Auth Cyrus against Win2K-ADS

lst_hoe01 at kwsoft.de lst_hoe01 at kwsoft.de
Tue Mar 30 03:37:29 EST 2004 

Hello

We try to auth our Cyrus server against a Win2K domain controller. Following the
documentation we can "kinit" from the Cyrus box (SuSE Linux Kernel 2.4.21) to
the ADS-box. If we try "imtest -m gssapi <domain controller> we get the
following error in the log :

Mar 29 18:04:49 linux-tst imapd[953]: GSSAPI Failure: gss_accept_sec_context
Mar 29 18:04:49 linux-tst imapd[953]: badlogin:
linux-tst.hq.test.de[10.1.123.125] GSSAPI
[SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context]

Forward/Reverse DNS is ok, the config files are listed below.

Can anyone provide some glue as how to dig this error out?

krb5.conf :

[libdefaults]
        default_realm = HQ.TEST.DE
        clockskew = 300
        default_etypes_des = des-cbc-crc
        default_etypes = des-cbc-crc
        
[realms]
HQ.TEST.DE = {
        kdc = test-ads.hq.test.de:88
        admin_server = test-ads.hq.test.de
        kpasswd_server = test-ads.hq.test.de
}

[domain_realm]
        .hq.test.de = HQ.TEST.DE

[logging]
        default = SYSLOG:NOTICE:DAEMON
        kdc = FILE:/var/log/kdc.log
        kadmind = FILE:/var/log/kadmind.log

[appdefaults]
pam = {
        ticket_lifetime = 1d
        renew_lifetime = 1d
        forwardable = true
        proxiable = false
        retain_after_close = false
        minimum_uid = 0
        debug = false
}

imapd.conf :

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
keytab: /etc/imap.keytab <---- Not sure if this will work??



klist output :

Credentials cache: FILE:/tmp/krb5cc_0
        Principal: kw3075 at HQ.TEST.DE

  Issued           Expires          Principal                         
Mar 30 10:29:49  Mar 30 20:29:49  krbtgt/HQ.TEST.DE at HQ.TEST.DE        
Mar 30 10:30:06  Mar 30 20:29:49  imap/linux-tst.hq.test.de at HQ.TEST.DE


ktutil list output :

FILE:/etc/krb5.keytab:

Vno  Type         Principal                           
  1  des-cbc-crc  host/linux-tst.hq.test.de at HQ.TEST.DE




Thanxs for any help

Andreas
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list