search for: ktutil

Displaying 20 results from an estimated 179 matches for "ktutil".

2019 Jan 11
2
samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
...OM.EXAMPLE.COM renew until 12/01/19 10:12:50, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 11/01/19 10:12:50 11/01/19 20:12:50 DNS/dc4.samdom.example.com at SAMDOM.EXAMPLE.COM renew until 12/01/19 10:12:50, Etype (skey, tkt): arcfour-hmac, arcfour-hmac And running 'ktutil' produces this: root at dc4:~# ktutil ktutil: rkt /etc/dhcpduser.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 1 dhcpduser at SAMDOM.EXAMPLE.COM 2 1 dhcpduser at SAMDOM.EXAMPLE.COM...
2016 Sep 14
1
Exporting keytab for SPN failure
...xport the user, but not the SPN. Are those expected, or have I done something wrong and used incorrect algorithms somewhere? I recall reading that DES is not secure enough and that AES-256 (I think I read this during TLS enablement) is what should be used. >> >> Mike > You can use ktutil to add the aes keys manual. You can not use an random password for the user account with this. > > #ktutil > ktutil: rkt [keytabfile] > ktutil: addent -password -p HTTP/intranet.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD <mailto:domain2.domain1.tld at domain2.domain1.tld> -k 1 -e...
2018 Dec 12
5
GSSAPI/Kerberos authenticate with Dovecot
...uot;kerberos/gssapi ticket was not accepted" For debuging I use Kerbtray. The Tickets I get are: MY.FQDN.COM |-- cifs/dc1.my.fqdn.com |-- cifs/files.my.fqdn.com |-- krbtgt/MY.FQDN.COM |-- krbtgt/MY.FQDN.COM |-- LDAP/dc1.my.fqdn.com/my.fqdn.com There is *no* imap ticket. root at dovecot:~# ktutil ktutil: rkt /etc/dovecot/dovecot.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 2 imap/dovecot.my.fqdn.com at MY.FQDN.COM 2 2 imap/dovecot.my.fqdn.com at MY.FQDN.COM 3 2 imap/dovecot.my.fqdn.com at MY.FQDN.C...
2016 Jun 30
3
Where is krb5.keytab or equivalent?
...n.local at DOMAIN.LOCAL dovecot >> samba-tool spn add imap/server.domain.local at DOMAIN.LOCAL dovecot > Did that too. No issue there. Well you must substitute server.domain.local with your mailserver fqdn and DOMAIN.LOCAL with HPRS.LOCAL. > >> 3. Create the keytab file >> ktutil >> addent -password -p smtp/server.domain.local at DOMAIN.LOCAL -k 1 -e >> arcfour-hmac >> addent -password -p imap/server.domain.local at DOMAIN.LOCAL -k 1 -e >> arcfour-hmac >> wkt /etc/dovecot/dovecot.keytab > As you can see, your text wrapped, but from the error...
2015 Jan 23
2
ACL ignored on cifs mounted share
...omment = Home Directories > browseable = no > read only = no > > I created a new user on the DC: > samba-tool user add cifsuser > Gave 'cifsuser' a uidNumber and gidNumber > > Next on the client: > > Extract and merge a keytab: > cd /etc > ktutil > ktutil: add_entry -password -p cifsuser at EXAMPLE.COM -k 1 -e arcfour-hmac > Password for cifsuser at EXAMPLE.COM: > ktutil: wkt cifs.keytab > ktutil: rkt krb5.keytab > ktutil: rkt cifs.keytab > ktutil: wkt krb5.keytab > ktutil: quit > > Restarted samba & win...
2015 Feb 16
0
Samba4 kinit issue with principal and keytab file
...the keytab as per the wiki: > > samba-tool user create --random-password http-dc01 > samba-tool spn add HTTP/dc01.home.lan http-dc01 > samba-tool domain exportkeytab /etc/httpd.keytab > --principal=HTTP/dc01.example.com at EXAMPLE.COM > > Then examine the keytab: > > ktutil > ktutil: rkt /etc/httpd.keytab > ktutil: l > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > 1 1 HTTP/dc01.example.com at EXAMPLE.COM > 2 1 HTTP/dc01.example.com at EXAMPLE.COM > 3 1 HTTP/dc01.example.com at EXAMPLE...
2015 Feb 13
1
Samba4 kinit issue with principal and keytab file
Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at
2019 Jan 11
2
samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
...:12:50, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 >> 11/01/19 10:12:50  11/01/19 20:12:50  DNS/dc4.samdom.example.com at SAMDOM.EXAMPLE.COM >>     renew until 12/01/19 10:12:50, Etype (skey, tkt): arcfour-hmac, arcfour-hmac >> >> And running 'ktutil' produces this: >> >> root at dc4:~# ktutil >> ktutil:  rkt /etc/dhcpduser.keytab >> ktutil:  l >> slot KVNO Principal >> ---- ---- --------------------------------------------------------------------- >>    1    1            dhcpduser at SAMDOM.EXAMPL...
2016 Jun 30
0
Where is krb5.keytab or equivalent?
...deleted the keytab file and did the following: $ samba-tool user delete dovecot $ samba-tool user add dovecot # again, that asked for a password and I assigned one. $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot $ ktutil ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac Password for smtp/mail.hprs.local at HPRS.LOCAL: ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac Password for imap/mail.hprs.local at HPRS.LOCAL: ktutil: wkt /etc/dovecot/dovec...
2011 Mar 10
1
Dove cot+Kerberos
...rinc host/srv-mail.cn.energy at CN.ENERGY -mapuser ldapmail at CN.ENERGY -pass "superpasswd" -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out c:\mail.keytab etc... for all imap/srv-mail.cn.energy pop/srv-mail.cn.energy smtp/srv-mail.cn.energy host/srv-mail.cn.energy On Linux server: ktutils ktutils: rkt /root/Keytab/imap.keytab ktutils: rkt /root/Keytab/smtp.keytab ktutils: rkt /root/Keytab/pop.keytab ktutils: rkt /root/Keytab/host.keytab ktutils: wrt /etc/krb5.keytab ktutils: q kinit -V -k -t /etc/krb5.keytab host/srv-mail.cn.energy at CN.ENERGY Authenticated to Kerberos v5 KRB5_K...
2016 Jun 30
2
Where is krb5.keytab or equivalent?
...: > > $ samba-tool user delete dovecot > $ samba-tool user add dovecot > > # again, that asked for a password and I assigned one. > > $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot > $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot > > $ ktutil > ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac > Password for smtp/mail.hprs.local at HPRS.LOCAL: > ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac > Password for imap/mail.hprs.local at HPRS.LOCAL: > ktutil...
2019 Jan 11
0
samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
...ntil 12/01/19 10:12:50, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 > 11/01/19 10:12:50  11/01/19 20:12:50  DNS/dc4.samdom.example.com at SAMDOM.EXAMPLE.COM >     renew until 12/01/19 10:12:50, Etype (skey, tkt): arcfour-hmac, arcfour-hmac > > And running 'ktutil' produces this: > > root at dc4:~# ktutil > ktutil:  rkt /etc/dhcpduser.keytab > ktutil:  l > slot KVNO Principal > ---- ---- --------------------------------------------------------------------- >    1    1            dhcpduser at SAMDOM.EXAMPLE.COM >    2    1       ...
2015 Jan 23
1
ACL ignored on cifs mounted share
...no >>> >>> I created a new user on the DC: >>> samba-tool user add cifsuser >>> Gave 'cifsuser' a uidNumber and gidNumber >>> >>> Next on the client: >>> >>> Extract and merge a keytab: >>> cd /etc >>> ktutil >>> ktutil: add_entry -password -p cifsuser at EXAMPLE.COM -k 1 -e >>> arcfour-hmac >>> Password for cifsuser at EXAMPLE.COM: >>> ktutil: wkt cifs.keytab >>> ktutil: rkt krb5.keytab >>> ktutil: rkt cifs.keytab >>> ktutil: wkt krb5...
2015 Jan 22
2
ACL ignored on cifs mounted share
Am 22.01.2015 um 12:28 schrieb Rowland Penny: > On 22/01/15 10:53, Norbert Heinzelmann wrote: >> Hello, >> >> I have the problem that the ACLs are ignored when I mount a share via >> cifs. I have an AD with Samba 4.1.6 Ubuntu 14.04 (but I also tried it >> with Gentoo and samba 4.1.14). So I joined a member server like the >> wiki describes. Everything
2019 Jan 11
0
samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
...1-96, aes256-cts-hmac-sha1-96 > >> 11/01/19 10:12:50  11/01/19 20:12:50 > >> DNS/dc4.samdom.example.com at SAMDOM.EXAMPLE.COM > >>     renew until 12/01/19 10:12:50, Etype (skey, tkt): > >>arcfour-hmac, arcfour-hmac > >> > >> And running 'ktutil' produces this: > >> > >> root at dc4:~# ktutil > >> ktutil:  rkt /etc/dhcpduser.keytab > >> ktutil:  l > >> slot KVNO Principal > >> ---- ---- > >> --------------------------------------------------------------------- > >&gt...
2004 Feb 17
0
Kerberos Tickets renewal
...does not seem to use them. Most of the solutions I found are for MIT kerberos, but I use heimdal (as of SuSE 9.0), where e.g. the hints from new zealand's linux wiki (http://www.wlug.org.nz/ActiveDirectorySamba) don't work. They tell me to import the keytab file with ----------------- % ktutil ktutil: rkt mail.keytab ktutil: list ktutil: wkt /etc/krb5.keytab ktutil: q ------------------ But this does not work - not with ktutil and not with kadmin. Perhaps i missed something? Thanks a lot!!! -- Mit freundlichen Gr??en Markus Feilner -- Linux Solutions, Training, Seminare und Work...
2015 Mar 05
2
creating Kerberos host principals for multiple hostnames, multihomed server
Hi! I maintain Linux servers that are members of a Samba4 Domain. User authentication / login via ssh works fine with Kerberos. But: only via one hostname. Those machines need a working Kerberos login via multiple hostnames (each hostname has its own IP address and DNS is set up correctly.) "net ads keytab list" of course gives me the main hostname that was in use when joining the
2016 Jun 27
3
Looking for GSSAPI config [was: Looking for NTLM config example]
...part is working great. Other parts (shared mailboxes, that sort of stuff) aren't working for me yet. This is my own fault, not a dovecot one, haven't looked into it enough. Anyway, the SSO is working great. One of the tricky bits is you need a kerberos keytab with two services. I used ktutil: # ktutil ktutil: read_kt mail-imap.keytab ktutil: read_kt mail-smtp.keytab ktutil: write_kt mail.keytab ktutil: quit I'm using a windows 2003 r2 server as domain controller, to create a keytab file you need the windows 2003 support tools. ktpass.exe -princ imap/mailserver.gcecad...
2016 Jun 30
2
Where is krb5.keytab or equivalent?
...it my problem: I have Dovecot running on the same host as Samba4 AD/DC. I've set > Thunderbird to authenticate with GSSAPI on a domain workstation. I have an /etc/krb5.keytab > file as required by Dovecot. I've also downloaded and installed Kerberos for access to > the k* commands (ktutil, kinit, klist, ...). > > In my current setup, the Thunderbird client (WIN7 workstation) is not connecting. The WIN7 > workstation is a domain member and works fine otherwise with Samba4 for AD user authentication, > etc. Thunderbird gives the following error: > > "The Kerbe...
2016 Jul 01
3
Where is krb5.keytab or equivalent?
...ecot > > $ samba-tool user add dovecot > > > > # again, that asked for a password and I assigned one. > > > > $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot > > $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot > > > > $ ktutil > > ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac > > Password for smtp/mail.hprs.local at HPRS.LOCAL: > > ktutil: addent -password -p imap/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac > > Password for imap/mail.hprs.local at HPR...