Unable to Set SPN mapping data ( Apache, Kerberos, Win2k3) - Kerberos

This is a discussion on Unable to Set SPN mapping data ( Apache, Kerberos, Win2k3) - Kerberos ; Hello, I am trying to set SPN mapping of my apache webserver to a user account in my Active Directory in Win2k3. C:\Documents and Settings\aattarwala>ktpass -princ HTTP/abbaswinserver.mydomain.com @MYDOMAIN.COM -mapuser abbastest@MYDOMAIN.COM pass helloworld -out apache.keytab Targeting domain controller: 1wfad.mydomain.com Failed to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Unable to Set SPN mapping data ( Apache, Kerberos, Win2k3)

  1. Unable to Set SPN mapping data ( Apache, Kerberos, Win2k3)

    Hello,

    I am trying to set SPN mapping of my apache webserver to a user account
    in my Active Directory in Win2k3.

    C:\Documents and Settings\aattarwala>ktpass -princ
    HTTP/abbaswinserver.mydomain.com
    @MYDOMAIN.COM -mapuser abbastest@MYDOMAIN.COM pass helloworld -out
    apache.keytab

    Targeting domain controller: 1wfad.mydomain.com

    Failed to set property "servicePrincipalName" to
    "HTTP/abbaswinserver@mydomain.com"
    on Dn "CN=abbas test,OU=TestUsers,OU=Domain Users
    DC=com": 0x32.

    WARNING: Unable to set SPN mapping data.
    If abbastest already has an SPN mapping installed for
    HTTP/abbaswinserver.mydomain.com
    this is no cause for concern.
    Failed to set password for abbastest: 0x5.
    Aborted.


    Note: I am not the system administrator when i issued these commands. (
    do i need to be one??)

    why is this mapping failing?? due to this, i cannot use kerberos
    authentication on my apche web server.

    thanks!


  2. Re: Unable to Set SPN mapping data ( Apache, Kerberos, Win2k3)

    On Thursday 23 March 2006 19:22, abbas.attarwala@gmail.com wrote:

    > Note: I am not the system administrator when i issued these commands. (
    > do i need to be one??)


    >From the ktpass Documentation:



    "Ktpass.exe: Kerberos Keytab Setup

    This command-line tool enables an administrator to configure a non-Windows
    Server 2003 Kerberos service as a security principal in the Windows Server
    2003 Active Directory."

    The answer to your question is "yes".



    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread