[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Preauthentication failed
accounts have (in our environment) a password expiry which otherwise would
mean exception for users with a service principal or the keytab will get
Look for Dan Perry's msktutil a tool you can use on your Unix box to create
a computer account in AD and write the principal into a keytab. BTW there
are other tools doing the same.
----- Original Message -----
From: "Michael B Allen" <email@example.com>
To: "Florian Erfurth" <firstname.lastname@example.org>
Cc: <email@example.com>; "Markus Moeller" <firstname.lastname@example.org>
Sent: Tuesday, May 22, 2007 10:05 PM
Subject: Re: Preauthentication failed
> On Tue, 22 May 2007 21:03:35 +0100
> "Markus Moeller" <email@example.com> wrote:
>> you may have hit a bug in ktpass on 2003. If I understand your command
>> right you are using a computer account BSDflohKerberos$ and not a user
>> account. If I remember right the salt is not build out of the service
>> but uses host instead. This happen only for computer accounts. Can you
>> to map to a user account.
> Marcus is right. DES with computer accounts has problems last I checked. I
> strongly recommend using a regular User account and RC4.
>> ----- Original Message -----
>> From: "Florian Erfurth" <firstname.lastname@example.org>
>> To: <email@example.com>
>> Sent: Tuesday, May 22, 2007 5:13 PM
>> Subject: Re: Preauthentication failed
>> > Hi Michael,
>> > thank you for your quick response!
>> > Michael B Allen wrote:
>> >>> > [SNIP]
>> >> Looks like the key is wrong. Re-run ktpass.exe and copy the keytab
>> >> file
>> >> over again.
>> > I did that, what you did suggest. I get still the same error. :( Did I
>> > entered the right:
>> > C:\>ktpass -princ HTTP/BSDfloh.domain.tld@DOMAIN.TLD -mapuser
>> > domain\BSDflohKerberos$ -crypto DES-CBC-MD5 -pass longlongpassword -out
>> > c
>> > \temp\BSDflohkeytab
>> > Question: Which password should I use for '-pass'? Do I create a new
>> > password with this command or should I use *which* password?
>> >> Mike
>> > Floh
> Michael B Allen
> PHP Active Directory Kerberos SSO