[Samba] Authenticating IMAP using kerberos

Justin Clacherty justin at redfish.com.au
Wed Jun 5 01:50:49 MDT 2013

Found the problem. When creating the SPN you shouldn't put @YOUR_REALM_NAME.TLD in the principal name (also shouldn't be there for the export). The wiki should probably be updated to reflect this.


> Sent: Tuesday, 4 June 2013 5:42 PM
> Hi,
> I'm trying to get an IMAP server to authenticate using Kerberos rather than
> storing and sending passwords all over the place.  I've tried to do this
> following the instructions for setting up Apache SSO
> (https://wiki.samba.org/index.php/Samba4/beyond#Apache_Single_Sign-
> On) but am unable to export the keytab.  Searching through the list it looks
> like a few others have experienced the same problem but I don't see any
> solutions.  The error I get when exporting is as follows.
> ERROR(runtime): uncaught exception - Key table entry not found
>   File "/usr/local/samba/lib/python2.7/site-
> packages/samba/netcmd/__init__.py", line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/local/samba/lib/python2.7/site-
> packages/samba/netcmd/domain.py", line 103, in run
>     net.export_keytab(keytab=keytab, principal=principal)
> I've checked to see that the spn has been created and is associated with the
> user and it is.  Any ideas on what could be causing this?
> Also, wouldn't it be a better idea to add the spn to the machine account
> rather than create a user account?  How could this be done?  Is there a way
> to create machine accounts from the command line rather than through "AD
> Users and Computers" on a Windows box?
> Cheers,
> Justin.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list