Displaying 20 results from an estimated 8000 matches similar to: "GSSAPI/Kerberos authenticate with Dovecot"
2018 Dec 12
0
GSSAPI/Kerberos authenticate with Dovecot
Whats set for the server in its delegation?
sudo samba-tool delegation show dovecot\$
Run this on the DC, or add the -S YourDC.hostname
You need something like this:
samba-tool delegation for-any-service dovecot\$ on
Or setup for only imap, but cifs/nfs automounts may need this to.
After you've set it, i suggest, export the imap keytab again.
Not really sure if its needed, but if it does
2018 Dec 12
1
GSSAPI/Kerberos authenticate with Dovecot
Ah, i think whats going on here.
The wiki example and your are using different setup.
The wiki uses a separate account, and not the computer account like you.
Based on that wiki.
- install server + samba. ( already dont )
- join the domain. ( also done )
Good you said you have share access..
ln -sf /usr/local/samba/private/krb5.conf /etc/krb5.conf << not needed.
Just use the
2018 Dec 12
1
[Solved] GSSAPI/Kerberos authenticate with Dovecot
So tell us what did >> You << correct ?
If you put it in the list mail everybody can enjoy from it ;-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> basti via samba
> Verzonden: woensdag 12 december 2018 16:44
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] [Solved] GSSAPI/Kerberos
2015 Mar 05
2
creating Kerberos host principals for multiple hostnames, multihomed server
Hi!
I maintain Linux servers that are members of a Samba4 Domain.
User authentication / login via ssh works fine with Kerberos.
But: only via one hostname.
Those machines need a working Kerberos login via multiple hostnames
(each hostname has its own IP address and DNS is set up correctly.)
"net ads keytab list" of course gives me the main hostname that was in
use when joining the
2018 Dec 12
3
GSSAPI/Kerberos authenticate with Dovecot
On 12.12.18 15:49, Rowland Penny via samba wrote:
> What is your functional level ?
What dowes you mean?
- dovecot machine is join to domain
- keytab is setup.
- see the users via wbinfo -u on dovecot server.
- dovecot is setup like in the wiki with userdb=static.
I have also try to use pam/krb5, when I enter a password I get mails.
(Port 143 with starttls)
TB setting:
server: dovecot ip
2010 Sep 05
1
Problems setting up dovecot 2.0.1 with kerberos auth
Hi,
I'm trying to setup dovecot 2.0.1 on a debian squeeze test box. I want
to integrate it into an already working kerberos5 setup, but I don't get
it to work.
I've added created host/ smtp/ and imap/ service principals with random
key for the test machine and added them to its keytab.
I can also obtain user credentials using kinit, but when I try to telnet
to port 143, I only get
2018 Apr 05
3
Question: Samba and YP-Yellow Pages relation.
Hi Rowland,
Actually I don't want to disable the Yellow Pages, that's a situation I already have in the pFsense, cause YP was disabled by the pfsense developers.
So my doubt is: Is there a way to make samba (latest version) to work without the YP enabled?
What about what people made with that samba version 4.4.16 I mentioned? Not sure how they did that. The only thing I know is that it is
2019 Jan 11
2
samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
On Fri, 11 Jan 2019 16:13:50 +0000 (UTC)
Billy Bob <billysbobs at yahoo.com> wrote:
>
>
> On Friday, January 11, 2019 3:14 AM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> >
> >I have no idea where the above is coming from, but it isn't from
> >the dhcp scripts.
> >
>
> I don't know what to tell you,
2016 Sep 14
5
Exporting keytab for SPN failure
> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org> wrote:
>
>
>
> Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba:
>> Experts—
>>
>> I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error:
>>
>> ERROR(runtime): uncaught exception - Key table entry not
2016 Dec 20
4
Problem with keytab: "Client not found in Kerberos database"
I finally found it, thanks to a clue from
https://wiki.archlinux.org/index.php/Active_Directory_Integration
This works:
kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$'
These don't work:
kinit -k -t /etc/krb5.keytab
kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net
kinit -k -t /etc/krb5.keytab host/wrn-radtest
That is: the keytab contains three different principals:
root
2015 Feb 13
1
Samba4 kinit issue with principal and keytab file
Hi Rowland,
Hi looks like the "-c" option is optional.
