keytab of computer account extracted from MS AD(win2k3) is not working

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

keytab of computer account extracted from MS AD(win2k3) is not working

Srinivas Cheruku-3
Hi,

I have created a computer account "test" in Microsoft AD (Win2k3). I
want to use this account with my gss applications and hence i have
extracted the keytab using ktpass.
I have used the below command for extracting the keytab

C:\Documents and Settings\Administrator>ktpass -out "c:\test.keytab" -mapuser test$@domain.com -princ test1/[hidden email] -pass helloworld
Targeting domain controller: domain-controller.domain.com
Successfully mapped test1/test.domain.com to TEST$.
WARNING: Account TEST$ is not a user account (uacflags=0x1021).
WARNING: Resetting TEST$'s password may cause authentication problems if TEST$ is being used as a server.

Reset TEST$'s password [y/n]? y
Key created.
Output keytab to test.keytab:
Keytab version: 0x502
keysize 60 test1/[hidden email] ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x3 (DES-CBC-MD5) keylength 8 (0x7aec6d94ba164fbc)
Account TEST$ has been set for DES-only encryption.

C:\Documents and Settings\Administrator>


When i test this keytab with kinit, I am getting the error
C:\Program Files\MIT\Kerberos\bin>kinit -k -t "c:\test.keytab"
test1/[hidden email]
kinit(v4): bad Kerberos 4 instance format
kinit(v5): Preauthentication failed while getting initial credentials

Can anyone help me to resolve this problem?
Did i do anything wrong while extracting the keytab?

Thanks,
Srini



________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: keytab of computer account extracted from MS AD(win2k3) is not working

Vijay-4
Have you tried other principal name like
test1/[hidden email] instead of test1/[hidden email] ?

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos