samba4 & WindowsDesktopSSO

miquel miquel at
Wed Oct 2 08:28:28 MDT 2013

we are trying to integrating openam WindowsDesktopSSO module with samba4 

we are creating keytab on samba4 DC following this steps:

samba-tool user create --random-password http-server-hp
samba-tool spn add HTTP/server-hp.testdomain.local at TESTDOMAIN.LOCAL 
samba-tool domain exportkeytab /root/as1_2.keytab 
--principal=HTTP/server-hp.testdomain.local at TESTDOMAIN.LOCAL
samba-tool domain exportkeytab /root/as1_2.keytab 
--principal=HOST/server-hp.testdomain.local at TESTDOMAIN.LOCAL

But we need to change openam source code to configure Krb5LoginModule 
with "isInitiator=false" parameter.


             } else {
                 hashmap.put("storeKey", "true");
                 hashmap.put("useKeyTab", "true");
+               hashmap.put("isInitiator", "false");
                 hashmap.put("keyTab", keytab);
                 hashmap.put("doNotPrompt", "true");
                 hashmap.put("refreshKrb5Config", refreshConf);

Without "isInitiator" parameter can't login and openam show "Client not 
found in Kerberos database" error.

Is it correct ?

More information about the samba-technical mailing list