Sorry for top posting, etc. The problem is common to Samba4 and AD. SPNs cannot login this way by design. I switched to using the UPN that the SPN is attached to. Problem solved. Thank you very much.
Trever
Trever
-----Original message-----
From: Stephen Gallagher <sgallagh@xxxxxxxxxx>-----BEGIN PGP SIGNED MESSAGE-----
To: users@xxxxxxxxxxxxxxxxxxxxxxx
Sent: Mon, Feb 14, 2011 20:55:09 GMT+00:00
Subject: Re: LDAP/SASL/GSSAPI
Hash: SHA1
On 02/14/2011 11:20 AM, Trever L. Adams wrote:
> Thank you. I am using Samba 4. The problem seems to be that I cannot
> kinit -k -t /etc/dovecot/krb5.keytab smtp/fqdn_host@REALM. I have the
> keytab. IT has that entry. I get kinit: Client 'smtp/fqdn_host@REALM'
> not found in Kerberos database while getting initial credentials.
>
> If I could figure this out, I think I would have my entire problem fixed.
>
> Thank you for responding.
That's a server-side error. The server is claiming that smtp/fqdn isn't
listed in its database. You need to check the kerberos logs on the
server (or if you don't have access to them, you need to contact your
system administrator for further help)
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1ZlggACgkQeiVVYja6o6OpBQCfdr6sR9paP8ZwLarOOIVS2YUV
/MUAn3KIedwceMROkjQ9rCV+YtGEuJNj
=Cg2J
-----END PGP SIGNATURE-----
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
