ktpass command in windows 2008 standard server

Answered Question
May 17th, 2010
User Badges:

Hi all,


now I need to configure ADsso. can anyone check the ktpass command and suggest me it is correct or not?


environment is here..


Number of DCs              =  3
OS of DCs                    =   windows 2008 standard (SP2)
AD domain functionality  =    Mixed mode with 2003
Domain name                = laxman.com

Domain user name        = ssouser

KTpass.exe version       = 6.0.6003.28006


Command is here

=================


1. ktpass –princ [email protected] -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB 5_NT_PRINCIPAL +DesOnly


2. ktpass –princ [email protected] -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB5_NT_PRINCIPAL

+DesOnly

3. ktpass –princ [email protected] -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB5_NT_PRINCIPAL

+DesOnly



Thank you

Correct Answer by Faisal Sehbai about 7 years 1 week ago

Mahmoud is right. Certain versions of 2k8 are supported only.


List here: http://bit.ly/AD_SSO_Compatibility


HTH,

Faisal

Correct Answer by Mahmoud Nofal about 7 years 1 week ago

Hello,

I've been working on this a simillar case since a month!!

I don't want you to wate your time!


AD2008 Standard is not supported.....this is it!!


http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp103186


Cisco said it is not tested for 2008 standard, but beleive me, with this TAC case opened for a month, and no answer from the development team till now! You better try 2008 Enterprise.


I tried AD2008 Enterprise R2, and it works like magic!


Hope this will help.

Have a lovely day

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Mahmoud Nofal Tue, 05/18/2010 - 02:31
User Badges:

Hello,

I've been working on this a simillar case since a month!!

I don't want you to wate your time!


AD2008 Standard is not supported.....this is it!!


http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp103186


Cisco said it is not tested for 2008 standard, but beleive me, with this TAC case opened for a month, and no answer from the development team till now! You better try 2008 Enterprise.


I tried AD2008 Enterprise R2, and it works like magic!


Hope this will help.

Have a lovely day

blaxucisco Tue, 05/18/2010 - 16:25
User Badges:

Hi Faisal,


Since we don't have any option to change the DC operating system, we have to enable sso in this environment, we have ACS aslo. so what solution do you suggest for us?

Faisal Sehbai Wed, 05/19/2010 - 19:22
User Badges:
  • Gold, 750 points or more

Laxman,


If you have any 2k3 servers, you can run ktpass against those and setup the CAS to do SSO against it.


HTH,

Faisal

blaxucisco Thu, 05/27/2010 - 21:34
User Badges:

Hi Faisal,


Can you please look at this problem? I hope I'll get perfect solution from you.


Thank you.

blaxucisco Tue, 05/18/2010 - 16:23
User Badges:

hi Mahmoud,


thank you for your kind information. Its really helpful to me.

Actions

This Discussion