Samba 3.6.5 install problems

mattymatt79 · June 5, 2012, 1:36pm

Hi all, I'm trying to update my samba 3.5.10 to 3.6.5 due to security CVE issued with 3.5.

I downloaded and unzipped, did the make and make install and the ./configure.
I didn't use any changes to it and it said it installed correctly added it to my path and it looks like it's operating correctly.

This is my first install from source type install and I'm really really confused.
if I use smbclient -L //server/servershare -U username it connects correctly to the domain, and shows all available shares, however; typing smbclient -V gives me 3.5.10.

If I goto the install path of where this new version was installed of /usr/local/samba/bin/smbclient -V it gives me 3.6.5 but I receive the error of NT_STATUS_LOGON_FAILURE.

I don't know honestly what I'm doing wrong, and after trying countless things I've realized a few things.

1: samba is installed in multiple places.

/usr/bin/smbclient gives 3.5.10
/usr/sfw/bin/smbclient gives 3.5.10
/usr/local/samba/bin/smbclient gives 3.6.5

2: It appears, while I did install it, it didn't install correctly due to it being in multiple places.

3: something somewhere is incorrect but I don't know what to do to fix it.

Is there an easy way to fix this? If so, I would really appreciate some help.

Thanks,
Matt

---------- Post updated at 01:36 PM ---------- Previous update was at 07:19 AM ----------

if I run ./configure --prefix=/usr/sfw --with-configdir=/etc/sfw --with-winbind --with-ads --with-ldap --with-krb5=/usr/lib/krb5
I receive an error once the config gets around to the AD and ldap.
checking for ldap_initalize ... no
configure error: active directory support requires ldap_initalize.

So, I'm not sure what library I need to inlcude.
my $LDFLAGS = -L/usr/local/lib am I missing something elsE?

Corona688 · June 5, 2012, 2:12pm

Isn't there a binary you can download from somewhere instead of building it by hand?

mattymatt79 · June 5, 2012, 2:13pm

Yes, but it doesn't close the CVE that is an open finding, which is why I need to install the 3.6.5. Unless you know of where I can download it and update via package add.

Mind you this server is completely closed off from the outside world.

Corona688 · June 6, 2012, 3:08pm

If it's not actually critical, my advice would be to wait until you can get the update from official sources. Building it yourself is prone to all sorts of pitfalls, is prone to install things in weird places(meaning, you can end up with two different versions installed simultaneously and part-overlapping each other), and bypasses your usual package manager in ways likely to cause problems.

mattymatt79 · June 7, 2012, 9:25am

Yeah, that's what we're going to do. We realized it would require updates to OpenLDAP and a bunch of other crap to make this work.

Thank you for the advice.

vbe · June 7, 2012, 10:15am

Hey Matty, did you manage with version 3.5 to auth throught AD?
Im trying to understand (not clear to me...) the reason you upgraded...

mattymatt79 · June 14, 2012, 1:13pm

I was able to connect with the command of smbclient -L//servername/severshare -U username / password and it brings up smb:/> so I can copy move and see files.

I can connect using my AD username / PW is that what you're asking?

The reason for upgrading was the CVE was released and was considered a category I finding. It was determined here, the workaround listed as setting parm = no is suffice enough for us and we will wait until Oracle releases an actual package update.

Thank you all for the help on this.