search for: krb5_keytab

Hello, i am using here a FreeBSD 7.0 amd64 with latest dovecot from ports. It ignores the krb5_keytab settings, which looks like this in the logs: dovecot: Aug 02 18:56:54 Error: auth(default): gssapi(?,130.149.58.145): While processing incoming data: Miscellaneous failure (see text) dovecot: Aug 02 18:56:54 Error: auth(default): gssapi(?,130.149.58.145): While processing incoming data: /etc/krb5...

...login_processes_count: 30 max_mail_processes: 4096 mail_location: mbox:%h/new:INBOX=/var/spool/mail/14/%u mmap_disable: yes dotlock_use_excl: no mbox_write_locks: fcntl mbox_lazy_writes: no mail_plugins: mbox_snarf imap_client_workarounds: delay-newmail auth default: mechanisms: plain gssapi krb5_keytab: /etc/krb5/dovecot.keytab gssapi_hostname: $ALL verbose: yes debug: yes passdb: driver: pam userdb: driver: passwd plugin: mbox_snarf: /gpfs/inbox/14/%u Thanks, Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type:...

...krb5cc/tkt' not found. So the ticket cache is not created during logon. I'm using sssd with the following sssd.conf: [sssd] services = nss, pam config_file_version = 2 domains = $DOMAINNAME$ [nss] [pam] [domain/$DOMAINNAME$] id_provider = ad access_provider = ad ldap_id_mapping=false krb5_keytab=/etc/krb5.keytab And sshd with to following sshd_config: AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes GSSAPIStrictAcceptorCheck no GSSAPIStoreCredentialsOnRekey yes UsePAM yes X11Forwarding yes UseDNS no Subsystem...

...: %08Xu%08Xv pop3_uidl_format(pop3): %08Xv%08Xu pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: mechanisms: gssapi plain executable: /packages/run.64/dovecot-1.1.2/libexec/dovecot/dovecot-auth krb5_keytab: /etc/krb5.imap verbose: yes debug: yes passdb: driver: pam args: dovecot userdb: driver: passwd plugin: antispam_spam: mailbox.spam antispam_trash: trash;Trash;Deleted Items antispam_mail_spam: spam at mysite.org antispam_mail...

..., but I'm >> confused as to why DC1 would have a problem authenticating against >> itself, whereas DC2 is quite happy for it to do so. >> >> I used: >> # samba-tool domain exportkeytab /etc/krb5-dc1.keytab --principal-DC1\$ >> and added to sssd.conf: >> krb5_keytab=/etc/krb5-dc1.keytab >> >> I suspect this is a samba query, not sssd, given the log messages >> above. Can anyone help suggest further debug commands / tests I can >> run? >> >> Both machines are CentOS 6.6; samba 4.1 compiled from source. >> >> Many...

...l: 3600 cache_negative_ttl: 3600 executable: /usr/lib/dovecot/dovecot-auth user: root chroot: username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ username_translation: username_format: master_user_separator: anonymous_username: anonymous krb5_keytab: gssapi_hostname: winbind_helper_path: /usr/bin/ntlm_auth failure_delay: 2 verbose: no debug: no debug_passwords: no ssl_require_client_cert: no ssl_username_from_cert: no use_winbind: no count: 1 worker_max_count: 30 process_size: 256 passdb: driver: pam...

...extracted the keytab for DC1 and told sssd to use it directly, but I'm confused as to why DC1 would have a problem authenticating against itself, whereas DC2 is quite happy for it to do so. I used: # samba-tool domain exportkeytab /etc/krb5-dc1.keytab --principal-DC1\$ and added to sssd.conf: krb5_keytab=/etc/krb5-dc1.keytab I suspect this is a samba query, not sssd, given the log messages above. Can anyone help suggest further debug commands / tests I can run? Both machines are CentOS 6.6; samba 4.1 compiled from source. Many thanks Jonathan -- "If we knew what it was we were doing, it...

...ory > ldap_user_shell = loginShell > ldap_group_object_class = group > ldap_group_search_base = dc=radiodjiido,dc=nc > ldap_group_name = cn > ldap_group_member = member > ldap_sasl_mech = gssapi > #ldap_sasl_authid = serveur$ > ldap_sasl_authid = serveur$@RADIODJIIDO.NC > krb5_keytab = /etc/krb5.sssd.keytab > ldap_krb5_init_creds = true > cat /usr/local/samba/etc/smb.conf > # Global parameters > [global] > workgroup = RADIODJIIDO > realm = RADIODJIIDO.NC > netbios name = SERVEUR > server role = active directory domain controller >...

...lock_use_excl: no mbox_write_locks: fcntl mbox_lazy_writes: no mail_plugins: mbox_snarf mail_plugin_dir: /usr/dovecot-1.2.4/lib/dovecot/imap/ imap_client_workarounds: tb-extra-mailbox-sep imap_id_log: * lda: postmaster_address: postmaster at localhost auth default: mechanisms: plain gssapi krb5_keytab: /etc/krb5/krb5.keytab gssapi_hostname: $ALL debug: yes worker_max_count: 2 passdb: driver: pam args: max_requests=1 userdb: driver: passwd plugin: mbox_snarf: /gpfs/inbox/%Ju/%u -------------- next part -------------- A non-text attachment was scrubbed... Name: sm...

...ed (%s)\n", error_message(ret))); goto out; } libsmb/clikrb5.c smb_krb5_open_keytab(krb5_context context, const char *keytab_name_req, bool write_access, krb5_keytab *keytab) ) /* we need to handle more complex keytab_strings, like: * "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab" */ ret = krb5_kt_default_name(context, &keytab_string[0], MAX_KEYTAB_NAME_LEN - 2); if (ret) { goto out; }...

