The Samba-Bugzilla – Attachment 11199 Details for
Bug 11362
GPO security filtering based on the groups in Kerberos PAC (but primary group is missing)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
ad-pac.txt
ad-pac.txt (text/plain), 22.68 KB, created by
Felix Botner
on 2015-06-25 11:17:26 UTC
(
hide
)
Description:
ad-pac.txt
Filename:
MIME Type:
Creator:
Felix Botner
Created:
2015-06-25 11:17:26 UTC
Size:
22.68 KB
patch
obsolete
>No. Time Source Destination Protocol Length Info > 83 10.090624000 10.200.7.132 10.200.7.60 KRB5 117 AS-REP > >Frame 83: 117 bytes on wire (936 bits), 117 bytes captured (936 bits) > Arrival Time: Jun 19, 2015 15:49:58.020503000 CEST > Epoch Time: 1434721798.020503000 seconds > [Time delta from previous captured frame: 0.000146000 seconds] > [Time delta from previous displayed frame: 0.000146000 seconds] > [Time since reference or first frame: 10.090624000 seconds] > Frame Number: 83 > Frame Length: 117 bytes (936 bits) > Capture Length: 117 bytes (936 bits) > [Frame is marked: False] > [Frame is ignored: False] > [Protocols in frame: eth:ip:tcp:kerberos] > [Coloring Rule Name: TCP] > [Coloring Rule String: tcp] >Ethernet II, Src: RealtekU_49:2f:ca (52:54:00:49:2f:ca), Dst: RealtekU_cd:67:ca (52:54:00:cd:67:ca) > Destination: RealtekU_cd:67:ca (52:54:00:cd:67:ca) > Address: RealtekU_cd:67:ca (52:54:00:cd:67:ca) > .... ...0 .... .... .... .... = IG bit: Individual address (unicast) > .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) > Source: RealtekU_49:2f:ca (52:54:00:49:2f:ca) > Address: RealtekU_49:2f:ca (52:54:00:49:2f:ca) > .... ...0 .... .... .... .... = IG bit: Individual address (unicast) > .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) > Type: IP (0x0800) >Internet Protocol Version 4, Src: 10.200.7.132 (10.200.7.132), Dst: 10.200.7.60 (10.200.7.60) > Version: 4 > Header length: 20 bytes > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) > 0000 00.. = Differentiated Services Codepoint: Default (0x00) > .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) > Total Length: 103 > Identification: 0x6282 (25218) > Flags: 0x02 (Don't Fragment) > 0... .... = Reserved bit: Not set > .1.. .... = Don't fragment: Set > ..0. .... = More fragments: Not set > Fragment offset: 0 > Time to live: 128 > Protocol: TCP (6) > Header checksum: 0x73bf [correct] > [Good: True] > [Bad: False] > Source: 10.200.7.132 (10.200.7.132) > Destination: 10.200.7.60 (10.200.7.60) >Transmission Control Protocol, Src Port: kerberos (88), Dst Port: 49193 (49193), Seq: 1461, Ack: 309, Len: 63 > Source port: kerberos (88) > Destination port: 49193 (49193) > [Stream index: 25] > Sequence number: 1461 (relative sequence number) > [Next sequence number: 1524 (relative sequence number)] > Acknowledgement number: 309 (relative ack number) > Header length: 20 bytes > Flags: 0x018 (PSH, ACK) > 000. .... .... = Reserved: Not set > ...0 .... .... = Nonce: Not set > .... 0... .... = Congestion Window Reduced (CWR): Not set > .... .0.. .... = ECN-Echo: Not set > .... ..0. .... = Urgent: Not set > .... ...1 .... = Acknowledgement: Set > .... .... 1... = Push: Set > .... .... .0.. = Reset: Not set > .... .... ..0. = Syn: Not set > .... .... ...0 = Fin: Not set > Window size value: 256 > [Calculated window size: 256] > [Window size scaling factor: -1 (unknown)] > Checksum: 0x6c07 [validation disabled] > [Good Checksum: False] > [Bad Checksum: False] > [SEQ/ACK analysis] > [Bytes in flight: 1523] > [PDU Size: 1523] > TCP segment data (63 bytes) >[2 Reassembled TCP Segments (1523 bytes): #82(1460), #83(63)] > [Frame: 82, payload: 0-1459 (1460 bytes)] > [Frame: 83, payload: 1460-1522 (63 bytes)] > [Segment count: 2] > [Reassembled TCP length: 1523] >Kerberos AS-REP > Record Mark: 1519 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0101 1110 1111 = Record Length: 1519 > Pvno: 5 > MSG Type: AS-REP (11) > padata: PA-ENCTYPE-INFO2 > Type: PA-ENCTYPE-INFO2 (19) > Value: 302b3029a003020112a1221b2057324b31322e5445535468... aes256-cts-hmac-sha1-96 > Encryption type: aes256-cts-hmac-sha1-96 (18) > Salt: 57324b31322e54455354686f737477696e3770726f2e7732... > Client Realm: W2K12.TEST > Client Name (Principal): WIN7PRO$ > Name-type: Principal (1) > Name: WIN7PRO$ > Ticket > Tkt-vno: 5 > Realm: W2K12.TEST > Server Name (Service and Instance): krbtgt/W2K12.TEST > Name-type: Service and Instance (2) > Name: krbtgt > Name: W2K12.TEST > enc-part aes256-cts-hmac-sha1-96 > Encryption type: aes256-cts-hmac-sha1-96 (18) > Kvno: 2 > enc-part: d36a34d9d4ef52d7a26e4047370f0b4654cf56e4ce2a667e... > [Decrypted using: keytab principal krbtgt@W2K12.TEST] > EncTicketPart > Padding: 0 > Ticket Flags (Forwardable, Renewable, Initial, Pre-Auth) > .1.. .... .... .... .... .... .... .... = Forwardable: FORWARDABLE tickets are allowed/requested > ..0. .... .... .... .... .... .... .... = Forwarded: This is NOT a forwarded ticket > ...0 .... .... .... .... .... .... .... = Proxiable: Do NOT use proxiable tickets > .... 0... .... .... .... .... .... .... = Proxy: This ticket has NOT been proxied > .... .0.. .... .... .... .... .... .... = Allow Postdate: We do NOT allow the ticket to be postdated > .... ..0. .... .... .... .... .... .... = Postdated: This ticket is NOT postdated > .... ...0 .... .... .... .... .... .... = Invalid: This ticket is NOT invalid > .... .... 1... .... .... .... .... .... = Renewable: This ticket is RENEWABLE > .... .... .1.. .... .... .... .... .... = Initial: This ticket was granted by AS and not TGT protocol > .... .... ..1. .... .... .... .... .... = Pre-Auth: The client was PRE-AUTHenticated > .... .... ...0 .... .... .... .... .... = HW-Auth: The client was NOT authenticated using hardware > .... .... .... 0... .... .... .... .... = Transited Policy Checked: Kdc has NOT performed transited policy checking > .... .... .... .0.. .... .... .... .... = Ok As Delegate: This ticket is NOT ok as a delegated ticket > key aes256-cts-hmac-sha1-96 > Key type: aes256-cts-hmac-sha1-96 (18) > Key value: caea21374411d71271776a527cae19aa1acdb577f3cc6aac... > Client Realm: W2K12.TEST > Client Name (Principal): WIN7PRO$ > Name-type: Principal (1) > Name: WIN7PRO$ > TransitedEncoding 0 > Type: Unknown (0) > Contents: <MISSING> > Authtime: 2015-06-19 13:49:58 (UTC) > Start time: 2015-06-19 13:49:58 (UTC) > End time: 2015-06-19 23:49:58 (UTC) > Renew-till: 2015-06-26 13:49:58 (UTC) > AuthorizationData AD-IF-RELEVANT > Type: AD-IF-RELEVANT (1) > Data: 308202d2308202cea00402020080a18202c4048202c00500... > IF_RELEVANT AD-Win2k-PAC > Type: AD-Win2k-PAC (128) > Data: 050000000000000001000000d00100005800000000000000... > Num Entries: 5 > Version: 0 > Type: Logon Info (1) > Size: 464 > Offset: 88 > PAC_LOGON_INFO: 