Trying to get Windows 7 clients to work
with Cisco NAC agent and ADSSO. Found some documentation in the Cisco NAC
Appliance Configuration guide that shows the following ktpass command shoudl be used
ktpass.exe -princ s-user/xxx.com@XXX.COM -mapuser s-user -pass Password -out c:\s-user.keytab -ptype KRB5_NT_PRINCIPAL -
crypto All
The command is coming up as invalid in Windows 2008 server. Have verified that I'm running 2008 SP2 KTPASS is 6.0.6002.18005
The -crypto all is flagged as invalid. According to Microsoft site the only options for the -crypto is /crypto{ DES-CBC-CRC| DES-CBC-MD5]
I did verify that this is my issue. I was able to get one client working by enabling the DES algorithm on the Windows 7 Client directly and ADSSO worked fine.