samba4 keytab management
srikumar 108
srikumar108 at gmail.com
Mon Sep 6 17:28:06 MDT 2010
Hi Mathieu:
I have partial success now. First, I created an user in Windows ADUC,
and then used ktpass.exe (in Windows again) to create the keytab. Then
I copied over the keytab to the samba4 host and also looked at the
user's entry with ldbsearch to figure out what was going on. Then I
recreated those steps in Linux:
1. net newuser imap <password>
2. 'ldbedit -H sam.lbd cn=imap' to add the following:
servicePrincipalName: imap/.f.q.d.n
userPrincipalName: imap/f.q.d.n at REALM
The 'userPrincipalName' entry is added by Windows ktpass.exe, but it
was not strictly necessary. The trick was to add the serviceprincipal
WITHOUT the realm part.
3. ktpass --out imap.keytab --princ imap/f.q.d.n --pass <password>
Success! I can get a ticket, and Thunderbird with GSSAPI works.
However, the same trick does not work for creating a host/f.q.d.n
keytab :-(
More information about the samba-technical
mailing list