search for: oikumene

...d authenticate user with winbindd without problems. I followed the method written in the above mail, but the samba DC (KDC?) does not respond to TGS request. I created a user and an SPN as in the mail above, # samba-tool user create --random-password imap-nowhere # samba-tool spn add imap/nowhere.oikumene.ukehi.net at OIKUMENE.UKEHI.NET imap-nowhere using samba-tool, I could verifiy the SPN exists. # samba-tool spn list imap-nowhere I generated keytab on the domain member machine (which I want to make as an imap server) as below: # KRB5_KTNAME=/var/imap/krb5.keytab net ads keytab add imap -U adm...

...blems. > I followed the method written in the above mail, but the samba DC > (KDC?) > does not respond to TGS request. > > I created a user and an SPN as in the mail above, > > # samba-tool user create --random-password imap-nowhere > # samba-tool spn add > imap/nowhere.oikumene.ukehi.net at OIKUMENE.UKEHI.NET imap-nowhere Don't use the @REALM part. An SPN in Samba doesn't have the realm. > The authentication step from member to DC seems OK. > But, DC returns: > > KRB Error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN > > where valid TGS-REP is expect...