ktpass aborted

Douglas E. Engert deengert at anl.gov
Mon Oct 23 15:35:38 EDT 2006

chris123 wrote:
> Hi Guru,
> I'm getting an aborted error when running a ktpass command on win2003 R2
> server to generate a user acct & here is the error msg:
> ktpass -princ host/winHost.sample.com at SAMPLE.COM -mapuser SAMPLE\ADuser
> -crypto DES-CBC-MD5 +DesOnly -pass password -ptype KRB5_NT_PRINCIPAL -out
> "c:\sol.keytab"

Couple of things to look at:

  * Are you allowed to write into the c:\ top level directory?

  * Do you really needed DesOnly? All newer Kerberos support RC4 as well as DES.

  * I have normally seen the -mapuser without the DOMAIN\

  * Try with -DesOnly rather then +DesOnly

  * Since this is a host principal, have you tried KRB5_NT_SRV_HST? Or just
    leave off the -ptype

  * Do the event logs show anything?

> Targeting domain controller: winHost.sample.com using legacy password
> setting method successfully mapped host/winHost.sample.com to ADuser.
> Aborted
> Could someone please help me to point out what 's wrong w/ this command
> syntax & what should be a proper syntax?  Any helps/suggestions are really
> appreciated.
> TIA,
> -Chris


  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the Kerberos mailing list