rc4-hmac is the most common enctype in a cifs environment but des
will also sometimes be used.
there is an account flag in ad where one can specify DES-only
passwords and encryption.
it is possible that is what you have for that user.
see packets 1/2 in that trace.
client tries to use rc4 to pass the pa data over to the kdc, kdc
comes back with an error refusing that client to use rc4
crient then in 3/4 tries again this time useing des.
==> that user has a DES-only account. and the example trace is a des
trace and not an rc4 trace.
for testing
can you reset that user account to allow rc4 encryption and try again
if the decryuption works
i might have time later this week to look into if/why des does not
work for the decryption.
On 8/17/05, Xiaoguang Liu <syslxg@xxxxxxxxx> wrote:
> hi ronnie,
> thank you for reply.
> since rc4-hmac is default for Windows, my XP logon test should be a
> pure rc4-hmac example. the capture file is 816.cap in my attachments
> in my last email.
>
> btw, does this list accept attachment in email? Did you see my attached fils?
>
>
> On 8/17/05, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> > I have never tested it with DES, only with arcfour (which is not salted)
> >
> > I suspect the problem might be that the salting is not done properly
> > in ethereal.
> >
> >
> > As a test:
> > Can you try changing your client/kdc to only use rc4-hmac and see if
> > that works?
> >
> >
> >
> > On 8/17/05, Xiaoguang Liu <syslxg@xxxxxxxxx> wrote:
> > > Hi all,
> > >
> > > When I know ethereal 0.10.12 can decrypt kerberos data, I was so
> > > excitting. But after testing and research 20+ hours, I failed to work
> > > this feature out. Now I am wondering what on earth did I do wrong.
> > >
> > > Below is my last test, after creating keytab and capture kerberos
> > > traffic, I still can not see the decrypted kerbers info. Every things
> > > looks the same as I did not specify a keytab file. ( I did enable the
> > > "try to decrypt kerberos blob" option)
> > > I also attach the keytab and cap trace file. Please help me check what
> > > would be the problem.
> > >
> > > It will also be highly appricated if anyone can send me a sample of
> > > keytab and cap file, so that I can have a look at this cool feature.
> > >
> > > OS: Fedora core 4
> > > Ethereal: ethereal-0.10.12.SVN.15374-1.fc4.i386.rpm from
> > > http://www.ethereal.com/distribution/buildbot-builds/rpm/
> > >
> > > KDC: windows 2003 (IP 10.5.3.1)
> > > realm: DENYDC.COM
> > > princ:
> > > 1. u5@xxxxxxxxxx
> > > dump NT hash by dumpwd3e.exe, then create keytab file by ktutil on FC4
> > > ktutil:addent -key -p u5@xxxxxxxxxx -k 3 -e arcfour-hmac-md5
> > > 2. des@xxxxxxxxxx (
> > > create keytab file ktpass.exe on windows 2003
> > >
> > > file attached:
> > > 816.key, contains keys for u5 and des
> > > 816.cap, des and u5 login for a Windows XP
> > > 816fc4.cap, des and u5 login from FC4 by "kinit -k -t 816.key u5@xxxxxxxxxx"
> > >
> > >
> > > _______________________________________________
> > > Ethereal-users mailing list
> > > Ethereal-users@xxxxxxxxxxxx
> > > http://www.ethereal.com/mailman/listinfo/ethereal-users
> > >
> > >
> > >
> > >
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>