[Samba] Authenticating IMAP using kerberos
Justin Clacherty
justin at redfish.com.au
Tue Jun 4 01:41:41 MDT 2013
Hi,
I'm trying to get an IMAP server to authenticate using Kerberos rather than storing and sending passwords all over the place. I've tried to do this following the instructions for setting up Apache SSO (https://wiki.samba.org/index.php/Samba4/beyond#Apache_Single_Sign-On) but am unable to export the keytab. Searching through the list it looks like a few others have experienced the same problem but I don't see any solutions. The error I get when exporting is as follows.
ERROR(runtime): uncaught exception - Key table entry not found
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 103, in run
net.export_keytab(keytab=keytab, principal=principal)
I've checked to see that the spn has been created and is associated with the user and it is. Any ideas on what could be causing this?
Also, wouldn't it be a better idea to add the spn to the machine account rather than create a user account? How could this be done? Is there a way to create machine accounts from the command line rather than through "AD Users and Computers" on a Windows box?
Cheers,
Justin.
More information about the samba
mailing list