Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Samba 4 64-bit requires 32-bit libs for full AD functionality #274

Open
davefinster opened this issue Jul 13, 2015 · 3 comments
Open

Samba 4 64-bit requires 32-bit libs for full AD functionality #274

davefinster opened this issue Jul 13, 2015 · 3 comments

Comments

@davefinster
Copy link

When joining Samba 4 to a domain, a user would typically utilise winbind to inject the directory user accounts/groups into the wider system so that permissions make sense and authentication works as expected. This is typically done by configuring winbind via smb.conf and joining the machine to the domain. The administrator would then alter nsswitch.conf and add 'winbind' as a database for passwd and groups.

This functionality is delivered through the use of libnss_windbind.so (the name it gets when compiled, on SmartOS this has to be changed to nss_winbind.so.1). This can be tested through the use of 'getent passwd' or 'getent groups', which should return a list of both local and domain based users/groups. libnss_winbind.so provides this data by opening a privileged pipe to winbindd.

An issue arises on 64-bit zones whereby certain parts of the system rely on 32-bit libraries to be available, such as getent and anything that relies upon it. Since these pieces can't load 64-bit libraries (which is all that will ship on a 64-bit zone package), the loading of domain based user/group information fails.

A workaround is to inject the 32-bit versions of the following libs into the system:

libintl.so.8
libwinbind-client-samba4.so
libiconv.so.2
libreplace-samba4.so
nss_winbind.so.1 (previously libnss_windbind.so)

Ideally if users are pursuing a simple experience around joining zones to AD/directories, it would be good to have some way of shipping these 32-bit libs. There are other changes that have to be made to ensure the nsswitch.conf changes are effective, which I document here:

TritonDataCenter/smartos-live#383 (comment)

Potentially this could be a separate package that simply contains the libs. I don't forsee this being an issue on 32-bit systems.

P.S. I did the testing of Samba 4 using a modified version of the Samba 4 source from @sjorge here: http://pkg.blackdot.be

jperkin pushed a commit that referenced this issue Aug 24, 2015
Upstream changes:

1.6.2 (2015-02-15)

Changes:

    Added check for breaking around a binary operator. (Issue #197, Pull #305)

Bugs:

    Restored config_file parameter in process_options(). (Issue #380)

1.6.1 (2015-02-08)

Changes:

    Assign variables before referenced. (Issue #287)

Bugs:

    Exception thrown due to unassigned local_dir variable. (Issue #377)

1.6.0 (2015-02-06)

News:

    Ian Lee <ianlee1521@gmail.com> joined the project as a maintainer.

Changes:

    Report E731 for lambda assignment. (Issue #277)
    Report E704 for one-liner def instead of E701. Do not report this error in the default configuration. (Issue #277)
    Replace codes E111, E112 and E113 with codes E114, E115 and E116 for bad indentation of comments. (Issue #274)
    Report E266 instead of E265 when the block comment starts with multiple #. (Issue #270)
    Report E402 for import statements not at the top of the file. (Issue #264)
    Do not enforce whitespaces around ** operator. (Issue #292)
    Strip whitespace from around paths during normalization. (Issue #339 / #343)
    Update --format documentation. (Issue #198 / Pull Request #310)
    Add .tox/ to default excludes. (Issue #335)
    Do not report E121 or E126 in the default configuration. (Issues #256 / #316)
    Allow spaces around the equals sign in an annotated function. (Issue #357)
    Allow trailing backslash if in an inline comment. (Issue #374)
    If --config is used, only that configuration is processed. Otherwise, merge the user and local configurations are merged. (Issue #368 / #369)

Bug fixes:

    Don’t crash if Checker.build_tokens_line() returns None. (Issue #306)
    Don’t crash if os.path.expanduser() throws an ImportError. (Issue #297)
    Missing space around keyword parameter equal not always reported, E251. (Issue #323)
    Fix false positive E711/E712/E713. (Issues #330 and #336)
    Do not skip physical checks if the newline is escaped. (Issue #319)
    Flush sys.stdout to avoid race conditions with printing. See flake8 bug: https://gitlab.com/pycqa/flake8/issues/17 for more details. (Issue #363)
@jperkin jperkin closed this as completed in 3e0e2a8 Oct 5, 2015
@sjorge
Copy link

sjorge commented Oct 5, 2015

Wrong issue?

