On Fri, 01 Dec 2023 16:23:37 +0000
bd730c5053df9efb via samba <samba at lists.samba.org> wrote:
> Hello!
>
> I'm trying to setup dovecot to do single sign on with a samba 4.18.9
> DC on slackware 15.0 (in case the experimental mit thing we discussed
> yesterday could be part of the issue) following
>
https://wiki.samba.org/index.php/Authenticating_Dovecot_against_Active_Directory
> and
> https://doc.dovecot.org/configuration_manual/authentication/kerberos/
>
> I executed the commands
> samba-tool spn add imap/host.samdom.example.com dovecotuser
> samba-tool domain exportkeytab --principal
> imap/host.samdom.example.com /root/dovecot.keytab
>
> but when I check the created keytab with the command
> klist -Kek /etc/dovecot/dovecot.keytab the output is as follows
> Keytab name: FILE:dovecot.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
> 3 imap/host.samdom.example.com at EXAMPLE.COM (DEPRECATED:arcfour-hmac)
> (0x6a83392f4fe666aa7e4e14033ef54896)
>
> I know I have tried this before in another slackware setup and I'm
> postive the output of this command included other algorithms but I
> don't have that environment available anymore to check samba's or
> slackware's version or the output of the command.
>
> Is there a reason why I only get the arcfour-hmac encryption and not
> any of the others I saw documented in the forementioned pages? Is
> there something I can do to modify this without recompiling samba? If
> not, Is it possible to compile samba without linking it to MIT while
> MIT is installed instead of heimdall.
>
> Thanks in advance.
> Best regards,
> Dave.
>
What does 'sudo net ads enctypes list host$ -UAdministrator' show ?
Rowland