[Samba] [Solved] GSSAPI/Kerberos authenticate with Dovecot

basti mailinglist at unix-solution.de
Wed Dec 12 16:02:36 UTC 2018


on dovecot host:

- net ads join
- Check /etc/krb5.conf [1]
- Create the Dovecot user [1]
- samba-tool delegation for-any-service dovecot\$ on
- Export Keytab on DC and import into dovecot host [1]
- Setup dovecot [1]



[1]
https://wiki.samba.org/index.php/Authenticating_Dovecot_against_Active_Directory#Create_the_Dovecot_user_and_keytab

TB settings:

Server:   dovecot.my.fqdn.com
User:     example at my.fqdn.com
Security: STARTTLS
Auth:     Kerberos/GSSAPI


P.S.

samba-tool spn add imap/host.samdom.example.com dovecotuser
samba-tool domain exportkeytab --principal imap/host.samdom.example.com
/root/dovecot.keytab

works for me

net ads keytab add idmap/your.host.tld at REALM

doesn't work for me (ticket not accepted)


On 12.12.18 16:50, L.P.H. van Belle via samba wrote:
> So tell us what did >> You << correct ? 
> If you put it in the list mail everybody can enjoy from it ;-) 
> 
> Greetz, 
> 
> Louis



More information about the samba mailing list