~ sjorge

On 2015-10-05 14:30, Jonathan Perkin wrote:

Closed #274 [1] via 3e0e2a8 [2].

Reply to this email directly or view it on GitHub [3].

Links:

[1] TritonDataCenter/pkgsrc#274
[2]
TritonDataCenter/pkgsrc@3e0e2a8
[3] TritonDataCenter/pkgsrc#274 (comment)

@mamash
Copy link

mamash commented Oct 5, 2015

That's Github auto-closing logic that can't be turned off.

@mamash mamash reopened this Oct 5, 2015
jperkin pushed a commit that referenced this issue Dec 14, 2015
# Liquid Version History

## 3.0.5 / 2015-07-23 / branch "3-0-stable"

* Fix test failure under certain timezones [Dylan Thacker-Smith]

## 3.0.4 / 2015-07-17

* Fix chained access to multi-dimensional hashes [Florian Weingarten]

## 3.0.3 / 2015-05-28

* Fix condition parse order in strict mode (#569) [Justin Li, pushrax]

## 3.0.2 / 2015-04-24

* Expose VariableLookup private members (#551) [Justin Li, pushrax]
* Documentation fixes

## 3.0.1 / 2015-01-23

* Remove duplicate `index0` key in TableRow tag (#502) [Alfred Xing]

## 3.0.0 / 2014-11-12

* Removed Block#end_tag. Instead, override parse with `super` followed by your code. See #446 [Dylan Thacker-Smith, dylanahsmith]
* Fixed condition with wrong data types, see #423 [Bogdan Gusiev]
* Add url_encode to standard filters, see #421 [Derrick Reimer, djreimer]
* Add uniq to standard filters [Florian Weingarten, fw42]
* Add exception_handler feature, see #397 and #254 [Bogdan Gusiev, bogdan and Florian Weingarten, fw42]
* Optimize variable parsing to avoid repeated regex evaluation during template rendering #383 [Jason Hiltz-Laforge, jasonhl]
* Optimize checking for block interrupts to reduce object allocation #380 [Jason Hiltz-Laforge, jasonhl]
* Properly set context rethrow_errors on render! #349 [Thierry Joyal, tjoyal]
* Fix broken rendering of variables which are equal to false, see #345 [Florian Weingarten, fw42]
* Remove ActionView template handler [Dylan Thacker-Smith, dylanahsmith]
* Freeze lots of string literals for new Ruby 2.1 optimization, see #297 [Florian Weingarten, fw42]
* Allow newlines in tags and variables, see #324 [Dylan Thacker-Smith, dylanahsmith]
* Tag#parse is called after initialize, which now takes options instead of tokens as the 3rd argument. See #321 [Dylan Thacker-Smith, dylanahsmith]
* Raise `Liquid::ArgumentError` instead of `::ArgumentError` when filter has wrong number of arguments #309 [Bogdan Gusiev, bogdan]
* Add a to_s default for liquid drops, see #306 [Adam Doeler, releod]
* Add strip, lstrip, and rstrip to standard filters [Florian Weingarten, fw42]
* Make if, for & case tags return complete and consistent nodelists, see #250 [Nick Jones, dntj]
* Prevent arbitrary method invocation on condition objects, see #274 [Dylan Thacker-Smith, dylanahsmith]
* Don't call to_sym when creating conditions for security reasons, see #273 [Bouke van der Bijl, bouk]
* Fix resource counting bug with respond_to?(:length), see #263 [Florian Weingarten, fw42]
* Allow specifying custom patterns for template filenames, see #284 [Andrei Gladkyi, agladkyi]
* Allow drops to optimize loading a slice of elements, see #282 [Tom Burns, boourns]
* Support for passing variables to snippets in subdirs, see #271 [Joost Hietbrink, joost]
* Add a class cache to avoid runtime extend calls, see #249 [James Tucker, raggi]
* Remove some legacy Ruby 1.8 compatibility code, see #276 [Florian Weingarten, fw42]
* Add default filter to standard filters, see #267 [Derrick Reimer, djreimer]
* Add optional strict parsing and warn parsing, see #235 [Tristan Hume, trishume]
* Add I18n syntax error translation, see #241 [Simon Hørup Eskildsen, Sirupsen]
* Make sort filter work on enumerable drops, see #239 [Florian Weingarten, fw42]
* Fix clashing method names in enumerable drops, see #238 [Florian Weingarten, fw42]
* Make map filter work on enumerable drops, see #233 [Florian Weingarten, fw42]
* Improved whitespace stripping for blank blocks, related to #216 [Florian Weingarten, fw42]

