[Samba] [Solved] GSSAPI/Kerberos authenticate with Dovecot
basti
mailinglist at unix-solution.de
Wed Dec 12 16:02:36 UTC 2018
on dovecot host:
- net ads join
- Check /etc/krb5.conf [1]
- Create the Dovecot user [1]
- samba-tool delegation for-any-service dovecot\$ on
- Export Keytab on DC and import into dovecot host [1]
- Setup dovecot [1]
[1]
https://wiki.samba.org/index.php/Authenticating_Dovecot_against_Active_Directory#Create_the_Dovecot_user_and_keytab
TB settings:
Server: dovecot.my.fqdn.com
User: example at my.fqdn.com
Security: STARTTLS
Auth: Kerberos/GSSAPI
P.S.
samba-tool spn add imap/host.samdom.example.com dovecotuser
samba-tool domain exportkeytab --principal imap/host.samdom.example.com
/root/dovecot.keytab
works for me
net ads keytab add idmap/your.host.tld at REALM
doesn't work for me (ticket not accepted)
On 12.12.18 16:50, L.P.H. van Belle via samba wrote:
> So tell us what did >> You << correct ?
> If you put it in the list mail everybody can enjoy from it ;-)
>
> Greetz,
>
> Louis
More information about the samba
mailing list