I have a service account in AD which I can use vastool to access the account information. However, when the AD admin run the ktpass command in AD:
ktpass -princ HTTP/hostname.domain.com@DOMAIN.COM -mapuser sAMAccountName
c -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass * -out f:\hostname.keytab
The the same command return with the following error:
/opt/quest/bin/vastool -u sAMAccountName attrs -s HTTP/
Password for sAMAccountName@DOMAIN.COM:
ERROR: Could not authenticate as sAMAccountName. Invalid username or password.
VAS_ERR_KRB5: Failed to obtain credentials. Client: sAMAccountName@DOMAIN.COM, Service: krbtgt/DOMAIN.COM@DOMAIN.COM, Server: w190ad1.domain.com
Caused by:
KRB5KDC_ERR_PREAUTH_FAILED (-1765328360): Preauthentication failed
My web server is running in a HP-UX (11.11) with Apache 2.2.3 and the mod_auth_vas version 3.6.7. I am new to this authentication thing and I am not Unix Admin, nor AD admin. So I have no idea why is that happen. Now I have to find out the reason and provide the cause and resolution to the Admin teams. Does anyone has experienced similar problem and can shed some light on how to get this resolve?
Thanks.
ktpass -princ HTTP/hostname.domain.com@DOMAIN.COM -mapuser sAMAccountName
c -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass * -out f:\hostname.keytab
The the same command return with the following error:
/opt/quest/bin/vastool -u sAMAccountName attrs -s HTTP/
Password for sAMAccountName@DOMAIN.COM:
ERROR: Could not authenticate as sAMAccountName. Invalid username or password.
VAS_ERR_KRB5: Failed to obtain credentials. Client: sAMAccountName@DOMAIN.COM, Service: krbtgt/DOMAIN.COM@DOMAIN.COM, Server: w190ad1.domain.com
Caused by:
KRB5KDC_ERR_PREAUTH_FAILED (-1765328360): Preauthentication failed
My web server is running in a HP-UX (11.11) with Apache 2.2.3 and the mod_auth_vas version 3.6.7. I am new to this authentication thing and I am not Unix Admin, nor AD admin. So I have no idea why is that happen. Now I have to find out the reason and provide the cause and resolution to the Admin teams. Does anyone has experienced similar problem and can shed some light on how to get this resolve?
Thanks.
