Found the problem. When creating the SPN you shouldn't put
@YOUR_REALM_NAME.TLD in the principal name (also shouldn't be there for the
export). The wiki should probably be updated to reflect this.
Cheers,
Justin.
> Sent: Tuesday, 4 June 2013 5:42 PM
>
> Hi,
>
> I'm trying to get an IMAP server to authenticate using Kerberos rather
than
> storing and sending passwords all over the place. I've tried to do
this
> following the instructions for setting up Apache SSO
> (https://wiki.samba.org/index.php/Samba4/beyond#Apache_Single_Sign-
> On) but am unable to export the keytab. Searching through the list it
looks
> like a few others have experienced the same problem but I don't see any
> solutions. The error I get when exporting is as follows.
>
> ERROR(runtime): uncaught exception - Key table entry not found
> File "/usr/local/samba/lib/python2.7/site-
> packages/samba/netcmd/__init__.py", line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/local/samba/lib/python2.7/site-
> packages/samba/netcmd/domain.py", line 103, in run
> net.export_keytab(keytab=keytab, principal=principal)
>
> I've checked to see that the spn has been created and is associated
with the
> user and it is. Any ideas on what could be causing this?
>
> Also, wouldn't it be a better idea to add the spn to the machine
account
> rather than create a user account? How could this be done? Is there a way
> to create machine accounts from the command line rather than through
"AD
> Users and Computers" on a Windows box?
>
> Cheers,
> Justin.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba