Mailing List Message #92299
From: Bret Miller <>
Subject: RE: Kerberos - Working!!
Date: Wed, 22 Aug 2007 11:00:43 -0700
To: CommuniGate Pro Discussions <>
X-Mailer: CommuniGate Pro MAPI Connector 1.2.12/1.2.12(local)
> Ok, so in case anyone is interested, or was having the same
> problems I was
> with getting Kerberos to work, here's the solution:
> I had to go through every combination of ptypes and crypto's and
> -TrustEncryp to get it to work.
> The key was to run kerbtray from your AD machine. This gives
> you a clue as
> to what kind of encryption it is expecting. If you run that
> command (Start >
> Run > kerbtray), and then open the Tray Icon it creates,
> you'll see a tab
> for "Encryption Types". On the server that was working, it
> says etype 0, but
> on my production AD server it says RSADSI RC4-HMAC. So this means it's
> looking for a HMAC key. Then the money shot if you will was
> the following
> line:
> ktpass -princ imap/ -mapuser
> -pass xxxx -out -crypto RC4-HMAC-NT -ptype
> -TrustEncryp RC4

Nice thought. How do I get a ktpass command that accepts RC4-HMAC-NT and the
-TrustEncryp option? Is that part of Win2K3 SP2? We're currently at SP1

> Once that was run, I was able to launch Outlook and it logged
> me in using
> Kerberos.
> Now I just have to figure out how to get the webmail to work
> in the same, or
> similar fashion...
> Hope this helps.


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster