Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ktpass command in windows 2008 standard server

Hi all,

now I need to configure ADsso. can anyone check the ktpass command and suggest me it is correct or not?

environment is here..

Number of DCs              =  3
OS of DCs                    =   windows 2008 standard (SP2)
AD domain functionality  =    Mixed mode with 2003
Domain name                = laxman.com

Domain user name        = ssouser

KTpass.exe version       = 6.0.6003.28006

Command is here

=================

1. ktpass –princ ssouser/TestDc1.laxman.com@LAXMAN.COM -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB 5_NT_PRINCIPAL +DesOnly

2. ktpass –princ ssouser/TestDc2.laxman.com@LAXMAN.COM -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB5_NT_PRINCIPAL

+DesOnly

3. ktpass –princ ssouser/TestDc3.laxman.com@LAXMAN.COM -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB5_NT_PRINCIPAL

+DesOnly

Thank you

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: ktpass command in windows 2008 standard server

Hello,

I've been working on this a simillar case since a month!!

I don't want you to wate your time!

AD2008 Standard is not supported.....this is it!!

http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp103186

Cisco said it is not tested for 2008 standard, but beleive me, with this TAC case opened for a month, and no answer from the development team till now! You better try 2008 Enterprise.

I tried AD2008 Enterprise R2, and it works like magic!

Hope this will help.

Have a lovely day

Re: ktpass command in windows 2008 standard server

Mahmoud is right. Certain versions of 2k8 are supported only.

List here: http://bit.ly/AD_SSO_Compatibility

HTH,

Faisal

7 REPLIES
New Member

Re: ktpass command in windows 2008 standard server

Hello,

I've been working on this a simillar case since a month!!

I don't want you to wate your time!

AD2008 Standard is not supported.....this is it!!

http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp103186

Cisco said it is not tested for 2008 standard, but beleive me, with this TAC case opened for a month, and no answer from the development team till now! You better try 2008 Enterprise.

I tried AD2008 Enterprise R2, and it works like magic!

Hope this will help.

Have a lovely day

Re: ktpass command in windows 2008 standard server

Mahmoud is right. Certain versions of 2k8 are supported only.

List here: http://bit.ly/AD_SSO_Compatibility

HTH,

Faisal

New Member

Re: ktpass command in windows 2008 standard server

Hi Faisal,

Since we don't have any option to change the DC operating system, we have to enable sso in this environment, we have ACS aslo. so what solution do you suggest for us?

Re: ktpass command in windows 2008 standard server

Laxman,

If you have any 2k3 servers, you can run ktpass against those and setup the CAS to do SSO against it.

HTH,

Faisal

New Member

Re: ktpass command in windows 2008 standard server

Faisal,

We have windows 2003 standard server but this server is not domain controller its dedicated server for WCS but it is a member of domain. Can we use this server for ktpass? if yes, will it works on ktpass –princ ad_sso/test.com@TEST.COM or we need to user server name instead of ad_domain

e.g ktpass –princ ad_sso/wcs-server.test.com@TEST.COM.

Thank you

New Member

Re: ktpass command in windows 2008 standard server

Hi Faisal,

Can you please look at this problem? I hope I'll get perfect solution from you.

Thank you.

New Member

Re: ktpass command in windows 2008 standard server

hi Mahmoud,

thank you for your kind information. Its really helpful to me.

2582
Views
0
Helpful
7
Replies