Displaying 19 results from an estimated 19 matches for "addent".
Did you mean:
addend
2016 Jun 30
3
Where is krb5.keytab or equivalent?
...N.LOCAL dovecot
>> samba-tool spn add imap/server.domain.local at DOMAIN.LOCAL dovecot
> Did that too. No issue there.
Well you must substitute server.domain.local with your mailserver fqdn
and DOMAIN.LOCAL with HPRS.LOCAL.
>
>> 3. Create the keytab file
>> ktutil
>> addent -password -p smtp/server.domain.local at DOMAIN.LOCAL -k 1 -e
>> arcfour-hmac
>> addent -password -p imap/server.domain.local at DOMAIN.LOCAL -k 1 -e
>> arcfour-hmac
>> wkt /etc/dovecot/dovecot.keytab
> As you can see, your text wrapped, but from the error message I got I...
2016 Jun 30
2
Where is krb5.keytab or equivalent?
...9;s. Use the password for user dovecot during keytab creation.
1. Create an user
samba-tool create user dovcot
2. Add the spn
samba-tool spn add smtp/server.domain.local at DOMAIN.LOCAL dovecot
samba-tool spn add imap/server.domain.local at DOMAIN.LOCAL dovecot
3. Create the keytab file
ktutil
addent -password -p smtp/server.domain.local at DOMAIN.LOCAL -k 1 -e
arcfour-hmac
addent -password -p imap/server.domain.local at DOMAIN.LOCAL -k 1 -e
arcfour-hmac
wkt /etc/dovecot/dovecot.keytab
4. Add this to your dovecot config
# Kerberos
auth_gssapi_hostname = "$ALL"
auth_krb5_keytab = /...
2016 Jun 30
0
Where is krb5.keytab or equivalent?
...n't mention that, so I hope it's OK.
> 2. Add the spn
> samba-tool spn add smtp/server.domain.local at DOMAIN.LOCAL dovecot
> samba-tool spn add imap/server.domain.local at DOMAIN.LOCAL dovecot
Did that too. No issue there.
>
> 3. Create the keytab file
> ktutil
> addent -password -p smtp/server.domain.local at DOMAIN.LOCAL -k 1 -e
> arcfour-hmac
> addent -password -p imap/server.domain.local at DOMAIN.LOCAL -k 1 -e
> arcfour-hmac
> wkt /etc/dovecot/dovecot.keytab
As you can see, your text wrapped, but from the error message I got I assumed the -e [e...
2016 Jun 30
0
Where is krb5.keytab or equivalent?
...tab file and did the following:
$ samba-tool user delete dovecot
$ samba-tool user add dovecot
# again, that asked for a password and I assigned one.
$ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot
$ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot
$ ktutil
ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac
Password for smtp/mail.hprs.local at HPRS.LOCAL:
ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac
Password for imap/mail.hprs.local at HPRS.LOCAL:
ktutil: wkt /etc/dovecot/dovecot.keytab
ktutil...
2016 Jun 30
2
Where is krb5.keytab or equivalent?
...ool user delete dovecot
> $ samba-tool user add dovecot
>
> # again, that asked for a password and I assigned one.
>
> $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot
> $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot
>
> $ ktutil
> ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac
> Password for smtp/mail.hprs.local at HPRS.LOCAL:
> ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac
> Password for imap/mail.hprs.local at HPRS.LOCAL:
> ktutil: wkt /etc/dovecot/d...
2016 Jun 30
2
Looking for GSSAPI config [was: Looking for NTLM config example]
I think the problem still is that your keytab file has no entry
imap/hostname at DOMAIN and IMAP/hostname at DOMAIN
you also have no host/hostname at DOMAIN
Aki
On 29.06.2016 18:40, Mark Foley wrote:
> Yes, I think that's exactly correct. I just made a similar reply to Edgar Pettijohn about that.
> The Thunderbird message is:
>
> "The Kerberos/GSSAPI ticket was not accepted
2016 Jul 01
3
Where is krb5.keytab or equivalent?
...l user add dovecot
> >
> > # again, that asked for a password and I assigned one.
> >
> > $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot
> > $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot
> >
> > $ ktutil
> > ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac
> > Password for smtp/mail.hprs.local at HPRS.LOCAL:
> > ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac
> > Password for imap/mail.hprs.local at HPRS.LOCAL:
> > ktutil:...
2016 Jul 01
0
Where is krb5.keytab or equivalent?
...l user add dovecot
> >
> > # again, that asked for a password and I assigned one.
> >
> > $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot
> > $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot
> >
> > $ ktutil
> > ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac
> > Password for smtp/mail.hprs.local at HPRS.LOCAL:
> > ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac
> > Password for imap/mail.hprs.local at HPRS.LOCAL:
> > ktutil:...
2016 Jul 01
0
Where is krb5.keytab or equivalent?
...gt;>
>>> # again, that asked for a password and I assigned one.
>>>
>>> $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot
>>> $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot
>>>
>>> $ ktutil
>>> ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac
>>> Password for smtp/mail.hprs.local at HPRS.LOCAL:
>>> ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac
>>> Password for imap/mail.hprs.local at HPRS.LOCAL:
>>...
2016 Jul 01
2
Where is krb5.keytab or equivalent?
...gain, that asked for a password and I assigned one.
