Some tough-to-crack Kerberos case
Uri Simchoni
uri at samba.org
Wed May 4 19:53:00 UTC 2016
Hi,
I have a case where my Kerberos TGS requests for ldap are not being
answered by the Windows (2003R2/2008R2) domain controller. It involves
an RODC. I have it reproduced in the lab, and also with "vanilla" samba
4.3.9 as client (it also happens on pre-security-release versions).
Opened https://bugzilla.samba.org/show_bug.cgi?id=11900 .
The peculiar thing is that the TGS is not being answered at all, and if
it's over TCP, the connection is shut by the server - as if something is
crashing on the Windows side. That's why I'd like to get more info on
what happens on the Windows side.
Does anyone have tips or pointers for debugging/tracing Kerberos on
Windows? Somewhere where I can open a ticket maybe (is dochelp
applicable for that stuff?)
Thanks,
Uri.
More information about the samba-technical
mailing list