OpenBSD doesn't like winbind

I just found out from ports that winbind doesn't go into the ports FLAVOR for samba due to it's nature of talking with nsswitch.conf which obsd folks don't support. but .. not all hope is lost. some cool folks at ports send out this patch that you can add into the samba ports to build winbind

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/samba/Makefile,v
retrieving revision 1.105
diff -N -u -p -u Makefile
--- Makefile 30 Jun 2009 21:38:38 -0000 1.105
+++ Makefile 30 Jun 2009 23:20:08 -0000
@@ -60,7 +60,7 @@ CONFIGURE_ARGS= --disable-fam \
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib -Wl,--export-dynamic"

-FLAVORS= cups ldap ads
+FLAVORS= cups ldap ads winbind
FLAVOR?=

MULTI_PACKAGES= -main -docs
@@ -93,6 +93,12 @@ CONFIGURE_ARGS+= --without-ads

.if ${FLAVOR:L:Mads}
WANTLIB+= crypto
+.endif
+
+.if ${FLAVOR:L:Mwinbind}
+CONFIGURE_ARGS+= --with-winbind
+.else
+CONFIGURE_ARGS+= --without-winbind
.endif

PKG_ARCH-docs= *
cvs server: Diffing inside files
cvs server: Diffing inside patches
cvs server: Diffing inside pkg
Index: pkg/PFRAG.winbind-main
===================================================================
RCS file: pkg/PFRAG.winbind-main
diff -N -u -p -u pkg/PFRAG.winbind-main
--- /dev/null 30 Jun 2009 17:20:08 -0000
+++ pkg/PFRAG.winbind-main 30 Jun 2009 23:20:08 -0000
@@ -0,0 +1,6 @@
+@comment $OpenBSD$
+bin/wbinfo
+include/wbclient.h
+lib/libwbclient.so
+lib/libwbclient.so.0
+libexec/winbindd
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/net/samba/pkg/PLIST-main,v
retrieving revision 1.9
diff -N -u -p -u pkg/PLIST-main
--- pkg/PLIST-main 14 May 2009 17:05:46 -0000 1.9
+++ pkg/PLIST-main 30 Jun 2009 23:20:08 -0000
@@ -133,3 +133,4 @@ share/swat/include/footer.html
share/swat/include/header.html
@sample /var/spool/samba/
%%SHARED%%
+%%winbind%%

enjoy =)

Get your kicks on route CVS

CVS just makes life easier, makes the blame game a bit more accurate. but overall simplifies the maintenance of everything that's text.

here's how i did it:

mkdir /cvs-server1
chmod 1770 /cvs-server1
export CVSROOT=/cvs-server1
cvs -d /cvs-server1 init
chown -R _cvs /cvs-server1
chgrp -R cvsgroup /cvs-server1

that's it.. ssh to the box

to import:

export CVS_RSH=/usr/bin/ssh
cvs -d:ext::/cvs-server1 import -m "desc"

to checkout:

export CVS_RSH=/usr/bin/ssh
cvs -d:ext::/cvs-server1 co


I used OpenBSD 4.5 sweetest operating system on the planet. comes with cvs =)

i used _cvs user to tagged the folder as "cvs" it's locked
i used cvsgroup as a group to put in all the cvs-users i have in mind.

it's a simple setup all in all, i didn't even bother to chroot the box since i use this box for one thing. CVS nothing more.

All UID's should be accounted for their actions

I got this off my copy of the openbsd list, this clearly shows how openbsd's state of mind with regards to security.. which makes perfect sense.


from Theo de Raadt
to patrick keshishian
cc ports@openbsd.org
date Mon, Jun 1, 2009 at 11:20 PM
subject Re: user and syslog question for pptp client
mailed-by openbsd.org

hide details 11:20 PM (5 hours ago)


Reply

Follow up message
> Hmm.. kinda feels like a waste to create a new user/group.
> The app doesn't write to any files nor does it have any
> config files (ATM).
>
> How about I stick with nobody?

How about everyone just share the root account?

What are you afraid of, that we'll run out of users and groups?

There are very good documented reasons why we have all daemons
use different uids. Much security is failed from seperation.