules for /var/lib/samba/private/secrets.ldb: (null)
ERROR(ldb): uncaught exception - None
* samba-python requires pytalloc and python-tdb or it fails with:
TypeError: pytalloc: unable to get talloc.BaseObject type
ERROR(<type 'exceptions.ImportError'>): uncaught exception - No module named tdb
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
meta-networking/recipes-connectivity/samba/samba_4.6.7.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb b/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
index 59d7425c8..2b227c95d 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
@@ -186,7 +186,8 @@ python samba_populate_packages() {
PACKAGESPLITFUNCS_prepend = "samba_populate_packages "
-RDEPENDS_${PN} += "${PN}-base"
+RDEPENDS_${PN} += "${PN}-base ${PN}-python ${PN}-dsdb-modules"
+RDEPENDS_${PN}-python += "pytalloc python-tdb"
FILES_${PN}-base = "${sbindir}/nmbd \
${sbindir}/smbd \
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [meta-networking][PATCH 2/2 v2] samba: fix for AD DC service
2017-11-07 5:44 [meta-networking][PATCH 0/2 v2] samba: fixes for AD DC service jackie.huang
2017-11-07 5:44 ` [meta-networking][PATCH 1/2 v2] samba: add missing RDEPENDS jackie.huang
@ 2017-11-07 5:44 ` jackie.huang
1 sibling, 0 replies; 3+ messages in thread
From: jackie.huang @ 2017-11-07 5:44 UTC (permalink / raw)
To: openembedded-devel
From: Jackie Huang <jackie.huang@windriver.com>
The Active Directory (AD) domain controller (DC) service
is installed by default since the commit:
"""
commit 28b8edc760d5e0664ad4861464f5de06f5fc305a
samba: install all systemd unit files
This includes samba.service, which other major distributions install, too.
"""
But lack of required executable since ad-dc feature is disabled by default.
There are two known issues when enable ad-dc feature:
- it doesn't work well with mitkrb5
http://samba.2283325.n4.nabble.com/samba-4-6-6-Unknown-dependency-kdc-in-service-kdc-objlist-td4722096.html
- if mitkrb5 is disabled, embedded_heimdal will be built but will fail for
x86 if there is no 32bit libbsd on the host.
To fix the issues:
- Add PACKAGECONFIG for ad-dc and disable by default.
- Add PACKAGECONFIG for gnutls which is required by ad-dc and
disable by default.
- Add PACKAGECONFIG for mitkrb5 and enable by default.
- Don't install samba.service if ad-dc is disabled.
- Re-package ad-dc service and executable into a new package samba-ad-dc
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
.../recipes-connectivity/samba/samba_4.6.7.bb | 40 +++++++++++++++++-----
1 file changed, 32 insertions(+), 8 deletions(-)
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb b/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
index 2b227c95d..8395acb5e 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
@@ -34,7 +34,7 @@ inherit systemd waf-samba cpan-base perlnative update-rc.d
# remove default added RDEPENDS on perl
RDEPENDS_${PN}_remove = "perl"
-DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libldb krb5 libbsd libaio libpam"
+DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libldb libbsd libaio libpam"
DEPENDS_append_libc-musl = " libtirpc"
CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc"
LDFLAGS_append_libc-musl = " -ltirpc"
@@ -45,12 +45,18 @@ LSB_linuxstdbase = "lsb"
INITSCRIPT_NAME = "samba"
INITSCRIPT_PARAMS = "start 20 3 5 . stop 20 0 1 6 ."
-SYSTEMD_PACKAGES = "${PN}-base winbind"
+SYSTEMD_PACKAGES = "${PN}-base ${PN}-ad-dc winbind"
SYSTEMD_SERVICE_${PN}-base = "nmb.service smb.service"
+SYSTEMD_SERVICE_${PN}-ad-dc = "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'samba.service', '', d)}"
SYSTEMD_SERVICE_winbind = "winbind.service"
+# There are prerequisite settings to enable ad-dc, so disable the service by default.