01100800ccccccccc00100000000000000000200a4ea64d0... > MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 448 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jun 19, 2015 15:49:51.183530000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jun 19, 2015 15:36:16.423953100 CEST > PWD Can Change: Jun 20, 2015 15:36:16.423953100 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: WIN7PRO$ > Length: 16 > Size: 16 > Character Array: WIN7PRO$ > Referent ID: 0x00020004 > Max Count: 8 > Offset: 0 > Actual Count: 8 > Acct Name: WIN7PRO$ > Full Name > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020008 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 6 > Bad PW Count: 0 > User RID: 1109 > Group RID: 515 > Num RIDs: 1 > GROUP_MEMBERSHIP_ARRAY > Referent ID: 0x0002001c > Max Count: 1 > GROUP_MEMBERSHIP: > Group RID: 515 > Attributes: 0x00000007 > .... .... .... .... .... .... .... .1.. = Enabled: The enabled bit is SET > .... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET > .... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: WIN-M1LHUHEJFSI > Length: 30 > Size: 32 > Character Array: WIN-M1LHUHEJFSI > Referent ID: 0x00020020 > Max Count: 16 > Offset: 0 > Actual Count: 15 > Server: WIN-M1LHUHEJFSI > Domain: W2K12 > Length: 10 > Size: 12 > Character Array: W2K12 > Referent ID: 0x00020024 > Max Count: 6 > Offset: 0 > Actual Count: 5 > Domain: W2K12 > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-4081652553-1298243908-2397940796 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-4081652553-1298243908-2397940796 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000080 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...0 .... .... = Server Trust Account: This account is NOT a server_trust_account > .... .... .... .... .... .... 1... .... = Workstation Trust Account: This account is a WORKSTATION_TRUST_ACCOUNT > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...0 .... = Normal Account: This account is NOT a normal_account > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-1 () > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 1 > Attributes: 0x00000007 > SID pointer: > (NULL pointer) SID pointer > ResourceGroup count: 0 > (NULL pointer) ResourceGroupIDs > Type: Client Info Type (10) > Size: 26 > Offset: 552 > PAC_CLIENT_INFO_TYPE: 000775d496aad0011000570049004e003700500052004f00... > ClientID: Jun 19, 2015 15:49:58.000000000 CEST > Name Length: 16 > Name: WIN7PRO$ > Type: UPN DNS Info (12) > Size: 80 > Offset: 584 > UPN_DNS_INFO: 26001000140038000100000000000000570049004e003700... > UPN Len: 38 > UPN Offset: 16 > DNS Len: 20 > DNS Offset: 56 > Flags: 0x00000001 > UPN Name: WIN7PRO$@w2k12.test > DNS Name: W2K12.TEST > Type: Server Checksum (6) > Size: 16 > Offset: 664 > PAC_SERVER_CHECKSUM: 1000000001ce7d4ab96bf02a8504aafe > Type: 16 > Signature: 01ce7d4ab96bf02a8504aafe > Type: Privsvr Checksum (7) > Size: 20 > Offset: 680 > PAC_PRIVSVR_CHECKSUM: 76ffffffcc95c5b04b76a000f69fe50e248d8e84 > Type: -138 > Signature: cc95c5b04b76a000f69fe50e248d8e84 > enc-part aes256-cts-hmac-sha1-96 > Encryption type: aes256-cts-hmac-sha1-96 (18) > Kvno: 1 > enc-part: a4f522f7710fd61e839c15981ac333702ad53c67b4cc7130...
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11199">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 11362
:
11198
| 11199 |
11200
|
15285
|
15286