The hotfix 951191 fixed this problem too... Douglas E. Engert wrote: > I have run it to a similar problem in the last two day, as we have some W2008 > DCs > and some W2003 DCs. The msktutil program to add computer accounts and create > keytab > files then change the password uses the krb5_set_password_using_ccache with > the > admin creds and the change_password_for set to the principal of the machine. > > This is the same method used by the MIT ksetpwd command that is bbuilt but > not installed. > > Both the ksetpwd and msktutil fail with an error of 3 "Autnenticatrion Error" > to W2008 DCs but work on W2003 DCs. > > But if instead of the host/f...@realm as the principal, > I can use samAccountName (without the $) and it will change the password. > > So can you try the kpasswd with the account name? > > I think this is a known bug in W2008, but have not tracked down the hotfix if > any yet. > > This may have something to do with with smart card support in W2008, where > the userPrincipalName is now being used to match what is in the > UPN of a certificate and it does not have to be in the local realm! > > > [email protected] wrote: >> I have migrated from Windows 2003 AD server to Windows 2008 AD >> server. >> With Windows 2003 AD , every thing is working fine . With the >> Windows 2008 AD server I am getting "KRB5_KPASSWD_AUTHERROR" >> error in reply of KPASSWD . >> I had earlier heimdal0.6 . I learn that heimdal 1.2 is >> compatible with windows2008/vista . I integrated the heimdal 1.2 . >> but no improvement .Have some experience the similar kind of issue? >> ________________________________________________ >> Kerberos mailing list [email protected] >> https://mailman.mit.edu/mailman/listinfo/kerberos >> >> >
-- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