>>>>
>>>> $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot
>>>> $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot
>>>>
>>>> $ ktutil
>>>> ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1
>>>> -e arcfour-hmac
>>>> Password for smtp/mail.hprs.local at HPRS.LOCAL:
>>>> ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1
>>>> -e arcfour-hmac
>>>> Password...
2017 Nov 30
2
added spn and exported keytab not match
...quot; problem?
I found letter than it was fixes in Apr 2016, this for example
https://lists.samba.org/archive/samba-technical/2016-April/113598.html
From what samba version it work correctly?
I try to create keytab from proxy server with ktutil:
-----------
[root at proxy squid]# ktutil
ktutil: addent -password -p HTTP/proxy.S****.ru at DC.S****.RU -k 1 -e
des-cbc-crc
Password for HTTP/proxy.S****.ru at DC.S****.RU:
ktutil: addent -password -p HTTP/proxy.S****.ru at DC.S****.RU -k 1 -e
des-cbc-md5
Password for HTTP/proxy.S****.ru at DC.S****.RU:
ktutil: addent -password -p HTTP/proxy.S****.r...
2013 Oct 11
3
Removing a domain controller help needed
...ast comment on the blog says:
Just an hint for someone else who stumbles across the same problem, if
you?re using Samba 4 as an AD DC, then kinit with the keytab created in
the script instructions above won?t work as samba4 doesn?t seem to like
the encryption type. Use
-e arcfour-hmac-md5 with the addent command instead.
The first script posted on the blog states
# keytab can be generated using
# $ ktutil
# ktutil: addent -password -p dhcpduser at EXAMPLE.COM -k 1 -e
aes256-cts-hmac-sha1-96
# Password for dhcpduser at EXAMPLE.COM:
# ktutil: wkt dhcpduser.keytab
# ktutil: quit
but next changes in...
2013 Jun 28
3
Samba4 AD and mail auth
Hi list
Does anyone has experience in setting up dovecot or any other mail
system with user auth against a Samba4 AD ? If yes could I get some
advice on that Topic or even a link to a ressource where I can get some
Information. Googled a lot but didn't find something yet.
Thankx in advance.
--
Mit freundlichem Gru?
Carsten Laun-De Lellis
Hauptstrasse 13
D-67705 Trippstadt
Phone: +49
2017 Jan 20
3
how to run ktpass with a Samba AD DC?
...ure of the syntax of even the microsoft command. In step 5 it
looked like they created a user apache but I don't see that in the command
at all.
even if I was able to run it I don't know what arguments to put in.
I saw other sites that suggest using ktutil instead. I ran
#ktutil
ktutil: addent -password -p apache@<mydomain> -k 1 -e RC4-HMAC
Password for apache@<mydomain>:
ktutil: wkt /etc/krb5.keytab
ktutil: q
as one of the sites suggested and
kinit apache@<mydomain>
worked with the password
and
kinit apache@<mydomain> -k -t /etc/krb5.keytab
worked without...
2016 Sep 14
1
Exporting keytab for SPN failure
...re enough and that AES-256 (I think I read this during TLS enablement) is what should be used.
>>
>> Mike
> You can use ktutil to add the aes keys manual. You can not use an random password for the user account with this.
>
> #ktutil
> ktutil: rkt [keytabfile]
> ktutil: addent -password -p HTTP/intranet.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD <mailto:domain2.domain1.tld at domain2.domain1.tld> -k 1 -e aes256-cts-hmac-sha1-96
> ktutil: [enter the password used for web-intranet-macmini]
> ktutil: wkt [keytabfile]
> ktutil: q
>
> I have not tested t...
2016 Sep 14
0
Exporting keytab for SPN failure
...that DES is not secure enough and that
> AES-256 (I think I read this during TLS enablement) is what should be
> used.
>
> Mike
You can use ktutil to add the aes keys manual. You can not use an random
password for the user account with this.
#ktutil
ktutil: rkt [keytabfile]
ktutil: addent -password -p
HTTP/intranet.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD
<mailto:domain2.domain1.tld at domain2.domain1.tld> -k 1 -e
aes256-cts-hmac-sha1-96
ktutil: [enter the password used for web-intranet-macmini]
ktutil: wkt [keytabfile]
ktutil: q
I have not tested this but it should work...
2016 Jun 27
6
Where is krb5.keytab or equivalent?
> ... you don't get the /etc/krb5.keytab by default on a DC, you will need
> to create it:
>
> samba-tool domain exportkeytab /etc/krb5.keytab
Excellent! Thank you. I've done that now, but I have more issues more appropriate to a reply to mathias' message following.
--Mark
-----Original Message-----
> To: samba at lists.samba.org
> From: Rowland penny <rpenny
2013 Sep 28
2
mount.cifs and kerberos failure
Hi guys,
This seems to be a well-known problem with mount.cifs on Ubuntu 12.04. Unfortunately, although I have applied the suggestions I found with google, I can't seem to be able to get mount.cifs to work with kerberos. I am trying to use kerberos to mount my Windows shares because this is the only allowed secure way in my company to connect to shares. Before anyone asks, I can successfully
2016 Sep 14
5
Exporting keytab for SPN failure
> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org> wrote:
>
>
>
> Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba:
>> Experts—
>>
>> I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error:
>>
>> ERROR(runtime): uncaught exception - Key table entry not