Build of Samba 3.5.4 on FreeBSD platform with AD support fails, as linking with KRB5 libs is incomplete due the usage of --as-needed flag. To make the story short it's exactly the same problem with the FreeBSD's base Heimdal libraries as with so longly discussed libreadline issue on CentOS5 in the #7209. Here are some quotes: Compiling libsmb/clikrb5.c libsmb/clikrb5.c:1646:2: error: #error UNKNOWN_KRB5_ENCTYPE_TO_STRING_FUNCTION libsmb/clikrb5.c: In function 'smb_krb5_principal_get_realm': libsmb/clikrb5.c:2255: warning: return discards qualifiers from pointer target type This is result of the failed test: checking for krb5_error_code krb5_enctype_to_string(krb5_context context, krb5_enctype enctype, char **str)... no checking for krb5_error_code krb5_enctype_to_string(krb5_enctype enctype, char *str, size_t len)... no The first test actually should succeed, as it's pretty valid for Heimdal, which is in the code base of FreeBSD: #krb5-config --version FreeBSD heimdal 1.1.0 $Id: krb5-config.in 20528 2007-04-22 13:22:16Z lha $ And compilation goes smoothly, but execution of the test - doesn't: configure:72487: cc -o conftest -I/usr/include -O2 -pipe -DLDAP_DEPRECATED -fno -strict-aliasing -Werror -I/usr/include -I/usr/include -I/usr/include -I/usr/lo cal/include -D_REENTRANT -D_THREAD_SAFE -I/usr/local/include -Iinclude -I./inc lude -I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddns -I./librpc -I./. . -I./../lib/popt -I/usr/local/include -I/usr/local/include -DLDAP_DEPRECATED - Wl,--as-needed -L/usr/local/lib -Wl,-R/usr/local/lib -L/usr/local/lib -L./bin - L/usr/local/lib conftest.c -lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypt o -lasn1 -lroken -lcrypt -lexecinfo -liconv >&5 configure:72491: $? = 0 configure:72497: ./conftest /libexec/ld-elf.so.1: /usr/lib/libkrb5.so.10: Undefined symbol "initialize_asn1_error_table_r" The missing symbol is present in: libasn1.so.10:000000000004fc40 T initialize_asn1_error_table_r And it is mentioned in the list of libraries to link against to, but, unfortunatelly: #ldd ./libkrb5.so.10 ./libkrb5.so.10: libc.so.7 => /lib/libc.so.7 (0x800647000) libkrb5, where krb5_enctype_to_string() is defined, linked only against libc and not the rest of the Heimdal libraries. I can't explain the reason for this right now, but have to deal with it somehow. --as-needed effectively removes libasn1 from the list of the libraries to link with(as it's not direclty mentioned) and that breaks compilation. So far I'm using initial Metze's patch from #7209 to work around this problem.
/usr/lib/libkrb5.so.10 seems not to be linked against asn1 even though it needs to. If you can confirm that you should file a bug report for that package. Further more the it looks like FreBSD's GNU ld suffers from the bug that is demonstrated in https://bugzilla.samba.org/show_bug.cgi?id=7209#c17
Bjorn, that's exactly what I stated in my report - there are problems. In particular, problems with the linked libraries list for Heimdal Kerberos from the FreeBSD base do exist for at least 5 years and, possibly, will stay where they are for the next 5 years. Read this: http://lists.freebsd.org/pipermail/freebsd-stable/2005-October/018809.html Base FreeBSD system DOES NOT consist from the packages and can not be updated after the OS release due the binary compatability reasons. Even if the report about broken Heimdal is taken as a high prio, the closest date when general public will see the results would be the end of this year. As for the ld issue it may take even longer. It would be nice to live in an ideal world, where all the *nix-like OSes are fully POSIX compliant, work exactly the same way and it be peace on Earth. so far this isn't happen and seems peace on Earth is easier to achieve. The point of my bug report is that ATM there are already two cases when some broken or misconfigured libraries from the third-parity software do break Samba build. And it's just matter of time when another platform and set of libraries will be affected. I don't believe that optimization you get by using --as-needed flag is worth the hassle. After all, noone asks to remove this option - just give maintaners ability to disable it on demand, as original metze's patch let us to do.
09944302a195a3571dde29e3f77134a7542e1077 now reintroduces the previous configure option from metze and 2a8399f7ce676e7e4fa70e8f8f04ba2876350695 now disables as-needed if the bug from https://bugzilla.samba.org/show_bug.cgi?id=7209#c17 is found. Can you confirm it works for you as desired?
c58aeaaf311d4b1ec50cd9a606969c5643dd1380 is also required on FreeBSD for automatic recognition of broken ld releases