From owner-freebsd-questions@freebsd.org Thu Jul 16 07:20:04 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5243B9A3A61 for ; Thu, 16 Jul 2015 07:20:04 +0000 (UTC) (envelope-from raimund.sacherer@logitravel.com) Received: from formentor.toolfactory.net (pina.toolfactory.net [213.97.158.39]) by mx1.freebsd.org (Postfix) with ESMTP id F299610B4 for ; Thu, 16 Jul 2015 07:20:03 +0000 (UTC) (envelope-from raimund.sacherer@logitravel.com) Received: from localhost (localhost.localdomain [127.0.0.1]) by formentor.toolfactory.net (Postfix) with ESMTP id B0475177AE1; Thu, 16 Jul 2015 09:12:46 +0200 (CEST) Received: from formentor.toolfactory.net ([127.0.0.1]) by localhost (formentor.toolfactory.net [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id AdC15gwRMJqL; Thu, 16 Jul 2015 09:12:46 +0200 (CEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by formentor.toolfactory.net (Postfix) with ESMTP id 3EE85178050; Thu, 16 Jul 2015 09:12:46 +0200 (CEST) X-Virus-Scanned: amavisd-new at logpmzimmta01v.toolfactory.net Received: from formentor.toolfactory.net ([127.0.0.1]) by localhost (formentor.toolfactory.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id V7YMYHMe0y71; Thu, 16 Jul 2015 09:12:46 +0200 (CEST) Received: from xorrigo.toolfactory.net (xorrigo.toolfactory.net [192.168.2.210]) by formentor.toolfactory.net (Postfix) with ESMTP id 24B86177DB0; Thu, 16 Jul 2015 09:12:46 +0200 (CEST) Date: Thu, 16 Jul 2015 09:12:44 +0200 (CEST) From: Raimund Sacherer Reply-To: Raimund Sacherer To: greg Cc: freebsd-questions@freebsd.org Message-ID: <1383995814.37100404.1437030764957.JavaMail.zimbra@logitravel.com> In-Reply-To: <75d664eeb361264e9b4560a89b1a32bf@mail.gregs-garage.com> References: <75d664eeb361264e9b4560a89b1a32bf@mail.gregs-garage.com> Subject: Re: Kerberos MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [192.168.2.213] X-Mailer: Zimbra 8.0.8_GA_6184 (ZimbraWebClient - SAF7 (Mac)/8.0.8_GA_6184) Thread-Topic: Kerberos Thread-Index: 6oey7Yr4jOe4ZRie2+5Ognzld7hnBw== X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jul 2015 07:20:04 -0000 Hello Greg, > C:\Windows\system32>ktpass -princ HTTP/ad01.example.local@EXAMPLE.LOCAL > -mapuser aduser -pass P@$$word -ptype KRB5_NT_PRINCIPAL -out > :\temp\krb5.keytab For what its worth, we have a couple of servers authenticating against an 2012 domain and we create the key tab file like this: setspn -A HTTP/service.host.name windowsusername ktpass -out key.tab -princ HTTP/service.host.name@EXAMPLE.LOCAL -mapUser windowsuser -mapOp set -pass password -crypto RC4-HMAC-NT -pType KRB5_NT_PRINCIPAL At times we have instead of RC4-HMAC-NT set ALL. Hope this helps, best