...t/login login_executable: /usr/lib/dovecot/imap-login first_valid_uid: 998 last_valid_uid: 998 first_valid_gid: 998 last_valid_gid: 998 mail_privileged_group: mail mail_location: maildir:/srv/vmail/%Ld/%n lock_method: flock maildir_copy_with_hardlinks: yes auth default: mechanisms: gssapi plain krb5_keytab: /etc/dovecot/krb5.keytab verbose: yes debug: yes passdb: driver: checkpassword args: /usr/bin/dovecot-checkpassword userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf

...b(krb5_context context, krb5_principal host_princ, char *host_princ_s, krb5_data password, krb5_enctype *enctypes, krb5_keytab *keytab, char *keytab_name) { krb5_keytab_entry entry; krb5_kvno kvno = 1; krb5_error_code ret; krb5_keyblock *key; int i; [... lines deleted ...] entry.keyblock = *key; The problem is that the structu...

...ent_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh namespace: type: private separator: / inbox: yes namespace: type: private separator: / prefix: mail/ location: mbox:~/mail auth default: mechanisms: gssapi plain login krb5_keytab: /etc/mail.krb5.keytab gssapi_hostname: mail2.physik-pool.tu-berlin.de verbose: yes debug: yes debug_passwords: yes passdb: driver: pam userdb: driver: passwd ] -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/p...

...services = nss, pam debug_level=6 [domain/DOMAIN.COM] enumerate = true ad_domain = DOMAIN.COM krb5_realm = DOMAIN.COM cache_credentials = True id_provider = ad ad_hostname = dc2.domain.com ad_server = dc2.domain.com ad_domain = domain.com ldap_id_mapping = False access_provider = ad krb5_keytab=/etc/krb5.sssd.keytab debug_level=6 - service sssd restart - Now, DC2 has it's A record changed to match the IP address of FS1 Took me a week to figure out this was going on. Using the principal of the file server does not trigger this bug. Please add a note to the sssd wiki page re...

...refix: mail/ location: mbox:~/mail list: yes subscriptions: yes lda: postmaster_address: postmaster at physik.tu-berlin.de log_path: info_log_path: mail_plugins: sieve quota quota_full_tempfail: yes sendmail_path: /usr/sbin/sendmail auth default: mechanisms: gssapi plain login krb5_keytab: /etc/mail.krb5.keytab gssapi_hostname: mail.physik-pool.tu-berlin.de worker_max_count: 120 passdb: driver: pam args: session=yes failure_show_msg=yes max_requests=100 userdb: driver: passwd args: blocking=yes plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/.sieve quota_r...

...e_size: 0 cache_ttl: 3600 executable: /usr/libexec/dovecot/dovecot-auth user: nobody chroot: username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ username_translation: username_format: master_user_separator: anonymous_username: anonymous krb5_keytab: verbose: no debug: no debug_passwords: no ssl_require_client_cert: no ssl_username_from_cert: no count: 1 worker_max_count: 30 process_size: 256 passdb: driver: sql args: /etc/dovecot_mysql.conf deny: no pass: no master: no userdb: driver...

...2/0/0/0.02, dsn=5.3.5, status=bounced (local configuration error. Command output: Fatal: Error in config file /usr/local/etc/dovecot.conf: deliver doesn't support !include directive /usr/local/etc/$INCLUDE.FILE contains: listen: $HOSTNAME ssl_cert_file: /etc/$FILE ssl_key_file: /etc/$FILE auth_krb5_keytab = /etc/$FILE It would be nice if this bug gets fixed or a comment add, that you can not use include, when you use deliver as your LDA. MfG Christoph dovecot -n: # 1.2.4: /usr/local/etc/dovecot.conf # OS: FreeBSD 7.2-RELEASE-p2 amd64 log_path: /var/log/dovecot.log protocols: imaps pop3s manages...

Hi, I am using dovecot: 1.0.rc15 I was upgrading Debian and installed new versions of lots of things. My mail came fine and I though there was not problem until a user called and said it was not working through webmail. I tried, it it worked fine and I realized the problem was with dovecot. I have created new users, tried different UIDs. Removed any protections but when I telnet to the

...told sssd to use it directly, but I'm > confused as to why DC1 would have a problem authenticating against > itself, whereas DC2 is quite happy for it to do so. > > I used: > # samba-tool domain exportkeytab /etc/krb5-dc1.keytab --principal-DC1\$ > and added to sssd.conf: > krb5_keytab=/etc/krb5-dc1.keytab > > I suspect this is a samba query, not sssd, given the log messages > above. Can anyone help suggest further debug commands / tests I can > run? > > Both machines are CentOS 6.6; samba 4.1 compiled from source. > > Many thanks > > Jonathan >...

...cation: mbox:~/mail list: yes subscriptions: yes lda: postmaster_address: postmaster at physik.tu-berlin.de log_path: info_log_path: mail_plugins: sieve quota_full_tempfail: yes sendmail_path: /usr/sbin/sendmail auth default: mechanisms: gssapi plain login username_format: %Lu krb5_keytab: /etc/mail3.krb5.keytab gssapi_hostname: backupmail worker_max_count: 120 passdb: driver: pam args: session=yes failure_show_msg=yes max_requests=100 dovecot userdb: driver: passwd args: blocking=yes socket: type: listen client: path: /var/run/dovecot/auth-cl...