[Dovecot] Outlook 2007 w/SPA, Active Directory (was NTLM failures with an interesting twist)

Gavin Hamill gdh at acentral.co.uk
Mon Aug 31 21:23:22 EEST 2009


On Sun, 2009-08-30 at 14:29 -0600, Jason Gunthorpe wrote:

> The kerberos setup is pretty easy.. 'net ads join' your server, go
> into the adsi editor and provide a imap and smtp SPN for the host, use
> 'net ads keytab' to put the imap and smtp SPNs in the system keytab,
> and then you are good to go. I test it with mutt first as the error
> messages are somewhat better.

Ouch, can you go a little more slowly, please? I think I've joined the
domain OK:

ccimap:~# net ads testjoin
Join is OK
ccimap:~# net ads info
LDAP server: 10.6.1.245
LDAP server name: orwell.ad.laterooms.com
[...]

But I have no idea how / where you add a service principal with ADSIEdit
- can you point me in the right direction? Kerberos is still mainly a
mystery to me (and I'm sure many others!)

gdh




More information about the dovecot mailing list