Versions Compared

Version Old Version 2 New Version Current
Changes made by

Sri Raghu

Alex Mandel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Start a command prompt.

  2. Enter the following command to generate the keytab file for the Universal DDI user account:

    ktpass -princ username@REALMexampleuser@REALM -mapuser logon_name@REALM 
    -pass password -out my.tab -ptype krb5_nt_principal -crypto encryption
    Example: 
    ktpass -princ DNS/ns1.corpxyzexample.com@GSS.LOCAL -mapuser jsmith@GSS.LOCAL -pass 
    37Le37 -out ns1.keytab -ptype krb5_nt_principal -crypto RC4-HMAC-NT

    where:
    -princ = Kerberos principal. Note that this parameter is case-sensitive. Specifies the principal name for the NIOS-X Server or service in this format: DNS/ns1.corpxyzexample.com@GSS.LOCAL

  • DNS = Service name in uppercase format.
  • ns1.corpxyzexample.com = Instance in FQDN (fully-qualified domain name) format; this is the same as the DNS name of the NIOS-X Server.
  • GSS.LOCAL = The Kerberos realm in uppercase format. This must be the same as the AD domain name.

...

Targeting domain controller: qacert.test.local

Using legacy password setting method

Successfully mapped DNS/ns1.corpxyzexample.com to ns1.

Key created.

Output keytab to ns1.keytab: Keytab version: 0x502

keysize 80 DNS/ns1.corpxyzexample.com@GSS.LOCAL ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x12 (AES256-SHA1)

keylength 32 (0xea8675d7abf13fd760a744088642fb917ceb6c9d267f5c54e595597846f06407)

...

  1. Start a command prompt.
  2. Enter the following command to generate the keytab file for Universal DDI user account:

ktpass -princ usernameexampleuser@REALM -mapuser logon_name@REALM -pass password -out my.tab -ptype krb5_nt_principal -crypto encryption
Example:
ktpass -princ DNS/ns1.corpxyzexample.com@GSS.LOCAL -mapuser jsmith@GSS.LOCAL -pass 37Le37 -out ns1.keytab -ptype krb5_nt_principal -crypto RC4-HMAC-NT
where:
-princ = Kerberos principal. Note that this parameter is case-sensitive. Specifies the principal name for the NIOS-X Server or service in this format: DNS/ns1.corpxyzexample.com@GSS.LOCAL

    • DNS = This is an example of the service name in uppercase format.
    • ns1.corpxyzexample.com = This is an example of the instance in FQDN (fully-qualified domain name) format; this is the same as the DNS name of the NIOS-X Server.
    • GSS.LOCAL = This is an example of the Kerberos realm in uppercase format. This must be the same as the AD domain name.

...

Targeting domain controller: qacert.test.local

Using legacy password setting method

Successfully mapped DNS/ns1.corpxyzexample.com to ns1.

Key created.

Output keytab to ns1.keytab:

Keytab version: 0x502

keysize 80 DNS/ns1.corpxyzexample.com@GSS.LOCAL ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x12 (AES256-SHA1)

keylength 32 (0xea8675d7abf13fd760a744088642fb917ceb6c9d267f5c54e595597846f06407)

...

  1. Start a command prompt.

  2. Enter the following command to generate the keytab file for the Universal DDI user account:

    ktpass -princ username@REALMexampleuser@REALM -mapuser logon_name@REALM 
    -pass password -out my.tab -ptype krb5_nt_principal -crypto encryption
    Example: 
    ktpass -princ DNS/ns1.corpxyzexample.com@GSS.LOCAL -mapuser jsmith@GSS.LOCAL -pass 
    37Le37 -out ns1.keytab -ptype krb5_nt_principal -crypto RC4-HMAC-NT

    where:
    -princ = Kerberos principal. Note that this parameter is case-sensitive. Specifies the principal name for the NIOS-X Server or service in this format: DNS/ns1.corpxyzexample.com@GSS.LOCAL

  • DNS = Service name in uppercase format.
  • ns1.corpxyzexample.com = Instance in FQDN (fully-qualified domain name) format; this is the same as the DNS name of the NIOS-X Server.
  • GSS.LOCAL = The Kerberos realm in uppercase format. This must be the same as the AD domain name.

...

Targeting domain controller: qacert.test.local

Using legacy password setting method

Successfully mapped DNS/ns1.corpxyzexample.com to ns1.

Key created.

Output keytab to ns1.keytab: Keytab version: 0x502

keysize 80 DNS/ns1.corpxyzexample.com@GSS.LOCAL ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x12 (AES256-SHA1)

keylength 32 (0xea8675d7abf13fd760a744088642fb917ceb6c9d267f5c54e595597846f06407)

...

  1. Start a command prompt.
  2. Enter the following command to generate the keytab file for Universal DDI user account:

ktpass -princ username exampleuser@REALM -mapuser logon_name@REALM -pass password -out my.tab -ptype krb5_nt_principal -crypto encryption
Example:
ktpass -princ DNS/ns1.corpxyzexample.com@GSS.LOCAL -mapuser jsmith@GSS.LOCAL -pass 37Le37 -out ns1.keytab -ptype krb5_nt_principal -crypto RC4-HMAC-NT
where:
-princ = Kerberos principal. Note that this parameter is case-sensitive. Specifies the principal name for the NIOS-X Server or service in this format: DNS/ns1.corpxyzexample.com@GSS.LOCAL

    • DNS = This is an example of the service name in uppercase format.
    • ns1.corpxyzexample.com = This is an example of the instance in FQDN (fully-qualified domain name) format; this is the same as the DNS name of the NIOS-X Server.
    • GSS.LOCAL = This is an example of the Kerberos realm in uppercase format. This must be the same as the AD domain name.

...

Targeting domain controller: qacert.test.local

Using legacy password setting method

Successfully mapped DNS/ns1.corpxyzexample.com to ns1.

Key created.

Output keytab to ns1.keytab:

Keytab version: 0x502

keysize 80 DNS/ns1.corpxyzexample.com@GSS.LOCAL ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x12 (AES256-SHA1)

keylength 32 (0xea8675d7abf13fd760a744088642fb917ceb6c9d267f5c54e595597846f06407)