[cifs-protocol] GUI and AD LDAP settings required to enable FAST
metze at samba.org
Tue Apr 27 10:40:37 UTC 2021
Am 27.04.21 um 11:38 schrieb Andrew Bartlett:
> On Tue, 2021-04-27 at 10:18 +0200, Stefan Metzmacher via cifs-protocol
>> I uploaded the captures here:
>> I guess this was the one that finally worked:
>> wireshark >= 3.3.0 should be able to decrypt and dissect everything
> Thanks so much metze.
> Looking at packets 133 -> 156 I think I find the issue Gary was having,
> which is that it looks like the Windows KDC doesn't advertise PA-FX-
> FAST in an AS-REQ PREAUTH_REQUIRED error (RFC 6113 5.4.2).
> Is my understanding correct? Do clients just need to know out-of-band
> that FAST should be used? Is there any other easy way to tell that
> FAST is configured correctly and operating?
I guess the client gets it from encrypted-pa-data of frame 125,
as the response to the initial AS-REQ as machine account.
This maybe together with its applied computer GPO's...
But lets see what dochelp finds...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the cifs-protocol