+# Reference:
+# https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
+SYSTEMD_AUTO_ENABLE_${PN}-ad-dc = "disable"
+
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd zeroconf', d)} \
- acl cups ldap \
+ acl cups ldap mitkrb5 \
"
RDEPENDS_${PN}-base += "${LSB}"
@@ -68,6 +74,20 @@ PACKAGECONFIG[valgrind] = ",--without-valgrind,valgrind,"
PACKAGECONFIG[lttng] = "--with-lttng, --without-lttng,lttng-ust"
PACKAGECONFIG[archive] = "--with-libarchive, --without-libarchive, libarchive"
+# Building the AD (Active Directory) DC (Domain Controller) requires GnuTLS,
+# And ad-dc doesn't work with mitkrb5 for versions prior to 4.7.0 according to:
+# http://samba.2283325.n4.nabble.com/samba-4-6-6-Unknown-dependency-kdc-in-service-kdc-objlist-td4722096.html
+# So the working combination is:
+# 1) ad-dc: enable, gnutls: enable, mitkrb5: disable
+# 2) ad-dc: disable, gnutls: enable/disable, mitkrb5: enable
+#
+# There is another known issue when mitkrb5 is disabled:
+# embedded_heimdal will be built but will fail for x86 if there is no 32bit libbsd on the host.
+# so ad-dc is disabled and mitkrb5 is enabled by default, someone wants to use ad-dc may need
+# to enable themself and workaround the issue.
+PACKAGECONFIG[ad-dc] = ",--without-ad-dc,,"
+PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"
+PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5,,krb5,"
SAMBA4_IDMAP_MODULES="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2"
SAMBA4_PDB_MODULES="pdb_tdbsam,${@bb.utils.contains('PACKAGECONFIG', 'ldap', 'pdb_ldap,', '', d)}pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4"
@@ -82,12 +102,9 @@ EXTRA_OECONF += "--enable-fhs \
--with-modulesdir=${libdir}/samba \
--with-lockdir=${localstatedir}/lib/samba \
--with-cachedir=${localstatedir}/lib/samba \
- --disable-gnutls \
--disable-rpath-install \
--with-shared-modules=${SAMBA4_MODULES} \
--bundled-libraries=${SAMBA4_LIBS} \
- --with-system-mitkrb5 \
- --without-ad-dc \
${@base_conditional('TARGET_ARCH', 'x86_64', '', '--disable-glusterfs', d)} \
--with-cluster-support \
--with-profiling-data \
@@ -113,6 +130,10 @@ do_install_append() {
-e 's,/etc/sysconfig/samba,${sysconfdir}/default/samba,' \
-i ${D}${systemd_system_unitdir}/*.service
+ if [ "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'yes', 'no', d)}" = "no" ]; then
+ rm -f ${D}${systemd_system_unitdir}/samba.service
+ fi
+
install -d ${D}${sysconfdir}/tmpfiles.d
install -m644 packaging/systemd/samba.conf.tmp ${D}${sysconfdir}/tmpfiles.d/samba.conf
echo "d ${localstatedir}/log/samba 0755 root root -" \
@@ -161,7 +182,7 @@ do_install_append() {
PACKAGES =+ "${PN}-python ${PN}-pidl \
${PN}-dsdb-modules ${PN}-testsuite registry-tools \
winbind \
- ${PN}-common ${PN}-base ${PN}-ctdb-tests \
+ ${PN}-common ${PN}-base ${PN}-ad-dc ${PN}-ctdb-tests \
smbclient"
python samba_populate_packages() {
@@ -196,9 +217,12 @@ FILES_${PN}-base = "${sbindir}/nmbd \
${localstatedir}/nmbd \
${localstatedir}/spool/samba \
${systemd_system_unitdir}/nmb.service \
- ${systemd_system_unitdir}/samba.service \
${systemd_system_unitdir}/smb.service"
+FILES_${PN}-ad-dc = "${sbindir}/samba \
+ ${systemd_system_unitdir}/samba.service \
+ "
+
FILES_${PN}-ctdb-tests = "${bindir}/ctdb_run_tests \
${bindir}/ctdb_run_cluster_tests \
${sysconfdir}/ctdb/nodes \
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-11-07 5:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-07 5:44 [meta-networking][PATCH 0/2 v2] samba: fixes for AD DC service jackie.huang
2017-11-07 5:44 ` [meta-networking][PATCH 1/2 v2] samba: add missing RDEPENDS jackie.huang
2017-11-07 5:44 ` [meta-networking][PATCH 2/2 v2] samba: fix for AD DC service jackie.huang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.