AD 2003; MS's ktpass made account corrupted
Henoc@gbconcept.com
henoc at gbconcept.com
Wed Dec 12 10:27:11 EST 2007
Hi Eeery one.
I'm turning to you to know if you have found a way to deal with the bug
on windows' ktpass tool :
When used to deliver a keytab it corrompts the account.
The computer can't any more log on the windows Domain.
You have to delete it's account on the AD side and then rebind it to the
domain.
I have tried microsoft so-called corrective; I have been told to go on SP2;
all of this wich do exactly the same.
-------------------------------
most accurate entry in the microsoft KB :
>http://support.microsoft.com/kb/939980/en-us
>>You cannot log on to a Windows Server 2003 domain by using a user
account after you reset the user account password by using the
ktpass.exe tool together with the -pass * parameter
in fact not limited to "/pass * " as long as I have tested with "/pass
mypasswd" it fails also.
and also the first problem on microsoft KB was :
>http://support.microsoft.com/kb/919557/en
>>You receive pre-authentication errors when you use keytab files that
are generated by using the Ktpass.exe tool on a Windows Server 2003
SP1-based computer
-------------------------------
So here is my question :
Did you succed in creating correct keytab and still not breaking your
computer's appartnance to his AD domain. ?
If yes please let me step by step what to do. (AND MOST OF ALL Send me a
private mail with the binary)
Or is there a alternative to the use of microsoft's ktpass on windows ?
PS : I use this style of command line :
*/ktpass /out httpSrv.keytab /mapuser WWWSRVHOST /princ
HTTP//**/WWWSRVHOST/**/@TESTDOMAIN.LOCAL /crypto RC4-HMAC-NT /pass *
/ptype KRB5_NT_PRINCIPAL/*
Thanks
More information about the Kerberos
mailing list