Douglas E. Engert
deengert at anl.gov
Mon Oct 23 15:35:38 EDT 2006
> Hi Guru,
> I'm getting an aborted error when running a ktpass command on win2003 R2
> server to generate a user acct & here is the error msg:
> ktpass -princ host/winHost.sample.com at SAMPLE.COM -mapuser SAMPLE\ADuser
> -crypto DES-CBC-MD5 +DesOnly -pass password -ptype KRB5_NT_PRINCIPAL -out
Couple of things to look at:
* Are you allowed to write into the c:\ top level directory?
* Do you really needed DesOnly? All newer Kerberos support RC4 as well as DES.
* I have normally seen the -mapuser without the DOMAIN\
* Try with -DesOnly rather then +DesOnly
* Since this is a host principal, have you tried KRB5_NT_SRV_HST? Or just
leave off the -ptype
* Do the event logs show anything?
> Targeting domain controller: winHost.sample.com using legacy password
> setting method successfully mapped host/winHost.sample.com to ADuser.
> Could someone please help me to point out what 's wrong w/ this command
> syntax & what should be a proper syntax? Any helps/suggestions are really
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the Kerberos