Enabling SSO with Active Directory

Below are the basic steps needed for SSO with Active Directory.

Using ktpass on Windows

First you must generate a Kerberos service principal for the Netatalk AFP server in AD. This is done with the CLI tool “ktpass” on Windows. The basic syntax is:

ktpass -princ afpserver/fqdn@REALM -mapuser mapuser@domain +rndPass -out afpserver.keytab

Full example:

ktpass -princ afpserver/[email protected] -mapuser [email protected] +rndPass -out afpserver.keytab

Configure Netatalk


k5 keytab = /etc/krb5/afp.keytab
uam list =

This is a mirror of the Netatalk GitHub Wiki. Please visit the original page if you want to correct an error or contribute new contents.

Last updated 2024-04-13