The Samba-Bugzilla – Attachment 11200 Details for
Bug 11362
GPO security filtering based on the groups in Kerberos PAC (but primary group is missing)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
samba4-pac.txt
samba4-pac.txt (text/plain), 22.15 KB, created by
Felix Botner
on 2015-06-25 11:18:25 UTC
(
hide
)
Description:
samba4-pac.txt
Filename:
MIME Type:
Creator:
Felix Botner
Created:
2015-06-25 11:18:25 UTC
Size:
22.15 KB
patch
obsolete
>No. Time Source Destination Protocol Length Info > 1 0.000000000 10.200.7.80 10.200.8.231 KRB5 1430 AS-REP > >Frame 1: 1430 bytes on wire (11440 bits), 1430 bytes captured (11440 bits) > Arrival Time: Jun 18, 2015 17:41:47.503924000 CEST > Epoch Time: 1434642107.503924000 seconds > [Time delta from previous captured frame: 0.000000000 seconds] > [Time delta from previous displayed frame: 0.000000000 seconds] > [Time since reference or first frame: 0.000000000 seconds] > Frame Number: 1 > Frame Length: 1430 bytes (11440 bits) > Capture Length: 1430 bytes (11440 bits) > [Frame is marked: False] > [Frame is ignored: False] > [Protocols in frame: sll:ip:tcp:kerberos] > [Coloring Rule Name: TCP] > [Coloring Rule String: tcp] >Linux cooked capture > Packet type: Sent by us (4) > Link-layer address type: 1 > Link-layer address length: 6 > Source: RealtekU_6c:88:c2 (52:54:00:6c:88:c2) > Protocol: IP (0x0800) >Internet Protocol Version 4, Src: 10.200.7.80 (10.200.7.80), Dst: 10.200.8.231 (10.200.8.231) > Version: 4 > Header length: 20 bytes > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) > 0000 00.. = Differentiated Services Codepoint: Default (0x00) > .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) > Total Length: 1414 > Identification: 0x8a07 (35335) > Flags: 0x02 (Don't Fragment) > 0... .... = Reserved bit: Not set > .1.. .... = Don't fragment: Set > ..0. .... = More fragments: Not set > Fragment offset: 0 > Time to live: 64 > Protocol: TCP (6) > Header checksum: 0x85a4 [correct] > [Good: True] > [Bad: False] > Source: 10.200.7.80 (10.200.7.80) > Destination: 10.200.8.231 (10.200.8.231) >Transmission Control Protocol, Src Port: kerberos (88), Dst Port: 56364 (56364), Seq: 1, Ack: 1, Len: 1374 > Source port: kerberos (88) > Destination port: 56364 (56364) > [Stream index: 0] > Sequence number: 1 (relative sequence number) > [Next sequence number: 1375 (relative sequence number)] > Acknowledgement number: 1 (relative ack number) > Header length: 20 bytes > Flags: 0x018 (PSH, ACK) > 000. .... .... = Reserved: Not set > ...0 .... .... = Nonce: Not set > .... 0... .... = Congestion Window Reduced (CWR): Not set > .... .0.. .... = ECN-Echo: Not set > .... ..0. .... = Urgent: Not set > .... ...1 .... = Acknowledgement: Set > .... .... 1... = Push: Set > .... .... .0.. = Reset: Not set > .... .... ..0. = Syn: Not set > .... .... ...0 = Fin: Not set > Window size value: 237 > [Calculated window size: 237] > [Window size scaling factor: -1 (unknown)] > Checksum: 0x2b3f [validation disabled] > [Good Checksum: False] > [Bad Checksum: False] > [SEQ/ACK analysis] > [Bytes in flight: 1374] > [PDU Size: 1374] >Kerberos AS-REP > Record Mark: 1370 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0101 0101 1010 = Record Length: 1370 > Pvno: 5 > MSG Type: AS-REP (11) > padata: Unknown:133 > Type: Unknown (133) > Value: 3050a030302ea0153013a003020101a10c300a1b0857494e... > Client Realm: FOUR.TEST > Client Name (Principal): WIN7PRO$ > Name-type: Principal (1) > Name: WIN7PRO$ > Ticket > Tkt-vno: 5 > Realm: FOUR.TEST > Server Name (Service and Instance): krbtgt/FOUR.TEST > Name-type: Service and Instance (2) > Name: krbtgt > Name: FOUR.TEST > enc-part rc4-hmac > Encryption type: rc4-hmac (23) > Kvno: 1 > enc-part: d940ec56a7e58254d93f0812c8d21310692ed46e39184a43... > [Decrypted using: keytab principal krbtgt@FOUR.TEST] > EncTicketPart > Padding: 0 > Ticket Flags (Forwardable, Renewable, Initial, Pre-Auth) > .1.. .... .... .... .... .... .... .... = Forwardable: FORWARDABLE tickets are allowed/requested > ..0. .... .... .... .... .... .... .... = Forwarded: This is NOT a forwarded ticket > ...0 .... .... .... .... .... .... .... = Proxiable: Do NOT use proxiable tickets > .... 0... .... .... .... .... .... .... = Proxy: This ticket has NOT been proxied > .... .0.. .... .... .... .... .... .... = Allow Postdate: We do NOT allow the ticket to be postdated > .... ..0. .... .... .... .... .... .... = Postdated: This ticket is NOT postdated > .... ...0 .... .... .... .... .... .... = Invalid: This ticket is NOT invalid > .... .... 1... .... .... .... .... .... = Renewable: This ticket is RENEWABLE > .... .... .1.. .... .... .... .... .... = Initial: This ticket was granted by AS and not TGT protocol > .... .... ..1. .... .... .... .... .... = Pre-Auth: The client was PRE-AUTHenticated > .... .... ...0 .... .... .... .... .... = HW-Auth: The client was NOT authenticated using hardware > .... .... .... 0... .... .... .... .... = Transited Policy Checked: Kdc has NOT performed transited policy checking > .... .... .... .0.. .... .... .... .... = Ok As Delegate: This ticket is NOT ok as a delegated ticket > key rc4-hmac > Key type: rc4-hmac (23) > Key value: bc465084e8a073b750b20bfee0df0821 > Client Realm: FOUR.TEST > Client Name (Principal): WIN7PRO$ > Name-type: Principal (1) > Name: WIN7PRO$ > TransitedEncoding DOMAIN-X500-COMPRESS > Type: DOMAIN-X500-COMPRESS (1) > Contents: <MISSING> > Authtime: 2015-06-18 15:41:47 (UTC) > End time: 2015-06-19 01:41:47 (UTC) > Renew-till: 2015-06-25 15:41:47 (UTC) > HostAddresses: WIN7PRO<20> > HostAddress WIN7PRO<20> > Addr-type: NETBIOS (20) > NetBIOS Name: WIN7PRO<20> (Server service) > AuthorizationData AD-IF-RELEVANT > Type: AD-IF-RELEVANT (1) > Data: 3082023a30820236a00402020080a182022c048202280400... > IF_RELEVANT AD-Win2k-PAC > Type: AD-Win2k-PAC (128) > Data: 040000000000000001000000900100004800000000000000... > Num Entries: 4 > Version: 0 > Type: Logon Info (1) > Size: 400 > Offset: 72 > PAC_LOGON_INFO: 01100800cccccccc80010000000000000000020000000000... > MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 384 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: No time specified (0) > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jun 18, 2015 13:56:36.000000000 CEST > PWD Can Change: Jun 18, 2015 13:56:36.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: WIN7PRO$ > Length: 16 > Size: 16 > Character Array: WIN7PRO$ > Referent ID: 0x00020004 > Max Count: 8 > Offset: 0 > Actual Count: 8 > Acct Name: WIN7PRO$ > Full Name > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020008 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 1110 > Group RID: 515 > Num RIDs: 0 > (NULL pointer) GROUP_MEMBERSHIP_ARRAY > User Flags: 0x00000000 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..0. .... = Extra SIDs: The extra_sids is NOT set > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x0002001c > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: FOUR > Length: 8 > Size: 10 > Character Array: FOUR > Referent ID: 0x00020020 > Max Count: 5 > Offset: 0 > Actual Count: 4 > Domain: FOUR > SID pointer: > SID pointer > Referent ID: 0x00020024 > Count: 4 > Domain SID: S-1-5-21-1528294070-983756076-781214264 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-1528294070-983756076-781214264 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000080 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...0 .... .... = Server Trust Account: This account is NOT a server_trust_account > .... .... .... .... .... .... 