search for: addent

...N.LOCAL dovecot >> samba-tool spn add imap/server.domain.local at DOMAIN.LOCAL dovecot > Did that too. No issue there. Well you must substitute server.domain.local with your mailserver fqdn and DOMAIN.LOCAL with HPRS.LOCAL. > >> 3. Create the keytab file >> ktutil >> addent -password -p smtp/server.domain.local at DOMAIN.LOCAL -k 1 -e >> arcfour-hmac >> addent -password -p imap/server.domain.local at DOMAIN.LOCAL -k 1 -e >> arcfour-hmac >> wkt /etc/dovecot/dovecot.keytab > As you can see, your text wrapped, but from the error message I got I...

...9;s. Use the password for user dovecot during keytab creation. 1. Create an user samba-tool create user dovcot 2. Add the spn samba-tool spn add smtp/server.domain.local at DOMAIN.LOCAL dovecot samba-tool spn add imap/server.domain.local at DOMAIN.LOCAL dovecot 3. Create the keytab file ktutil addent -password -p smtp/server.domain.local at DOMAIN.LOCAL -k 1 -e arcfour-hmac addent -password -p imap/server.domain.local at DOMAIN.LOCAL -k 1 -e arcfour-hmac wkt /etc/dovecot/dovecot.keytab 4. Add this to your dovecot config # Kerberos auth_gssapi_hostname = "$ALL" auth_krb5_keytab = /...

...n't mention that, so I hope it's OK. > 2. Add the spn > samba-tool spn add smtp/server.domain.local at DOMAIN.LOCAL dovecot > samba-tool spn add imap/server.domain.local at DOMAIN.LOCAL dovecot Did that too. No issue there. > > 3. Create the keytab file > ktutil > addent -password -p smtp/server.domain.local at DOMAIN.LOCAL -k 1 -e > arcfour-hmac > addent -password -p imap/server.domain.local at DOMAIN.LOCAL -k 1 -e > arcfour-hmac > wkt /etc/dovecot/dovecot.keytab As you can see, your text wrapped, but from the error message I got I assumed the -e [e...

...tab file and did the following: $ samba-tool user delete dovecot $ samba-tool user add dovecot # again, that asked for a password and I assigned one. $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot $ ktutil ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac Password for smtp/mail.hprs.local at HPRS.LOCAL: ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac Password for imap/mail.hprs.local at HPRS.LOCAL: ktutil: wkt /etc/dovecot/dovecot.keytab ktutil...

...ool user delete dovecot > $ samba-tool user add dovecot > > # again, that asked for a password and I assigned one. > > $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot > $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot > > $ ktutil > ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac > Password for smtp/mail.hprs.local at HPRS.LOCAL: > ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac > Password for imap/mail.hprs.local at HPRS.LOCAL: > ktutil: wkt /etc/dovecot/d...

I think the problem still is that your keytab file has no entry imap/hostname at DOMAIN and IMAP/hostname at DOMAIN you also have no host/hostname at DOMAIN Aki On 29.06.2016 18:40, Mark Foley wrote: > Yes, I think that's exactly correct. I just made a similar reply to Edgar Pettijohn about that. > The Thunderbird message is: > > "The Kerberos/GSSAPI ticket was not accepted

...l user add dovecot > > > > # again, that asked for a password and I assigned one. > > > > $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot > > $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot > > > > $ ktutil > > ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac > > Password for smtp/mail.hprs.local at HPRS.LOCAL: > > ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac > > Password for imap/mail.hprs.local at HPRS.LOCAL: > > ktutil:...

...l user add dovecot > > > > # again, that asked for a password and I assigned one. > > > > $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot > > $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot > > > > $ ktutil > > ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac > > Password for smtp/mail.hprs.local at HPRS.LOCAL: > > ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac > > Password for imap/mail.hprs.local at HPRS.LOCAL: > > ktutil:...

...gt;> >>> # again, that asked for a password and I assigned one. >>> >>> $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot >>> $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot >>> >>> $ ktutil >>> ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac >>> Password for smtp/mail.hprs.local at HPRS.LOCAL: >>> ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac >>> Password for imap/mail.hprs.local at HPRS.LOCAL: >>...

