[Freeipa-users] Setting up a Kerberized IMAP Server.
Maria Jose Yañez Dacosta
mariajose1982 at gmail.com
Mon Nov 24 12:56:38 UTC 2014
Hi!,
I'm installing a Zimbra server to authenticate using SSO against FreeIPA.
When when trying to access I'm getting an error which makes me think that
probably I forget set something else in FreeIPA configuration.
Because I'm a newbie with using FreeIPA.
And when I configured SSO with existing Kerberos installation it worked.
So surely the mistake is mine to configure something on FreeIPA.
I tell some details about it but if you need more information y can share
it with all you.
As a client to access via GSSAPI use Thunderbird.
The error I get:
"The Kerberos/GSSAPI ticket was not accepted by the IMAP server
usuipa at fi.example.com.
Please check that you are logged in to the Kerberos/GSSAPI realm".
Steps to Reproduce in FreeIPA:
1) I add the entry to the imap service by Identity Management.
In Services HBAC add imap/fi.example.com at FI.EXAMPLE.COM.
By clicking on it.
I get the following information about status:
- Key current Kerberos Service provided
- Service Certificate: Certificate not valid
2) I got the keytab which is then used in the installation of Zimbra as
follows:
ipa-getkeytab freeipafi.example.com -p -s imap /
zimbrafreeipa.fi.example.com -k /tmp/keytab/ticket.keytab
Thanks for any help or clarification.
Greetings!.
--
Maria José
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141124/df92f59a/attachment.htm>
More information about the Freeipa-users
mailing list