My
problem is not really the kerberos cache file, but the "principal"
linked to the user kerbuser.
The principal is
HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL
I would like to use kinit
and give this principal as parameter. something like :
> kinit -k -t
/root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at
2015 Jan 22
2
ACL ignored on cifs mounted share
Am 22.01.2015 um 12:28 schrieb Rowland Penny:
> On 22/01/15 10:53, Norbert Heinzelmann wrote:
>> Hello,
>>
>> I have the problem that the ACLs are ignored when I mount a share via
>> cifs. I have an AD with Samba 4.1.6 Ubuntu 14.04 (but I also tried it
>> with Gentoo and samba 4.1.14). So I joined a member server like the
>> wiki describes. Everything
2015 Jan 23
2
ACL ignored on cifs mounted share
Am 22.01.2015 um 17:17 schrieb Rowland Penny:
> On 22/01/15 12:57, Norbert Heinzelmann wrote:
>> Am 22.01.2015 um 12:28 schrieb Rowland Penny:
>>> On 22/01/15 10:53, Norbert Heinzelmann wrote:
>>>> Hello,
>>>>
>>>> I have the problem that the ACLs are ignored when I mount a share
>>>> via cifs. I have an AD with Samba 4.1.6 Ubuntu
2016 Sep 14
1
Exporting keytab for SPN failure
> On Sep 14, 2016, at 12:57 PM, Achim Gottinger <achim at ag-web.biz> wrote:
>
>
>
> Am 14.09.2016 um 18:23 schrieb Michael A Weber:
>>
>>> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>>>
>>>
>>>
>>> Am 14.09.2016 um 05:53
2018 Apr 06
1
Question: Samba and YP-Yellow Pages relation.
Hai,
Someone called me called??
I did a quick read here in this thread..
The upn part is done, so your almost there.
You need to make sure your DNS is working as it should.
To check on the proxy with
dig a hostname.FQDN.
dig -x ip_the_server
Test this for the DC hostnames/ips also.
If that all ok, you can try these settings in squid
# For squid ( works for me as of squid 3.2 up to 3.5
2019 Jan 11
2
samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
On Friday, January 11, 2019 11:20 AM, Billy Bob via samba <samba at lists.samba.org> wrote:
On Friday, January 11, 2019 10:44 AM, Rowland Penny via samba <samba at lists.samba.org> wrote:
On Fri, 11 Jan 2019 16:13:50 +0000 (UTC)
Billy Bob <billysbobs at yahoo.com> wrote:
>>> Here is what the logs show WITHOUT the -d option:
>>>
>>> Jan
2015 Jan 23
1
ACL ignored on cifs mounted share
Am 23.01.2015 um 10:19 schrieb Rowland Penny:
> On 23/01/15 07:34, Norbert Heinzelmann wrote:
>>
>> Am 22.01.2015 um 17:17 schrieb Rowland Penny:
>>> On 22/01/15 12:57, Norbert Heinzelmann wrote:
>>>> Am 22.01.2015 um 12:28 schrieb Rowland Penny:
>>>>> On 22/01/15 10:53, Norbert Heinzelmann wrote:
>>>>>> Hello,
2004 Jul 22
3
security = ADS
Hi all,
I've been fighting with joining my samba server (debian) to my active directory domain for 4 days now. The problem here is that users in my active directory domain on windows machines are not able to browse my samba shares without being prompted for authentication.
I can:
- Join the domain from samba server using net ads
- View list of tickets when brownsing window shares with
2019 Oct 29
4
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Hi, the problem seems to be related to this bug:
https://bugzilla.samba.org/show_bug.cgi?id=6750
I try therefore to set
machine password timeout = 0
Il giorno mar 29 ott 2019 alle ore 11:11 Rowland penny via samba <
samba at lists.samba.org> ha scritto:
> On 29/10/2019 10:04, banda bassotti wrote:
> > I had already done it:
> >
> > # samba-tool spn list
2014 Mar 04
1
keytab question.
Hai,
?
Im working on my dhcp server + dns setup with samba4.?
?
i've exported the?keytabs
?
samba-tool domain exportkeytab?/home/krb5.keytab.samba4
?
when i read the contents of this keytab
?
ktutil
rkt /home/krb5.keytab.samba4
list
?? 1??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD
?? 2??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD
?? 3??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD
??