[cifs-protocol] GUI and AD LDAP settings required to enable FAST
Andrew Bartlett
abartlet at samba.org
Tue Apr 27 09:38:54 UTC 2021
On Tue, 2021-04-27 at 10:18 +0200, Stefan Metzmacher via cifs-protocol
wrote:
>
>
> I uploaded the captures here:
> https://www.samba.org/~metze/presentations/2020/SambaXP/captures/fast/
> I guess this was the one that finally worked:
> w2012r2-189-logon-FAST-administrator-w2012r2-l6.base-try-13-client-
> compound-first-kdc-enabled-compound.pcap.gz
> wireshark >= 3.3.0 should be able to decrypt and dissect everything
> using
> w2012r2-l6.base.keytab.20200422
Thanks so much metze.
Looking at packets 133 -> 156 I think I find the issue Gary was having,
which is that it looks like the Windows KDC doesn't advertise PA-FX-
FAST in an AS-REQ PREAUTH_REQUIRED error (RFC 6113 5.4.2).
Dochelp,
Is my understanding correct? Do clients just need to know out-of-band
that FAST should be used? Is there any other easy way to tell that
FAST is configured correctly and operating?
Thanks,
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the cifs-protocol
mailing list