Problem using ktpass under Windows 2003
Douglas E. Engert
deengert at anl.gov
Mon Jan 31 10:28:42 EST 2005
Normally the ktpass is only used for service accounts like
for a host, -princ host/myworkstation.test.net at TESY.NET
not for a user, as this would reset the user password.
Florian Preuß wrote:
> Hi,
>
> I have a problem generating a keytab file using ktpass.
>
> The command I use:
> ktpass -princ replic at TEST.NET -mapuser replic -pass password -out
> krb5.keytab
>
> The error message:
> Targeting domain controller: domainc.test.net
> Failed to set property "servicePrincipalName" to "TEST" on Dn
> "CN=test,OU=Servic
> es,OU=Test,DC=test,DC=net": 0x13.
> WARNING: Unable to set SPN mapping data.
> If test already has an SPN mapping installed for TEST, this is no cause
> for concern.
> Key created.
> Output keytab to krb5.keytab:
> Keytab version: 0x502
> keysize 44 TEST at TEST.NET ptype 1 (KRB5_NT_PRINCIPAL) vno 4 etype 0x3 (DES-C
You must have run this before, as it is upto kvno 4, and it may have set the SPN
from some previous attempt. Did you use the user TEST the first time you run this?
> BC-MD5) keylength 8 (0xda686262b5cb760b)
> Account test has been set for DES-only encryption.
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list