Problem using ktpass under Windows 2003

"Florian Preuß" florian-preuss at gmx.net
Mon Jan 31 11:44:42 EST 2005


I found the problem,

I was using Heimdal Kerberos instead of MIT.

THX for help!

> Normally the ktpass is only used for service accounts like
> for a host, -princ host/myworkstation.test.net at TESY.NET
> not for a user, as this would reset the user password.
> 
> Florian Preuß wrote:
> > Hi,
> > 
> > I have a problem generating a keytab file using ktpass.
> > 
> > The command I use:
> > ktpass -princ replic at TEST.NET -mapuser replic -pass password -out
> > krb5.keytab
> > 
> > The error message:
> > Targeting domain controller: domainc.test.net
> > Failed to set property "servicePrincipalName" to "TEST" on Dn
> > "CN=test,OU=Servic
> > es,OU=Test,DC=test,DC=net": 0x13.
> > WARNING: Unable to set SPN mapping data.
> >   If test already has an SPN mapping installed for  TEST, this is no
> cause
> > for concern.
> > Key created.
> > Output keytab to krb5.keytab:
> > Keytab version: 0x502
> > keysize 44 TEST at TEST.NET ptype 1 (KRB5_NT_PRINCIPAL) vno 4 etype 0x3
> (DES-C
> 
> You must have run this before, as it is upto kvno 4, and it may have set
> the SPN
> >from some previous attempt. Did you use the user TEST the first time you
> run this?
> 
> 
> > BC-MD5) keylength 8 (0xda686262b5cb760b)
> > Account test has been set for DES-only encryption.
> > 
> 
> -- 
> 
>   Douglas E. Engert  <DEEngert at anl.gov>
>   Argonne National Laboratory
>   9700 South Cass Avenue
>   Argonne, Illinois  60439
>   (630) 252-5444
> 

-- 
GMX im TV ... Die Gedanken sind frei ... Schon gesehen?
Jetzt Spot online ansehen: http://www.gmx.net/de/go/tv-spot


More information about the Kerberos mailing list