Question on ktpass command windows 2008 server for NAC ADSSO

Unanswered Question
Apr 23rd, 2010
User Badges:

Trying to get Windows 7 clients to work

with Cisco NAC agent and ADSSO.  Found some documentation in the Cisco NAC

Appliance Configuration guide that shows the following ktpass command shoudl be used

ktpass.exe -princ [email protected] -mapuser s-user -pass Password -out c:\s-user.keytab -ptype KRB5_NT_PRINCIPAL -

crypto All

The command is coming up as invalid in Windows 2008 server. Have verified that I'm running 2008 SP2  KTPASS is 6.0.6002.18005

The -crypto all is flagged as invalid.  According to Microsoft site the only options for the -crypto is /crypto{ DES-CBC-CRC| DES-CBC-MD5]

I did verify that this is my issue. I was able to get one client working by enabling the DES algorithm on the Windows 7 Client directly and ADSSO worked fine.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Faisal Sehbai Mon, 04/26/2010 - 18:59
User Badges:
  • Gold, 750 points or more


What is the error message you're getting? Please post the whole run as you do it. Also make sure you create a new user and run ktpass on it. Save the output this time and post it here.



This Discussion