## 2.6.3 / 2015-07-23 / branch "2-6-stable"

* Fix test failure under certain timezones [Dylan Thacker-Smith]
@JeremyEinfeld
Copy link

JeremyEinfeld commented Apr 18, 2016

Not a solution to this issue, but it would be worth expanding on the work-around for those seeking one.

Here is a one-liner to install 32-bit libraries into a 64-bit zone, using the pkgsrc settings with i386 substituted for x86_64:

env $(sed -n 's/x86_64/i386/p' /opt/local/etc/pkg_install.conf) pkg_add -I -m i386 -P /opt/i386 samba

Linking the respective libnss_windbind.so files:

ln -s libnss_winbind.so /opt/local/lib/nss_winbind.so.1
ln -s libnss_winbind.so /opt/i386/opt/local/lib/nss_winbind.so.1

Adding the necessary ld.config paths for those libraries:

crle -c /var/ld/ld.config -l /opt/i386/opt/local/lib:/opt/i386/opt/local/lib/samba/private -u
crle -64 -c /var/ld/64/ld.config -l /opt/local/lib -u

Pulled from https://github.com/Faithlife/BasicWinbind/blob/master/setup.sh

jperkin pushed a commit that referenced this issue Nov 1, 2016
v28.7.0
-------

* #832: Moved much of the namespace package handling
  functionality into a separate module for re-use in something
  like #789.
* #830: ``sdist`` command no longer suppresses the inclusion
  of data files, re-aligning with the expectation of distutils
  and addressing #274 and #521.

v28.6.1
-------

* #816: Fix manifest file list order in tests.
wiedi pushed a commit to wiedi/pkgsrc-legacy that referenced this issue Dec 1, 2016
-------------------------------
    Added U+25B6 (black right-pointing triangle) and U+25C0
       (black left-pointing triangle) (TritonDataCenter#289)
    Changed look of Markdown headers ## ### #### to make them easier to tell apart (TritonDataCenter#287)
    Fixed BBEdit incorrectly applying ligatures after tab (TritonDataCenter#274)
    Returned Nim pragmas {. .} (TritonDataCenter#279)
    Added Unicode increment U+2206 (TritonDataCenter#174, TritonDataCenter#298)
    Added fish operators >-> <-< (TritonDataCenter#297)
    Added safe navigation operators ?. .? ?: (TritonDataCenter#215)
    Added <~> (TritonDataCenter#179, used in IntelliJ for collapsed methods)
    Added F# piping operators ||> |||> <|| <||| (TritonDataCenter#184)
    Added shebang #! (TritonDataCenter#169, TritonDataCenter#193)
wiedi pushed a commit to wiedi/pkgsrc-legacy that referenced this issue Dec 10, 2016
Changes since release 131:

v1.7.4.2
- fix : Makefile : release build compatible with PIE and customized
  compilation directives provided through environment variables (TritonDataCenter#274,
  reported by Antoine Martin)

v1.7.4
- Improved : much better speed in -mx32 mode
- cli : fix : Large file support in 32-bits mode on Mac OS-X
- fix : compilation on gcc 4.4 (TritonDataCenter#272), reported by Antoine Martin

v1.7.3
- Changed : moved to versioning; package, cli and library have same
  version number
- Improved: Small decompression speed boost
- Improved: Small compression speed improvement on 64-bits systems
- Improved: Small compression ratio and speed improvement on small files
- Improved: Significant speed boost on ARMv6 and ARMv7
- Fix : better ratio on 64-bits big-endian targets
- Improved cmake build script, by Evan Nemerson
- New liblz4-dll project, by Przemyslaw Skibinki
- Makefile: Generates object files (*.o) for faster (re)compilation on
  low power systems
- cli : new : --rm and --help commands
- cli : new : preserved file attributes, by Przemyslaw Skibinki
- cli : fix : crash on some invalid inputs
- cli : fix : -t correctly validates lz4-compressed files, by Nick
  Terrell
- cli : fix : detects and reports fread() errors, thanks to Hiroshi
  Fujishima report TritonDataCenter#243
- cli : bench : new : -r recursive mode
- lz4cat : can cat multiple files in a single command line (TritonDataCenter#184)
- Added : doc/lz4_manual.html, by Przemyslaw Skibinski
- Added : dictionary compression and frame decompression examples, by
  Nick Terrell
- Added : Debianization, by Evgeniy Polyakov
jperkin pushed a commit that referenced this issue Mar 20, 2017
## 2.0.7 (2017-03-19)

* Do not modify BasicObject during template compilation on ruby 2.0+ (#309, jeremyevans)

## 2.0.6 (2017-01-26)

* Add support for LiveScript (#286, @Announcement Jacob Francis Powers)
* Add support for Sigil (#302, winebarrel)
* Add support for Erubi (#308, jeremyevans)
* Add support for options in Liquid (#298, #299, laCour)
* Always sort locals by strings (#307, jeremyevans)

* Fix test warnings (#305, amatsuda)
* Fix indentation (#293, yui-knk)
* Use SVG badges in README (#294, vasinov)
* Fix typo and trailing space (#295, #296, karloescota)

## 2.0.5 (2016-06-02)

* Add support for reST using Pandoc (#284, mfenner)
* Make lazy loading thread-safe; remove warning (judofyr)

## 2.0.4 (2016-05-16)

* Fix regression in BuilderTemplate (#283, judofyr)

## 2.0.3 (2016-05-12)

* Add Pandoc support (#276, jmuheim)
* Add CommonMark support (#282, raphink)
* Add TypeScript support (#278, nghitran)
* Work with frozen string literal (#274, jeremyevans)
* Add MIME type for Babel (#273, SaitoWu)

## 2.0.2 (2016-01-06)

* Pass options to Redcarpet (#250, hughbien)
* Haml: Improve error message on frozen self (judofyr)
* Add basic support for Babel (judofyr)
* Add support for .litcoffee (#243, judofyr, mr-vinn)
* Document Tilt::Cache (#266, tommay)
* Sort local keys for better caching (#257, jeremyevans)
* Add more CSV options (#256, Juanmcuello)
* Add Prawn template (kematzy)
* Improve cache-miss performance in Tilt::Cache (#251, tommay)
* Add man page (#241, josephholsten)
* Support YAML/JSON data in bin/tilt (#241, josephholsten)

## 2.0.1 (2014-03-21)

* Fix Tilt::Mapping bug in Ruby 2.1.0 (9589652c569760298f2647f7a0f9ed4f85129f20)
* Fix `tilt --list` (#223, Achrome)
* Fix circular require (#221, amarshall)

## 2.0.0 (2013-11-30)

* Support Pathname in Template#new (#219, kabturek)
* Add Mapping#templates_for (judofyr)
* Support old-style #register (judofyr)
* Add Handlebars as external template engine (#204, judofyr, jimothyGator)
* Add org-ruby as external template engine (#207, judofyr, minad)
* Documentation typo (#208, elgalu)

## 2.0.0.beta1 (2013-07-16)

* Documentation typo (#202, chip)
* Use YARD for documentation (#189, judofyr)
* Add Slim as an external template engine (judofyr)
* Add Tilt.templates_for (#121, judofyr)
* Add Tilt.current_template (#151, judofyr)
* Avoid loading all files in tilt.rb (#160, #187, judofyr)
* Implement lazily required templates classes (#178, #187, judofyr)
* Move #allows_script and default_mime_type to metadata (#187, judofyr)
* Introduce Tilt::Mapping (#187, judofyr)
* Make template compilation thread-safe (#191, judofyr)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants