Create Service Principal with ktutil

Question

Currently I'm able to kinit to a service using 2 vms (windows-server and linux). But I generate the keytab on the windows server, which is the domain controller.
I want to create the keytab from linux.

Currently I'm doing the following

• in AD windows server [DOMAIN MYNETWORK.NET]

• Create a service = aservice

• Create a security group = ServiceAcc.

• Make aservice member of ServiceAcc

• Create a User = auser which is a Domain Controller of an OU

• setspn -S HTTP/aservice.mynetwork.net auser

• keytab: ktpass -Out service-a.keytab -Princ HTTP/[email protected] -mapUser auser -Crypto All -Ptype KRB5_NT_PRINCIPAL -Pass *

In linux with krb5.conf configurated and dns pointing to the AD:

• kinit: kinit -kt aservice.keytab HTTP/[email protected]

So this works correctly. If I don't do the keytab with the user I can't kinit, etc.

Now, the issue I'm having is how to do all this directly from Linux and I'm not sure how to perfor this. All the documentation I can find is to do the following:

• ktutil
• ktutil: addent -password -p auser -k 1 -e aes256-cts
• Password for [email protected]:
• ktutil: wkt auser.keytab

But:

1. I can't kinit after that.
2. This only adds a user, not the service. I could do the same with the service but then I'm not adding the user.
   I saw a way to possible do this with kadmin, but I was having issues with that too as I get identification issues every time I try to use it.