...gain, that asked for a password and I assigned one. >>>> >>>> $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot >>>> $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot >>>> >>>> $ ktutil >>>> ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 >>>> -e arcfour-hmac >>>> Password for smtp/mail.hprs.local at HPRS.LOCAL: >>>> ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 >>>> -e arcfour-hmac >>>> Password...

...quot; problem? I found letter than it was fixes in Apr 2016, this for example https://lists.samba.org/archive/samba-technical/2016-April/113598.html From what samba version it work correctly? I try to create keytab from proxy server with ktutil: ----------- [root at proxy squid]# ktutil ktutil: addent -password -p HTTP/proxy.S****.ru at DC.S****.RU -k 1 -e des-cbc-crc Password for HTTP/proxy.S****.ru at DC.S****.RU: ktutil: addent -password -p HTTP/proxy.S****.ru at DC.S****.RU -k 1 -e des-cbc-md5 Password for HTTP/proxy.S****.ru at DC.S****.RU: ktutil: addent -password -p HTTP/proxy.S****.r...

...ast comment on the blog says: Just an hint for someone else who stumbles across the same problem, if you?re using Samba 4 as an AD DC, then kinit with the keytab created in the script instructions above won?t work as samba4 doesn?t seem to like the encryption type. Use -e arcfour-hmac-md5 with the addent command instead. The first script posted on the blog states # keytab can be generated using # $ ktutil # ktutil: addent -password -p dhcpduser at EXAMPLE.COM -k 1 -e aes256-cts-hmac-sha1-96 # Password for dhcpduser at EXAMPLE.COM: # ktutil: wkt dhcpduser.keytab # ktutil: quit but next changes in...

Hi list Does anyone has experience in setting up dovecot or any other mail system with user auth against a Samba4 AD ? If yes could I get some advice on that Topic or even a link to a ressource where I can get some Information. Googled a lot but didn't find something yet. Thankx in advance. -- Mit freundlichem Gru? Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49

...ure of the syntax of even the microsoft command. In step 5 it looked like they created a user apache but I don't see that in the command at all. even if I was able to run it I don't know what arguments to put in. I saw other sites that suggest using ktutil instead. I ran #ktutil ktutil: addent -password -p apache@<mydomain> -k 1 -e RC4-HMAC Password for apache@<mydomain>: ktutil: wkt /etc/krb5.keytab ktutil: q as one of the sites suggested and kinit apache@<mydomain> worked with the password and kinit apache@<mydomain> -k -t /etc/krb5.keytab worked without...

...re enough and that AES-256 (I think I read this during TLS enablement) is what should be used. >> >> Mike > You can use ktutil to add the aes keys manual. You can not use an random password for the user account with this. > > #ktutil > ktutil: rkt [keytabfile] > ktutil: addent -password -p HTTP/intranet.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD <mailto:domain2.domain1.tld at domain2.domain1.tld> -k 1 -e aes256-cts-hmac-sha1-96 > ktutil: [enter the password used for web-intranet-macmini] > ktutil: wkt [keytabfile] > ktutil: q > > I have not tested t...

...that DES is not secure enough and that > AES-256 (I think I read this during TLS enablement) is what should be > used. > > Mike You can use ktutil to add the aes keys manual. You can not use an random password for the user account with this. #ktutil ktutil: rkt [keytabfile] ktutil: addent -password -p HTTP/intranet.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD <mailto:domain2.domain1.tld at domain2.domain1.tld> -k 1 -e aes256-cts-hmac-sha1-96 ktutil: [enter the password used for web-intranet-macmini] ktutil: wkt [keytabfile] ktutil: q I have not tested this but it should work...

> ... you don't get the /etc/krb5.keytab by default on a DC, you will need > to create it: > > samba-tool domain exportkeytab /etc/krb5.keytab Excellent! Thank you. I've done that now, but I have more issues more appropriate to a reply to mathias' message following. --Mark -----Original Message----- > To: samba at lists.samba.org > From: Rowland penny <rpenny

Hi guys, This seems to be a well-known problem with mount.cifs on Ubuntu 12.04. Unfortunately, although I have applied the suggestions I found with google, I can't seem to be able to get mount.cifs to work with kerberos. I am trying to use kerberos to mount my Windows shares because this is the only allowed secure way in my company to connect to shares. Before anyone asks, I can successfully

> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > > Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba: >> Experts— >> >> I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error: >> >> ERROR(runtime): uncaught exception - Key table entry not