keytab of computer account extracted from MS AD(win2k3) is not working
Srinivas Cheruku
srinivas.cheruku at gmail.com
Fri Sep 23 01:02:31 EDT 2005
Hi,
I have created a computer account "test" in Microsoft AD (Win2k3). I
want to use this account with my gss applications and hence i have
extracted the keytab using ktpass.
I have used the below command for extracting the keytab
C:\Documents and Settings\Administrator>ktpass -out "c:\test.keytab" -mapuser test$@domain.com -princ test1/test.domain.com at DOMAIN.COM -pass helloworld
Targeting domain controller: domain-controller.domain.com
Successfully mapped test1/test.domain.com to TEST$.
WARNING: Account TEST$ is not a user account (uacflags=0x1021).
WARNING: Resetting TEST$'s password may cause authentication problems if TEST$ is being used as a server.
Reset TEST$'s password [y/n]? y
Key created.
Output keytab to test.keytab:
Keytab version: 0x502
keysize 60 test1/test.domain.com at DOMAIN.COM ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x3 (DES-CBC-MD5) keylength 8 (0x7aec6d94ba164fbc)
Account TEST$ has been set for DES-only encryption.
C:\Documents and Settings\Administrator>
When i test this keytab with kinit, I am getting the error
C:\Program Files\MIT\Kerberos\bin>kinit -k -t "c:\test.keytab"
test1/test.domain.com at DOMAIN.COM
kinit(v4): bad Kerberos 4 instance format
kinit(v5): Preauthentication failed while getting initial credentials
Can anyone help me to resolve this problem?
Did i do anything wrong while extracting the keytab?
Thanks,
Srini
More information about the Kerberos
mailing list