1... .... = Workstation Trust Account: This account is a WORKSTATION_TRUST_ACCOUNT > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...0 .... = Normal Account: This account is NOT a normal_account > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 0 > (NULL pointer) SID_AND_ATTRIBUTES_ARRAY: > SID pointer: > (NULL pointer) SID pointer > ResourceGroup count: 0 > (NULL pointer) ResourceGroupIDs > Type: Client Info Type (10) > Size: 26 > Offset: 472 > PAC_CLIENT_INFO_TYPE: 806feb48dda9d0011000570049004e003700500052004f00... > ClientID: Jun 18, 2015 17:41:47.000000000 CEST > Name Length: 16 > Name: WIN7PRO$ > Type: Server Checksum (6) > Size: 20 > Offset: 504 > PAC_SERVER_CHECKSUM: 76ffffff37313972849103dd4babe27c72458572 > Type: -138 > Signature: 37313972849103dd4babe27c72458572 > Type: Privsvr Checksum (7) > Size: 20 > Offset: 528 > PAC_PRIVSVR_CHECKSUM: 76ffffff188c84768636bc56b88af0a54730e124 > Type: -138 > Signature: 188c84768636bc56b88af0a54730e124 > AuthorizationData AD-IF-RELEVANT > Type: AD-IF-RELEVANT (1) > Data: 3031302fa00402020200a12704253023a003020117a11c30... > IF_RELEVANT 0x200 > Type: Unknown (512) > Data: 3023a003020117a11c301aa0040202ff76a11204101d95d8... > enc-part rc4-hmac > Encryption type: rc4-hmac (23) > Kvno: 2 > enc-part: ee36e7f885480cebfb328323949c719844246c477c88fb7a... > [Decrypted using: keytab principal WIN7PRO$@FOUR.TEST] > EncKDCRepPart > key rc4-hmac > Key type: rc4-hmac (23) > Key value: bc465084e8a073b750b20bfee0df0821 > LastReqs: > LastReq > Lr-type: No information available (0) > Lr-time: 1970-01-01 00:00:00 (UTC) > Nonce: 1230888471 > Padding: 0 > Ticket Flags (Forwardable, Renewable, Initial, Pre-Auth) > .1.. .... .... .... .... .... .... .... = Forwardable: FORWARDABLE tickets are allowed/requested > ..0. .... .... .... .... .... .... .... = Forwarded: This is NOT a forwarded ticket > ...0 .... .... .... .... .... .... .... = Proxiable: Do NOT use proxiable tickets > .... 0... .... .... .... .... .... .... = Proxy: This ticket has NOT been proxied > .... .0.. .... .... .... .... .... .... = Allow Postdate: We do NOT allow the ticket to be postdated > .... ..0. .... .... .... .... .... .... = Postdated: This ticket is NOT postdated > .... ...0 .... .... .... .... .... .... = Invalid: This ticket is NOT invalid > .... .... 1... .... .... .... .... .... = Renewable: This ticket is RENEWABLE > .... .... .1.. .... .... .... .... .... = Initial: This ticket was granted by AS and not TGT protocol > .... .... ..1. .... .... .... .... .... = Pre-Auth: The client was PRE-AUTHenticated > .... .... ...0 .... .... .... .... .... = HW-Auth: The client was NOT authenticated using hardware > .... .... .... 0... .... .... .... .... = Transited Policy Checked: Kdc has NOT performed transited policy checking > .... .... .... .0.. .... .... .... .... = Ok As Delegate: This ticket is NOT ok as a delegated ticket > Authtime: 2015-06-18 15:41:47 (UTC) > End time: 2015-06-19 01:41:47 (UTC) > Renew-till: 2015-06-25 15:41:47 (UTC) > Realm: FOUR.TEST > Server Name (Service and Instance): krbtgt/FOUR.TEST > Name-type: Service and Instance (2) > Name: krbtgt > Name: FOUR.TEST > HostAddresses: WIN7PRO<20> > HostAddress WIN7PRO<20> > Addr-type: NETBIOS (20) > NetBIOS Name: WIN7PRO<20> (Server service)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11200">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 11362
:
11198
|
11199
| 11200 |
15285
|
15286