I am running Samba 4.1.23 as an AD/DC. It has been running file for more than 1 1/2 years as a AD/DC for mostly Windows workstations. I'm trying to setup Dovecot with gssapi authentication. The config needs the location of the service keys located in the keytab file. The default location it looks for is: /etc/krb5.keytab There is no such file there, nor is there a so-named file on the AD/DC at all. I do find: /etc/samba/private/secrets.keytab /etc/samba/private/dns.keytab Is one of these what I can use for the Dovecot required config? THX --Mark
On 27/06/16 04:27, Mark Foley wrote:> I am running Samba 4.1.23 as an AD/DC. It has been running file for more than 1 1/2 years as a > AD/DC for mostly Windows workstations. > > I'm trying to setup Dovecot with gssapi authentication. The config needs the location of the service > keys located in the keytab file. The default location it looks for is: > > /etc/krb5.keytab > > There is no such file there, nor is there a so-named file on the AD/DC at all. I do find: > > /etc/samba/private/secrets.keytab > /etc/samba/private/dns.keytab > > Is one of these what I can use for the Dovecot required config? > > THX --Mark >Hi, you don't get the /etc/krb5.keytab by default on a DC, you will need to create it: samba-tool domain exportkeytab /etc/krb5.keytab Rowland
You can specify which principal you want in your keytab with samba-tool, check the manual. You can check which principal is in your keytab using klist: klist -k or klist -ke /path/to/keytab 2016-06-27 9:09 GMT+02:00 Rowland penny <rpenny at samba.org>:> On 27/06/16 04:27, Mark Foley wrote: > >> I am running Samba 4.1.23 as an AD/DC. It has been running file for more >> than 1 1/2 years as a >> AD/DC for mostly Windows workstations. >> >> I'm trying to setup Dovecot with gssapi authentication. The config needs >> the location of the service >> keys located in the keytab file. The default location it looks for is: >> >> /etc/krb5.keytab >> >> There is no such file there, nor is there a so-named file on the AD/DC at >> all. I do find: >> >> /etc/samba/private/secrets.keytab >> /etc/samba/private/dns.keytab >> >> Is one of these what I can use for the Dovecot required config? >> >> THX --Mark >> >> > Hi, you don't get the /etc/krb5.keytab by default on a DC, you will need > to create it: > > samba-tool domain exportkeytab /etc/krb5.keytab > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
> ... you don't get the /etc/krb5.keytab by default on a DC, you will need > to create it: > > samba-tool domain exportkeytab /etc/krb5.keytabExcellent! Thank you. I've done that now, but I have more issues more appropriate to a reply to mathias' message following. --Mark -----Original Message-----> To: samba at lists.samba.org > From: Rowland penny <rpenny at samba.org> > Date: Mon, 27 Jun 2016 08:09:47 +0100 > Subject: Re: [Samba] Where is krb5.keytab or equivalent? > > > I am running Samba 4.1.23 as an AD/DC. It has been running file for more than 1 1/2 years as a > > AD/DC for mostly Windows workstations. > > > > I'm trying to setup Dovecot with gssapi authentication. The config needs the location of the service > > keys located in the keytab file. The default location it looks for is: > > > > /etc/krb5.keytab > > > > There is no such file there, nor is there a so-named file on the AD/DC at all. I do find: > > > > /etc/samba/private/secrets.keytab > > /etc/samba/private/dns.keytab > > > > Is one of these what I can use for the Dovecot required config? > > > > THX --Mark > > > > Hi, you don't get the /etc/krb5.keytab by default on a DC, you will need > to create it: > > samba-tool domain exportkeytab /etc/krb5.keytab > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba