problem with ktpass Windows 2003 Server

[Inger, Slav (.)]

The problem you're most likely running into is the propagation delay in your Windows environment.  /mapuser option tells ktpass which account to bind to, it can't fix the issue with all domain controllers in a domain not seeing the account immediately after it's added.  Newer versions of ktpass provide a "/target" option which allows you to designate the DC you want to query for the account.  However I think there's a problem with DC discovery and the fix should be coming out shortly.  Meanwhile try to introduce as much delay between account creation and ktpass bind as you can.  In an environment as large as ours, for example, the delay can be as much as 30 minutes.

HTH.

- Slav Inger


-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu]On
Behalf Of Akbar Lin
Sent: Tuesday, June 08, 2004 10:46 AM
To: kerberos at mit.edu
Subject: problem with ktpass Windows 2003 Server


Dear sir,

I just read the mail from Mr. Rouiller Claude about the problem he had when
using ktpass with mapuser option.

Well, I have the same problem right now. Do you know how to solve this
problem ?

Many thanks in advance,

Best regards,
Akbar Lin