[Samba] GSSAPI/Kerberos authenticate with Dovecot

basti mailinglist at unix-solution.de
Wed Dec 12 15:01:52 UTC 2018 

I have try.

root at dc1:~#  samba-tool delegation show dovecot\$
Account-DN: CN=DOVECOT,CN=Computers,DC=MY,DC=FQDN,DC=COM
UF_TRUSTED_FOR_DELEGATION: True
UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION: False
root at dc1:~#

The error is the same.

On 12.12.18 15:51, L.P.H. van Belle via samba wrote:
> Whats set for the server in its delegation? 
> 
> sudo samba-tool delegation show dovecot\$
> Run this on the DC, or add the -S YourDC.hostname
> 
> You need something like this: 
> samba-tool delegation for-any-service dovecot\$ on
> Or setup for only imap, but cifs/nfs automounts may need this to. 
> After you've set it, i suggest, export the imap keytab again. 
> Not really sure if its needed, but if it does not work, try it. 
> And use stop and start command not restart/reload. 
> 
> 
> Greetz, 
> 
> Louis
>  
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>> basti via samba
>> Verzonden: woensdag 12 december 2018 15:31
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] GSSAPI/Kerberos authenticate with Dovecot
>>
>> Hello,
>>
>> I try to setup Dovecot with Kerberos/GSSAPI and use this howto:
>> https://wiki.samba.org/index.php/Authenticating_Dovecot_agains
>> t_Active_Directory#Create_the_Dovecot_user_and_keytab
>>
>> I also try https://wiki.dovecot.org/Authentication/Kerberos
>>
>> I can login as windows user on win7 and access shares.
>> When I open Thunderbird I get the message:
>>
>> "kerberos/gssapi ticket was not accepted"
>>
>> For debuging I use Kerbtray.
>>
>> The Tickets I get are:
>>
>> MY.FQDN.COM
>> |-- cifs/dc1.my.fqdn.com
>> |-- cifs/files.my.fqdn.com
>> |-- krbtgt/MY.FQDN.COM
>> |-- krbtgt/MY.FQDN.COM
>> |-- LDAP/dc1.my.fqdn.com/my.fqdn.com
>>
>> There is *no* imap ticket.
>>
>> root at dovecot:~# ktutil
>> ktutil:  rkt /etc/dovecot/dovecot.keytab
>> ktutil:  l
>> slot KVNO Principal
>> ---- ----
>> ---------------------------------------------------------------------
>>    1    2 imap/dovecot.my.fqdn.com at MY.FQDN.COM
>>    2    2 imap/dovecot.my.fqdn.com at MY.FQDN.COM
>>    3    2 imap/dovecot.my.fqdn.com at MY.FQDN.COM
>> ktutil:  q
>> root at dovecot:~#
>>
>> Best Regards,
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
> 
>

More information about the samba mailing list