Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1732
Views
0
Helpful
1
Replies

Question on ktpass command windows 2008 server for NAC ADSSO

TONY MONTESANO
Level 1
Level 1

‎04-23-2010 07:32 AM - edited ‎02-21-2020 03:56 AM

Trying to get Windows 7 clients to work

with Cisco NAC agent and ADSSO.  Found some documentation in the Cisco NAC

Appliance Configuration guide that shows the following ktpass command shoudl be used

ktpass.exe -princ s-user/xxx.com@XXX.COM -mapuser s-user -pass Password -out c:\s-user.keytab -ptype KRB5_NT_PRINCIPAL -

crypto All

The command is coming up as invalid in Windows 2008 server. Have verified that I'm running 2008 SP2  KTPASS is 6.0.6002.18005

The -crypto all is flagged as invalid.  According to Microsoft site the only options for the -crypto is /crypto{ DES-CBC-CRC| DES-CBC-MD5]

I did verify that this is my issue. I was able to get one client working by enabling the DES algorithm on the Windows 7 Client directly and ADSSO worked fine.

0 Helpful
1 Reply 1

Faisal Sehbai
Level 7
Level 7

‎04-26-2010 06:59 PM

Tony,

What is the error message you're getting? Please post the whole run as you do it. Also make sure you create a new user and run ktpass on it. Save the output this time and post it here.

Faisal

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card