From owner-freebsd-questions@freebsd.org  Thu Jul 16 07:20:04 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5243B9A3A61
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Thu, 16 Jul 2015 07:20:04 +0000 (UTC)
 (envelope-from raimund.sacherer@logitravel.com)
Received: from formentor.toolfactory.net (pina.toolfactory.net [213.97.158.39])
 by mx1.freebsd.org (Postfix) with ESMTP id F299610B4
 for <freebsd-questions@freebsd.org>; Thu, 16 Jul 2015 07:20:03 +0000 (UTC)
 (envelope-from raimund.sacherer@logitravel.com)
Received: from localhost (localhost.localdomain [127.0.0.1])
 by formentor.toolfactory.net (Postfix) with ESMTP id B0475177AE1;
 Thu, 16 Jul 2015 09:12:46 +0200 (CEST)
Received: from formentor.toolfactory.net ([127.0.0.1])
 by localhost (formentor.toolfactory.net [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id AdC15gwRMJqL; Thu, 16 Jul 2015 09:12:46 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
 by formentor.toolfactory.net (Postfix) with ESMTP id 3EE85178050;
 Thu, 16 Jul 2015 09:12:46 +0200 (CEST)
X-Virus-Scanned: amavisd-new at logpmzimmta01v.toolfactory.net
Received: from formentor.toolfactory.net ([127.0.0.1])
 by localhost (formentor.toolfactory.net [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id V7YMYHMe0y71; Thu, 16 Jul 2015 09:12:46 +0200 (CEST)
Received: from xorrigo.toolfactory.net (xorrigo.toolfactory.net
 [192.168.2.210])
 by formentor.toolfactory.net (Postfix) with ESMTP id 24B86177DB0;
 Thu, 16 Jul 2015 09:12:46 +0200 (CEST)
Date: Thu, 16 Jul 2015 09:12:44 +0200 (CEST)
From: Raimund Sacherer <rs@logitravel.com>
Reply-To: Raimund Sacherer <rs@logitravel.com>
To: greg <greg@mail.gregs-garage.com>
Cc: freebsd-questions@freebsd.org
Message-ID: <1383995814.37100404.1437030764957.JavaMail.zimbra@logitravel.com>
In-Reply-To: <75d664eeb361264e9b4560a89b1a32bf@mail.gregs-garage.com>
References: <75d664eeb361264e9b4560a89b1a32bf@mail.gregs-garage.com>
Subject: Re: Kerberos
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [192.168.2.213]
X-Mailer: Zimbra 8.0.8_GA_6184 (ZimbraWebClient - SAF7 (Mac)/8.0.8_GA_6184)
Thread-Topic: Kerberos
Thread-Index: 6oey7Yr4jOe4ZRie2+5Ognzld7hnBw==
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 07:20:04 -0000

Hello Greg, 

> C:\Windows\system32>ktpass -princ HTTP/ad01.example.local@EXAMPLE.LOCAL
> -mapuser aduser -pass P@$$word -ptype KRB5_NT_PRINCIPAL -out
> :\temp\krb5.keytab

For what its worth, we have a couple of servers authenticating against an 2012 domain and we create the key tab file like this:
setspn -A HTTP/service.host.name windowsusername

ktpass -out key.tab -princ HTTP/service.host.name@EXAMPLE.LOCAL -mapUser windowsuser -mapOp set -pass password -crypto RC4-HMAC-NT -pType KRB5_NT_PRINCIPAL 


At times we have instead of RC4-HMAC-NT set ALL. 

Hope this helps, 

best