[cifs-protocol] GUI and AD LDAP settings required to enable FAST
Stefan Metzmacher
metze at samba.org
Tue Apr 27 08:18:33 UTC 2021
Am 27.04.21 um 08:31 schrieb Stefan Metzmacher via cifs-protocol:
> Hi Andrew,
>
> I think I looked at this document:
> https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831747(v=ws.11)
>
> It talks about the "KDC support for claims, compound authentication, and Kerberos armoring KDC"
> and "Kerberos client support for claims, compound authentication and Kerberos armoring"
> administrative template policies and 4 possible configurations.
>
> I used this to create the captures for this presenation:
> https://www.samba.org/~metze/presentations/2020/SambaXP/StefanMetzmacher_sambaxp2020_Modern_Kerberos-rev0-compact.pdf
> See slides 21-23. I can provide the raw captures with a keytab...
I uploaded the captures here:
https://www.samba.org/~metze/presentations/2020/SambaXP/captures/fast/
I guess this was the one that finally worked:
w2012r2-189-logon-FAST-administrator-w2012r2-l6.base-try-13-client-compound-first-kdc-enabled-compound.pcap.gz
wireshark >= 3.3.0 should be able to decrypt and dissect everything using
w2012r2-l6.base.keytab.20200422
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20210427/e9bde6b1/OpenPGP_signature.sig>
More information about the cifs-protocol
mailing list