Mailing List Message #92187
From: Adrian Centeno Arias <>
Subject: Re: Integration with your Invironment
Date: Mon, 13 Aug 2007 15:28:20 +0000
To: <>

>On Fri, 2007-08-10 at 20:39 +0000, Adrian Centeno Arias wrote:
> > Now I have onother question about the kerberos Authenticaition.
> > ktpass -princ imap/linux.local@SAVGATE.LOCAL -mapuser cgatepro -pass
> > 1!2@3$ -out -crypto DES-CBC-MD5 -ptype KRB5_NT_SRV_HST
>That's great - that'll work for your MAPI clients, in theory.
> > I imported this keytab to CGPRO webinterface under Users, Domains,
> > CGPro.linux.local, Security, Kerberos.
> >
> > Now I am trying to log in in webmail with this users and it does not
> > work.
>For webmail you need the same thing, but for
>HTTP/linux.local@SAVGATE.LOCAL - and you *must* use a different AD
>account for it, unless you only want Kerberos auth for webmail.

Ok,... I did this:

ktpass -princ http/linux.local@SAVGATE.LOCAL -mapuser Silvia -pass
1!2@3$ -out -crypto DES-CBC-MD5 -ptype KRB5_NT_SRV_HST

and it created the keytab but with an error...

Targeting domain controller: savant.savgate.local
Failed to set property "servicePrincipalName" to "http/linux.local" on Dn "CN=Si
lvia,CN=Users,DC=savgate,DC=local": 0x14.
WARNING: Unable to set SPN mapping data.
  If Silvia already has an SPN mapping installed for  http/linux.local, this is
no cause for concern.
Key created.
Output keytab to
Keytab version: 0x502
keysize 57 http/linux.local@SAVGATE.LOCAL ptype 3 (KRB5_NT_SRV_HST) vno 5 etype
0x3 (DES-CBC-MD5) keylength 8 (0x313db3ba54ae023d)
Account Silvia has been set for DES-only encryption.

This only happens if I do not have an username Silvia on CGPro...and when I try to use webmail with does not work... I tried loggin in with a username made on CGPRo but ... it does not have any sense...does it?

Is it not supposed to be using the user in Active Directory only? Can someone help me understand this?

Latinos en EE.UU: noticias y artículos de interés para ti Clic aquí
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster