Some tough-to-crack Kerberos case
Simo
simo at samba.org
Wed May 4 22:51:05 UTC 2016
On Wed, 2016-05-04 at 22:53 +0300, Uri Simchoni wrote:
> Hi,
>
> I have a case where my Kerberos TGS requests for ldap are not being
> answered by the Windows (2003R2/2008R2) domain controller. It
> involves
> an RODC. I have it reproduced in the lab, and also with "vanilla"
> samba
> 4.3.9 as client (it also happens on pre-security-release versions).
> Opened https://bugzilla.samba.org/show_bug.cgi?id=11900 .
>
> The peculiar thing is that the TGS is not being answered at all, and
> if
> it's over TCP, the connection is shut by the server - as if something
> is
> crashing on the Windows side. That's why I'd like to get more info on
> what happens on the Windows side.
>
> Does anyone have tips or pointers for debugging/tracing Kerberos on
> Windows? Somewhere where I can open a ticket maybe (is dochelp
> applicable for that stuff?)
You can ask dochelp, traces taken with their network monitor on windows
could also help.
Simo.
More information about the samba-technical
mailing list