Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Question on ktpass command windows 2008 server for NAC ADSSO

Trying to get Windows 7 clients to work

with Cisco NAC agent and ADSSO.  Found some documentation in the Cisco NAC

Appliance Configuration guide that shows the following ktpass command shoudl be used

ktpass.exe -princ s-user/xxx.com@XXX.COM -mapuser s-user -pass Password -out c:\s-user.keytab -ptype KRB5_NT_PRINCIPAL -

crypto All

The command is coming up as invalid in Windows 2008 server. Have verified that I'm running 2008 SP2  KTPASS is 6.0.6002.18005

The -crypto all is flagged as invalid.  According to Microsoft site the only options for the -crypto is /crypto{ DES-CBC-CRC| DES-CBC-MD5]

I did verify that this is my issue. I was able to get one client working by enabling the DES algorithm on the Windows 7 Client directly and ADSSO worked fine.

Everyone's tags (4)
1 REPLY

Re: Question on ktpass command windows 2008 server for NAC ADSSO

Tony,

What is the error message you're getting? Please post the whole run as you do it. Also make sure you create a new user and run ktpass on it. Save the output this time and post it here.

Faisal

1428
Views
0
Helpful
1
Replies