[Samba] [Solved] GSSAPI/Kerberos authenticate with Dovecot

basti mailinglist at unix-solution.de
Wed Dec 12 16:02:36 UTC 2018

on dovecot host:

- net ads join
- Check /etc/krb5.conf [1]
- Create the Dovecot user [1]
- samba-tool delegation for-any-service dovecot\$ on
- Export Keytab on DC and import into dovecot host [1]
- Setup dovecot [1]


TB settings:

Server:   dovecot.my.fqdn.com
User:     example at my.fqdn.com
Security: STARTTLS
Auth:     Kerberos/GSSAPI


samba-tool spn add imap/host.samdom.example.com dovecotuser
samba-tool domain exportkeytab --principal imap/host.samdom.example.com

works for me

net ads keytab add idmap/your.host.tld at REALM

doesn't work for me (ticket not accepted)

On 12.12.18 16:50, L.P.H. van Belle via samba wrote:
> So tell us what did >> You << correct ? 
> If you put it in the list mail everybody can enjoy from it ;-) 
> Greetz, 
> Louis

More information about the samba mailing list