The keytab file is created on the domain controller server or on a Windows Server computer that is part of the domain, under the domain administrator account.
To create a keytab file:
ksmg-ldap
).When creating the user, select the Password never expires option.
ksmg-ldap
user. To do so, run the following command on the command line:C:\Windows\system32\ktpass.exe -princ ksmg-ldap@<realm Active Directory domain name in uppercase> -crypto AES256-SHA1 -ptype KRB5_NT_PRINCIPAL -pass <ksmg-ldap user password> -out <path to file>\<file name>.keytab
You can use the * character for the -pass parameter value if you do not want to provide the password in the command text. If this is the case, the tool will prompt you for the password when running the command.
Example:
|
The keytab file will be created. If you change the user account password, you will have to generate a new keytab file.
Page top