Errors when running ktpass on windows 2003
Douglas E. Engert
deengert at anl.gov
Tue Nov 22 10:10:29 EST 2005
Celia Clark wrote:
> Hi,
>
> I am trying to generate a keytab file, but am encountering problems when
> running the ktpass command:
>
> ktpass -princ host.doman at DOMAIN -pass password -mapuser host -out
> c:/host_HTTP.keytab -mapOp set -ptype KRB5_NT_PRINCIPAL -crypto DES-CBC-CRC
Normally the principal is <service>/<FQDN>@<REALM>
It looks like you want a principal for a web server, so the
principal should be HTTP/host.domain at DOAMIN
(HTTP is uppercase.)
>
> Targeting domain controller: DOMAINCONTROLLER.domain
> Failed to set property "servicePrincipalName" to "domain" on Dn=...... 0x13
> WARNING: Unable to set SPN mapping data.
> If host already has an SPN mapping installed for host.domain, this is no
> cause of concern
Is it already defined? Use the AD tools to look at the account for host.
i.e. you have to have a AD acount which will then have a SPN asigned to it
which is the principal.
I believe the account can also have a UPN as well.
> Key created
> Output keytab c:/host_HTTP.keytab
> Keytab version 0x502
> keysize 76 host.domain at DOMAIN ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x1
> (DES-CBC-CRC) keylength 8 (0x3e80d910fed62fe5)
>
> Does anyone have any ideas what the problem might be?
>
> Many thanks,
>
> Celia
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list