[Samba] Authenticating IMAP using kerberos

Justin Clacherty justin at redfish.com.au
Tue Jun 4 01:41:41 MDT 2013


I'm trying to get an IMAP server to authenticate using Kerberos rather than storing and sending passwords all over the place.  I've tried to do this following the instructions for setting up Apache SSO (https://wiki.samba.org/index.php/Samba4/beyond#Apache_Single_Sign-On) but am unable to export the keytab.  Searching through the list it looks like a few others have experienced the same problem but I don't see any solutions.  The error I get when exporting is as follows.

ERROR(runtime): uncaught exception - Key table entry not found
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 103, in run
    net.export_keytab(keytab=keytab, principal=principal)

I've checked to see that the spn has been created and is associated with the user and it is.  Any ideas on what could be causing this?

Also, wouldn't it be a better idea to add the spn to the machine account rather than create a user account?  How could this be done?  Is there a way to create machine accounts from the command line rather than through "AD Users and Computers" on a Windows box?


More information about the samba mailing list