Raimund Sacherer rs at
Thu Jul 16 07:20:04 UTC 2015

Hello Greg, 

> C:\Windows\system32>ktpass -princ HTTP/ad01.example.local at EXAMPLE.LOCAL
> -mapuser aduser -pass P@$$word -ptype KRB5_NT_PRINCIPAL -out
> :\temp\krb5.keytab

For what its worth, we have a couple of servers authenticating against an 2012 domain and we create the key tab file like this:
setspn -A HTTP/ windowsusername

ktpass -out -princ HTTP/ at EXAMPLE.LOCAL -mapUser windowsuser -mapOp set -pass password -crypto RC4-HMAC-NT -pType KRB5_NT_PRINCIPAL 

At times we have instead of RC4-HMAC-NT set ALL. 

Hope this helps, 


More information about the freebsd-questions mailing list