Security

Hi

I have done the configuration as follows:

1. Set up AD DC on windows server 2012 R2

2. Created a domain user and not checked the option "This account supports Kerberos AES 128 bit encryption", "This account supports Kerberos AES 256 bit encryption", "use Kerberos DES encryption type for this account" for this domain user and "do not require Kerberos pre authentication is checked"

3. Created keytab file on windows 2012 Server R2 by using the KTPASS command


ktpass -princ host/<host name>@domain name -mapuser <domain user name> -pass <passwd of domain user> -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out C:\KeyTab\TestHMAC4-U6.keytab

and KTPASS executed successfully.

4. login in the windows machine [windows 8.1] with the domain user as used in KTPASS command and accessed  the resource but while accessing the resource authentication gets failed.

5. following tickets are displayed in the Kerberos ticket manager at windows client machine:

Principal                                                          Valid Untill                        encryption type

krbtgt/domain name@domain name                   <validity time>             session key: aes256-cts-hmac-sha1-96

host/hostname@domain name                           <validity time>             session key:arcfour-hmac


ldap/kdc name@domain name                            <validity time>             session key: aes256-cts-hmac-sha1-96

LDAP/KDC NAME/domain name@domain name     <validity time>             session key: aes256-cts-hmac-sha1-96

As RC4-HMAC-NT is used in Ktpass command then why encryption type aes256-cts-hmac-sha1-96 is displayed for tgt tickets and various other tickets.

please suggest how to use encryption type RC4-HMAC-NT for tgt tickets and other tickets as shown above.

Thank You