Found the problem. When creating the SPN you shouldn't put @YOUR_REALM_NAME.TLD in the principal name (also shouldn't be there for the export). The wiki should probably be updated to reflect this.
Cheers, Justin. > Sent: Tuesday, 4 June 2013 5:42 PM > > Hi, > > I'm trying to get an IMAP server to authenticate using Kerberos rather than > storing and sending passwords all over the place. I've tried to do this > following the instructions for setting up Apache SSO > (https://wiki.samba.org/index.php/Samba4/beyond#Apache_Single_Sign- > On) but am unable to export the keytab. Searching through the list it looks > like a few others have experienced the same problem but I don't see any > solutions. The error I get when exporting is as follows. > > ERROR(runtime): uncaught exception - Key table entry not found > File "/usr/local/samba/lib/python2.7/site- > packages/samba/netcmd/__init__.py", line 175, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib/python2.7/site- > packages/samba/netcmd/domain.py", line 103, in run > net.export_keytab(keytab=keytab, principal=principal) > > I've checked to see that the spn has been created and is associated with the > user and it is. Any ideas on what could be causing this? > > Also, wouldn't it be a better idea to add the spn to the machine account > rather than create a user account? How could this be done? Is there a way > to create machine accounts from the command line rather than through "AD > Users and Computers" on a Windows box? > > Cheers, > Justin. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba