I'm installing a Zimbra server to authenticate using SSO against FreeIPA.
When when trying to access I'm getting an error which makes me think that
probably I forget set something else in FreeIPA configuration.

Because I'm a newbie with using FreeIPA.
And when I configured SSO with existing Kerberos installation  it worked.
So surely the mistake is mine to configure something on FreeIPA.

I tell some details about it but if you need more information y can share
it with all you.

As a client to access via GSSAPI use Thunderbird.

The error I get:

"The Kerberos/GSSAPI ticket was not accepted by the IMAP server
Please check that you are logged in to the Kerberos/GSSAPI realm".

Steps to Reproduce in FreeIPA:

1) I add the entry to the imap service by Identity Management.
   In Services HBAC add imap/fi.example....@fi.example.com.

By clicking on it.
I get the following information about status:
- Key current Kerberos Service provided
- Service Certificate: Certificate not valid

2) I got the keytab which is then used in the installation of Zimbra as

ipa-getkeytab freeipafi.example.com -p -s imap /
zimbrafreeipa.fi.example.com -k /tmp/keytab/ticket.keytab

Thanks for any help or clarification.

Maria José
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to