similar to: added spn and exported keytab not match

30.11.2017 14:00, Rowland Penny via samba пишет: >> I am add user with RSAT and add SPN for it with samba-tool (like >> https://wiki.samba.org/index.php/Generating_Keytabs): >> -------------------- >> root at ad41:/# samba-tool spn list proxy >> proxy >> User CN=proxy,CN=Users,DC=dc,DC=S****,DC=ru has the following >> servicePrincipalName: >>

> On Sep 14, 2016, at 12:57 PM, Achim Gottinger <achim at ag-web.biz> wrote: > > > > Am 14.09.2016 um 18:23 schrieb Michael A Weber: >> >>> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 05:53

Am 14.09.2016 um 18:23 schrieb Michael A Weber: > >> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba >> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: >> >> >> >> Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba: >>> Experts— >>> >>> I’m attempting to export a keytab for a created

Achim, I deleted the keytab file and did the following: $ samba-tool user delete dovecot $ samba-tool user add dovecot # again, that asked for a password and I assigned one. $ samba-tool spn add smpt/mail.hprs.local at HPRS.LOCAL dovecot $ samba-tool spn add imap/mail.hprs.local at HPRS.LOCAL dovecot $ ktutil ktutil: addent -password -p smtp/mail.hprs.local at HPRS.LOCAL -k 1 -e arcfour-hmac

Am 14.09.2016 um 17:54 schrieb Rowland Penny via samba: > On Wed, 14 Sep 2016 10:30:03 -0500 > Michael A Weber <mweber.subscriptions01 at gmail.com> wrote: > >>> On Sep 14, 2016, at 1:38 AM, Rowland Penny via samba >>> <samba at lists.samba.org> wrote: >>> >>> On Tue, 13 Sep 2016 22:53:44 -0500 >>> Michael A Weber via samba

> On Sep 14, 2016, at 1:38 AM, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Tue, 13 Sep 2016 22:53:44 -0500 > Michael A Weber via samba <samba at lists.samba.org> wrote: > >> Experts— >> >> I’m attempting to export a keytab for a created SPN on the AD DC >> machine but I’m receiving an error: >> >>

Did a few test here "auth_gssapi_hostname = "$ALL"" is no longer required with dovecot (2.2.13 here). Add "auth_debug=yes" to your dovecor config. 192.168.100.1 is my clients ip 192.168.100.101 is the servers ag is the domain account username I use to login to windows and also the username configured in thunderbird. On my debian system an package named

Am 30.06.2016 um 23:16 schrieb Mark Foley: > Achim, thanks a lot! A couple of questions on your suggested settings: > >> 1. Create an user >> samba-tool create user dovcot > I did this (actually `samba-tool user create dovecot`), but it asked for a password. I > entered one. You didn't mention that, so I hope it's OK. Yes > > >> 2. Add the spn

Achim - per your instructions ... > Did a few test here "auth_gssapi_hostname = "$ALL"" is no longer > required with dovecot (2.2.13 here). My dovecot is 2.2.15 and the 10-auth.conf (from the template) has the comment: # Host name to use in GSSAPI principal names. The default is to use the # name returned by gethostname(). Use "$ALL" (with quotes) to allow

It's getting abit offtopic for the samba list :-) Look at the testing section in http://wiki2.dovecot.org/Authentication/Kerberos do what is mentioned below "Test that the server can access the keytab". If i run the telnet authenticated test and klist afterwards contains the imap keys. Am 01.07.2016 um 08:21 schrieb Mark Foley: > More info ... > > when I do > >

Hello, I am trying to export keytab by following this guide: https://wiki.samba.org/index.php/Generating_Keytabs OS: CentOS 7.5 Samba: samba-dc-4.7.6-0.el7.centos.x86_64 (from Tranquil repo) Everything seems to work, but keytab is not exported (keytab file is not created). [root at ads1 /]# net ads enctypes list svc_confluence_sso 'svc_confluence_sso' uses

Achim, thanks a lot! A couple of questions on your suggested settings: > 1. Create an user > samba-tool create user dovcot I did this (actually `samba-tool user create dovecot`), but it asked for a password. I entered one. You didn't mention that, so I hope it's OK. > 2. Add the spn > samba-tool spn add smtp/server.domain.local at DOMAIN.LOCAL dovecot > samba-tool spn

Am 01.07.2016 um 10:37 schrieb Achim Gottinger: > It's getting abit offtopic for the samba list :-) > > Look at the testing section in > http://wiki2.dovecot.org/Authentication/Kerberos do what is mentioned > below "Test that the server can access the keytab". > > If i run the telnet authenticated test and klist afterwards contains > the imap keys. >

Am 30.06.2016 um 10:45 schrieb Mark Foley: > To revisit my problem: I have Dovecot running on the same host as Samba4 AD/DC. I've set > Thunderbird to authenticate with GSSAPI on a domain workstation. I have an /etc/krb5.keytab > file as required by Dovecot. I've also downloaded and installed Kerberos for access to > the k* commands (ktutil, kinit, klist, ...). > > In my

More info ... when I do MAIL=imap://mark at mail.ohprs.org/ mutt (using the domain of the registered certificate). I do not get the message "Certificate host check failed: certificate owner does not match hosthame ..." I do get the same (mutt?) edit screen shown below with the "(r)eject, accept (o)nce, (a)ccept always" action at the bottom. If I "accept (o)nce",

Experts— I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error: ERROR(runtime): uncaught exception - Key table entry not found File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 129, in

Am 16.09.2016 um 22:54 schrieb Robert Moulton via samba: > Achim Gottinger via samba wrote on 9/16/16 1:43 PM: >> >> >> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>>> >>>> >>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: >>>>> On Wed,

> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > > Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba: >> Experts— >> >> I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error: >> >> ERROR(runtime): uncaught exception - Key table entry not

> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz> wrote: > > > > Am 14.09.2016 um 19:53 schrieb Michael A Weber: >> >>> On Sep 14, 2016, at 12:23 PM, Achim Gottinger via samba <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 18:23 schrieb

> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> wrote: > > > > Am 14.09.2016 um 20:33 schrieb Michael A Weber: >> >>> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz <mailto:achim at ag-web.biz>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 19:53 schrieb Michael A Weber: