Mapping the AX Server authentication service to the SPN account

You need to use the ktpass command to map the AX Server authentication service to the Service Principle Name account you created in Windows Active Directory. This mapping is required for the AX Server authentication service to check individual users authentication information with the account information stored in Active Directory.

To run the ktpass command:

  1. Open the command prompt on the server where your Active Directory Domain Controller is located.
  2. Switch to the directory where ktpass.exe is located.

    The default location is C:\Program Files\Support Tools.

  3. Enter the keypass command using the following syntax:

    ktpass /out filename /princ name /pass password /mapuser local_username /ptype principal_type /crypto encryption_type

    For example:

    ktpass /out “C:\ax.keytab” /princ HTTP/axserver.ax.com@AX.COM /pass password /mapuser AXSSO /ptype KRB5_NT_PRINCIPAL /crypto RC4-HMAC-NT

    For details on the command syntax, see Ktpass command syntax.


(C) 2015 ACL Services Ltd. All Rights Reserved.