Problem using ktpass under Windows 2003

Douglas E. Engert deengert at anl.gov
Mon Jan 31 10:28:42 EST 2005


Normally the ktpass is only used for service accounts like
for a host, -princ host/myworkstation.test.net at TESY.NET
not for a user, as this would reset the user password.

Florian Preuß wrote:
> Hi,
> 
> I have a problem generating a keytab file using ktpass.
> 
> The command I use:
> ktpass -princ replic at TEST.NET -mapuser replic -pass password -out
> krb5.keytab
> 
> The error message:
> Targeting domain controller: domainc.test.net
> Failed to set property "servicePrincipalName" to "TEST" on Dn
> "CN=test,OU=Servic
> es,OU=Test,DC=test,DC=net": 0x13.
> WARNING: Unable to set SPN mapping data.
>   If test already has an SPN mapping installed for  TEST, this is no cause
> for concern.
> Key created.
> Output keytab to krb5.keytab:
> Keytab version: 0x502
> keysize 44 TEST at TEST.NET ptype 1 (KRB5_NT_PRINCIPAL) vno 4 etype 0x3 (DES-C

You must have run this before, as it is upto kvno 4, and it may have set the SPN
from some previous attempt. Did you use the user TEST the first time you run this?


> BC-MD5) keylength 8 (0xda686262b5cb760b)
> Account test has been set for DES-only encryption.
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


More information about the Kerberos mailing list