search for: keytabfil

...t;>> Is there something glaringly obvious I’m missing? >>>> >>>> Mike >>> Last time i created an SPN it was not neccessary to add the realm part when creating the realm. It should be added automatically adn you can verify it with >>> klist -Kek [your keytabfile] >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> >> >> I did previously create an SPN without...

...gt;> Is there something glaringly obvious I’m missing? >>> >>> Mike >> Last time i created an SPN it was not neccessary to add the realm >> part when creating the realm. It should be added automatically adn >> you can verify it with >> klist -Kek [your keytabfile] >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > > I did previously create an SPN without the realm, but the SPN > attribute on the user also did not contain the realm...

..., and they are correct. >> >> Is there something glaringly obvious I’m missing? >> >> Mike > Last time i created an SPN it was not neccessary to add the realm part when creating the realm. It should be added automatically adn you can verify it with > klist -Kek [your keytabfile] > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba I did previously create an SPN without the realm, but the SPN attribute on the user also did not contain the realm. Then, I deleted the SPN an...

Am 20.12.2016 um 14:50 schrieb Brian Candler via samba: > (2) Can "net ads keytab create" be told to extract just a single named > principal? That would simplify things. But I can't see how to. > > As usual... clues gratefully received. samba-tool domain exportkeytab [keytabfile] --principal=[SPN or UPN] In your case samba-tool domain exportkeytab /etc/krb5.keytab --principal=WRN-RADTEST$

On 12.12.18 15:49, Rowland Penny via samba wrote: > What is your functional level ? What dowes you mean? - dovecot machine is join to domain - keytab is setup. - see the users via wbinfo -u on dovecot server. - dovecot is setup like in the wiki with userdb=static. I have also try to use pam/krb5, when I enter a password I get mails. (Port 143 with starttls) TB setting: server: dovecot ip

...But now i can't explain the mix of `dedicated keytab` and `secrets and keytab` anymore. Here : secrets and keytab Keytab points to in-memory and/or file keytab?? , at least thats how i thought it did work. > > > kerberos method = dedicated keytab > > can be : AnyPath/to/keytabfile. > > kerberos method = secrets and keytab - use the secrets.tdb first, > > then the system keytab > > > > I think we should define "system keytab" a bit beter in smb.conf. > > You are probably right Louis, want to make this your first patch as a > Samba...

...associated with that user, and they are correct. > > Is there something glaringly obvious I’m missing? > > Mike Last time i created an SPN it was not neccessary to add the realm part when creating the realm. It should be added automatically adn you can verify it with klist -Kek [your keytabfile]

...> Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] [Solved] GSSAPI/Kerberos authenticate > with Dovecot > > OK, for now it seem to work. > > Server: dovecot.my.fqdn.com > Security: STARTTLS > Auth: Kerberos/GSSAPI > > Possible Problems: > > - Keytabfile (samba-tool delegation show dovecot\$) ? > - IP as Servername > - SSL/TLS Port 993 ? > > Maybe someone can complete the wiki with thunderbird settings? > > P.S. > > Roland kinit -V5 DOVECOTUSER at MY.FQDN.COM did also work > I use the samba wiki, dont know why only ex...

OK, for now it seem to work. Server: dovecot.my.fqdn.com Security: STARTTLS Auth: Kerberos/GSSAPI Possible Problems: - Keytabfile (samba-tool delegation show dovecot\$) ? - IP as Servername - SSL/TLS Port 993 ? Maybe someone can complete the wiki with thunderbird settings? P.S. Roland kinit -V5 DOVECOTUSER at MY.FQDN.COM did also work I use the samba wiki, dont know why only export 3 keys. I have moved from samba NT4 dom...

...e set to specify the location of the keytab file. So you options are kerberos method = secret only ( the default.) so no changes in smb.conf by default. kerberos method = system keytab assumes the system default ( /etc/krb5.keytab ) kerberos method = dedicated keytab can be : AnyPath/to/keytabfile. kerberos method = secrets and keytab - use the secrets.tdb first, then the system keytab I think we should define "system keytab" a bit beter in smb.conf. So yeah, you might say, `kerberos method = secrets and keytab` should work fine without the setting : dedicated keytab file If t...

Experts— I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error: ERROR(runtime): uncaught exception - Key table entry not found File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 129, in

All, using Samba as an AD (2k12) domain member in Stretch (2:4.5.12+dfsg-2+deb9u4) with tdb as default and rid as domain backend. No overlapping. Everything works fine. Setup was done as in the wiki [1]. If you're connecting from a Windows 10 client and do not add dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = Yes to

I finally found it, thanks to a clue from https://wiki.archlinux.org/index.php/Active_Directory_Integration This works: kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$' These don't work: kinit -k -t /etc/krb5.keytab kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net kinit -k -t /etc/krb5.keytab host/wrn-radtest That is: the keytab contains three different principals: root