[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preauthentication failed



On Tue, 22 May 2007 21:03:35 +0100
"Markus Moeller" <huaraz@moeller.plus.com> wrote:

> Florian,
> 
> you may have hit a bug in ktpass on 2003. If  I understand your command 
> right you are using a computer account BSDflohKerberos$ and not a user 
> account. If I remember right the salt is not build out of the service HTTP 
> but uses host instead. This happen only for computer accounts. Can you try 
> to map to a user account.

Florian,

Marcus is right. DES with computer accounts has problems last I checked. I
strongly recommend using a regular User account and RC4.

Mike

> ----- Original Message ----- 
> From: "Florian Erfurth" <floh-erfurth@arcor.de>
> To: <heimdal-discuss@sics.se>
> Sent: Tuesday, May 22, 2007 5:13 PM
> Subject: Re: Preauthentication failed
> 
> 
> > Hi Michael,
> > thank you for your quick response!
> >
> > Michael B Allen wrote:
> >
> >>> > [SNIP]
> >> Looks like the key is wrong. Re-run ktpass.exe and copy the keytab file
> >> over again.
> >
> > I did that, what you did suggest. I get still the same error. :( Did I
> > entered the right:
> > C:\>ktpass -princ HTTP/BSDfloh.domain.tld@DOMAIN.TLD -mapuser
> > domain\BSDflohKerberos$ -crypto DES-CBC-MD5 -pass longlongpassword -out c
> > \temp\BSDflohkeytab
> >
> > Question: Which password should I use for '-pass'? Do I create a new
> > password with this command or should I use *which* password?
> >
> >> Mike
> > Floh
> > 
> 
> 


-- 
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/