01-28-2009 08:22 AM - edited 03-09-2019 09:59 PM
I am confused with the syntax of ktpass utility on windows 2008.
I have gone through this microsoft document but could not sort it out.
http://technet.microsoft.com/en-us/library/cc753771.aspx#BKMK_examples
If someone can give an example or steps for ktpass utility for win2008.
01-28-2009 11:41 AM
It's to much to paste here, but the full server manual does a good job of explaining all of the options. Here's a link to the AD SSO section on CCO (no login required):
01-30-2009 12:17 PM
Hello Micheal,
These are the instruction for windows 2003. but i have to use the ktpass on windows 2008.
The syntax of ktpass is different in win2008.
Can you just type the syntax of ktpass for me for windows 2008
02-02-2009 04:42 AM
Sorry, didn't realize the syntax was different. We are running ours on 2003 and I don't have access to a 2008 server to test it with.
01-28-2009 01:42 PM
Hi,
What's the exact error that you are getting? Can you paste it here?
Sam
01-28-2009 05:29 PM
after the "-mapuser" switch is the username for the adsso account. although the example gives it in the following format:
"... -mapuser username..."
i've had to use the following format to get it to work:
"... -mapuser domain\username..."
This was for an error that said it couldn't find the domain or something like that.
http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080884229.shtml
01-29-2009 06:33 AM
Hi,
You do not have to give that as domain\username, since you are providing that information after the -princ switch.
Check it and let me know.
Sam
01-29-2009 09:51 AM
Hi,
Did this solve your problem?
Sam
01-30-2009 12:24 PM
Hi,
Man it was holiday for 2 days. I will be trying on Monday.
However can you write the ktpass command syntax for me for Windows 2008. I think that there is a difference between the the syntax of windows 2003 and 2008.
01-30-2009 12:54 PM
i've done installs where i had to enter it there and where i haven't - regardless of the -princ switch.
01-30-2009 12:21 PM
Hello Sure,
Which win OS you were using. Are you sure it was windows 2008.
02-01-2009 11:55 AM
Cisco NAC Appliance Agent/AD Server Compatibility for AD SSO
http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp55522
Single Domain AD SSO is supported on Windows 2008 Enterprise SP1.
Windows 2008 Enterprise SP1 started with 4.1.8 or 4.5.0.
-What version of CCA are you running
-What version of Windows are you running
-Is it a single domain.
-Are you trying to configure against a single server or a domain
-What version of KTPASS are you using.
Cisco recommends using release 5.2.3790.0 of the KTPass executable.
-What is the extact CLI command that you are entering.
-What does the CAS logs show for the failed attempt.
Check out the Chalk Talk -
Chalk Talk 8: Configuring Authentication, Roles, and SSO
Slide 70
02-05-2009 12:36 AM
Disable UAC on windows server and try.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide