Errors when running ktpass on windows 2003 - Kerberos

This is a discussion on Errors when running ktpass on windows 2003 - Kerberos ; Hi, I am trying to generate a keytab file, but am encountering problems when running the ktpass command: ktpass -princ host.doman@DOMAIN -pass password -mapuser host -out c:/host_HTTP.keytab -mapOp set -ptype KRB5_NT_PRINCIPAL -crypto DES-CBC-CRC Targeting domain controller: DOMAINCONTROLLER.domain Failed to set ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Errors when running ktpass on windows 2003

  1. Errors when running ktpass on windows 2003

    Hi,

    I am trying to generate a keytab file, but am encountering problems when
    running the ktpass command:

    ktpass -princ host.doman@DOMAIN -pass password -mapuser host -out
    c:/host_HTTP.keytab -mapOp set -ptype KRB5_NT_PRINCIPAL -crypto DES-CBC-CRC

    Targeting domain controller: DOMAINCONTROLLER.domain
    Failed to set property "servicePrincipalName" to "domain" on Dn=...... 0x13
    WARNING: Unable to set SPN mapping data.
    If host already has an SPN mapping installed for host.domain, this is no
    cause of concern
    Key created
    Output keytab c:/host_HTTP.keytab
    Keytab version 0x502
    keysize 76 host.domain@DOMAIN ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x1
    (DES-CBC-CRC) keylength 8 (0x3e80d910fed62fe5)

    Does anyone have any ideas what the problem might be?

    Many thanks,

    Celia
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Errors when running ktpass on windows 2003



    Celia Clark wrote:
    > Hi,
    >
    > I am trying to generate a keytab file, but am encountering problems when
    > running the ktpass command:
    >
    > ktpass -princ host.doman@DOMAIN -pass password -mapuser host -out
    > c:/host_HTTP.keytab -mapOp set -ptype KRB5_NT_PRINCIPAL -crypto DES-CBC-CRC


    Normally the principal is /@
    It looks like you want a principal for a web server, so the
    principal should be HTTP/host.domain@DOAMIN
    (HTTP is uppercase.)

    >
    > Targeting domain controller: DOMAINCONTROLLER.domain
    > Failed to set property "servicePrincipalName" to "domain" on Dn=...... 0x13
    > WARNING: Unable to set SPN mapping data.
    > If host already has an SPN mapping installed for host.domain, this is no
    > cause of concern


    Is it already defined? Use the AD tools to look at the account for host.
    i.e. you have to have a AD acount which will then have a SPN asigned to it
    which is the principal.

    I believe the account can also have a UPN as well.



    > Key created
    > Output keytab c:/host_HTTP.keytab
    > Keytab version 0x502
    > keysize 76 host.domain@DOMAIN ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x1
    > (DES-CBC-CRC) keylength 8 (0x3e80d910fed62fe5)
    >
    > Does anyone have any ideas what the problem might be?
    >
    > Many thanks,
    >
    > Celia
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >
    >


    --

    Douglas E. Engert
    Argonne National Laboratory
    9700 South Cass Avenue
    Argonne, Illinois 60439
    (630) 252-5444
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread