Solved: ktpass command in windows 2008 standard server

blaxucisco · ‎05-17-2010

Hi all,

now I need to configure ADsso. can anyone check the ktpass command and suggest me it is correct or not?

environment is here..

Number of DCs              = 3
OS of DCs                    =   windows 2008 standard (SP2)
AD domain functionality =    Mixed mode with 2003
Domain name                = laxman.com

Domain user name = ssouser

KTpass.exe version = 6.0.6003.28006

Command is here

=================

1. ktpass –princ ssouser/TestDc1.laxman.com@LAXMAN.COM -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB 5_NT_PRINCIPAL +DesOnly

2. ktpass –princ ssouser/TestDc2.laxman.com@LAXMAN.COM -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB5_NT_PRINCIPAL

+DesOnly

3. ktpass –princ ssouser/TestDc3.laxman.com@LAXMAN.COM -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB5_NT_PRINCIPAL

+DesOnly

Thank you

Mahmoud Nofal · ‎05-18-2010

Hello,

I've been working on this a simillar case since a month!!

I don't want you to wate your time!

AD2008 Standard is not supported.....this is it!!

http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp103186

Cisco said it is not tested for 2008 standard, but beleive me, with this TAC case opened for a month, and no answer from the development team till now! You better try 2008 Enterprise.

I tried AD2008 Enterprise R2, and it works like magic!

Hope this will help.

Have a lovely day

View solution in original post

Faisal Sehbai · ‎05-18-2010

Mahmoud is right. Certain versions of 2k8 are supported only.

List here: http://bit.ly/AD_SSO_Compatibility

HTH,

Faisal

View solution in original post

Mahmoud Nofal · ‎05-18-2010

Hello,

I've been working on this a simillar case since a month!!

I don't want you to wate your time!

AD2008 Standard is not supported.....this is it!!

http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp103186

Cisco said it is not tested for 2008 standard, but beleive me, with this TAC case opened for a month, and no answer from the development team till now! You better try 2008 Enterprise.

I tried AD2008 Enterprise R2, and it works like magic!

Hope this will help.

Have a lovely day

Faisal Sehbai · ‎05-18-2010

Mahmoud is right. Certain versions of 2k8 are supported only.

List here: http://bit.ly/AD_SSO_Compatibility

HTH,

Faisal

blaxucisco · ‎05-18-2010

Hi Faisal,

Since we don't have any option to change the DC operating system, we have to enable sso in this environment, we have ACS aslo. so what solution do you suggest for us?

Faisal Sehbai · ‎05-19-2010

Laxman,

If you have any 2k3 servers, you can run ktpass against those and setup the CAS to do SSO against it.

HTH,

Faisal

blaxucisco · ‎05-20-2010

Faisal,

We have windows 2003 standard server but this server is not domain controller its dedicated server for WCS but it is a member of domain. Can we use this server for ktpass? if yes, will it works on ktpass –princ ad_sso/test.com@TEST.COM or we need to user server name instead of ad_domain

e.g ktpass –princ ad_sso/wcs-server.test.com@TEST.COM.

Thank you

blaxucisco · ‎05-27-2010

Hi Faisal,

Can you please look at this problem? I hope I'll get perfect solution from you.

Thank you.

blaxucisco · ‎05-18-2010

hi Mahmoud,

thank you for your kind information. Its really helpful to me.