-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto
Sent: 09 May 2005 09:27
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Use of SRV records (_ldap, _kerberos, _kpasswd) ( WAS: DNS vs. Hos ts File)Hi,
A few days ago we were talking about the different service records (_ldap, _kerberos and _kpasswd) and when these are used. Joe did a network trace and posted his findings. I was also curious and I also did network trace. Here are my findings. (I did not go through the traces thoroughly)
I did three network traces and used the following:
Configuration used:
* Windows 2003 SP0 installed and upgraded to SP1 -> DC/DNS
* Windows 2003 SP1 installed -> Client
* 1 AD domain
* Network monitor installed on both the client and the DC
* Network monitor used: Packetyzer 4.0.0TRACES:
(1) Joining a client to an AD domain
--> _ldap SRV RR and _kerberos SRV RR used
--> NetBIOS also used to determine DCs. Don't understand this one!
--> Received "KRB5KRB_ERR_RESPONSE_TOO_BIG" several times. Don't understand this one!
(2) Booting of a client and the logon of a user
--> _ldap SRV RR used. Use of _kerberos SRV RR not detected, but kerberos authentication is used!
--> Received "KRB5KRB_ERR_RESPONSE_TOO_BIG" several times. Don't understand this one!
(3) Password change of a user account
--> Received "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN". The client used the SPN "cifs/172.16.1.11" instead of "cifs/w2k3dc01.w2k3domain.lan". Don't understand why.As I know _kpasswd service record is for the Kerberos Password Change service, but I have not seen it being used in the trace.
For the specific findings see below.
Cheers,
#JORGE#
PS: If anyone is interested in also receiving the traces mail me offline(1) findings:
Queries (FROM THE CLIENT TO THE DC) --> 4x
_ldap._tcp.dc._msdcs.W2K3DOMAIN.LAN: type SRV, class IN
Name: _ldap._tcp.dc._msdcs.W2K3DOMAIN.LAN
Type: SRV (Service location)
Class: IN (0x0001)
Queries (FROM THE CLIENT TO THE DC) --> 8x
W2K3DOMAIN.LAN<1c>: type NB, class IN
Name: W2K3DOMAIN.LAN<1c> (Domain Controllers)
Type: NB
Class: IN
Queries (FROM THE CLIENT TO THE DC) --> 1x
_kerberos._tcp.dc._msdcs.W2K3DOMAIN.LAN: type SRV, class IN
Name: _kerberos._tcp.dc._msdcs.W2K3DOMAIN.LAN
Type: SRV (Service location)
Class: IN (0x0001)Kerberos AS-REQ (User Datagram Protocol, Src Port: 1050 (1050), Dst Port: kerberos (88)) (FROM THE CLIENT TO THE DC)
Kerberos KRB-ERROR (User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1050 (1050)) (FROM THE DC TO THE CLIENT)
Pvno: 5
MSG Type: KRB-ERROR (30)
stime: 2005-05-07 20:20:00 (Z)
susec: 665713
error_code: KRB5KRB_ERR_RESPONSE_TOO_BIG (52)
Realm: W2K3DOMAIN.LAN
Server Name (Service and Instance): krbtgt/W2K3DOMAIN.LAN
Name-type: Service and Instance (2)
Name: krbtgt
Name: W2K3DOMAIN.LANKerberos TGS-REQ (User Datagram Protocol, Src Port: 1052 (1052), Dst Port: kerberos (88)) (FROM THE CLIENT TO THE DC)
Kerberos KRB-ERROR (User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1052 (1052)) (FROM DC TO THE CLIENT)
Pvno: 5
MSG Type: KRB-ERROR (30)
stime: 2005-05-07 20:20:01 (Z)
susec: 962588
error_code: KRB5KRB_ERR_RESPONSE_TOO_BIG (52)
Realm: W2K3DOMAIN.LAN
Server Name (Service and Instance): cifs/w2k3dc01.w2k3domain.lan
Name-type: Service and Instance (2)
Name: cifs
Name: w2k3dc01.w2k3domain.lanKerberos TGS-REQ (User Datagram Protocol, Src Port: 1069 (1069), Dst Port: kerberos (88)) (FROM THE CLIENT TO THE DC
Kerberos KRB-ERROR (User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1069 (1069)) (FROM THE DC TO THE CLIENT)
Pvno: 5
MSG Type: KRB-ERROR (30)
stime: 2005-05-07 20:20:08 (Z)
susec: 259463
error_code: KRB5KRB_ERR_RESPONSE_TOO_BIG (52)
Realm: W2K3DOMAIN.LAN
Server Name (Service and Instance): ldap/w2k3dc01.w2k3domain.lan
Name-type: Service and Instance (2)
Name: ldap
Name: w2k3dc01.w2k3domain.lan(2) findings:
Queries (FROM THE CLIENT TO THE DC) --> 3x
W2K3DC01.W2K3DOMAIN.LAN: type A, class IN
Name: W2K3DC01.W2K3DOMAIN.LAN
Type: A (Host address)
Class: IN (0x0001)Queries (FROM THE CLIENT TO THE DC) --> 1x
_ldap._tcp.Default-First-Site-Name._sites.W2K3DOMAIN.LAN: type SRV, class IN
Name: _ldap._tcp.Default-First-Site-Name._sites.W2K3DOMAIN.LAN
Type: SRV (Service location)
Class: IN (0x0001)Kerberos AS-REQ (User Datagram Protocol, Src Port: 1069 (1069), Dst Port: kerberos (88)) (FROM THE CLIENT TO THE DC)
Kerberos KRB-ERROR (User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1069 (1069)) (FROM THE DC TO THE CLIENT)
Pvno: 5
MSG Type: KRB-ERROR (30)
stime: 2005-05-07 20:27:19 (Z)
susec: 90859
error_code: KRB5KRB_ERR_RESPONSE_TOO_BIG (52)
Realm: W2K3DOMAIN
Server Name (Service and Instance): krbtgt/W2K3DOMAIN
Name-type: Service and Instance (2)
Name: krbtgt
Name: W2K3DOMAINKerberos TGS-REQ (User Datagram Protocol, Src Port: 1071 (1071), Dst Port: kerberos (88)) (FROM THE CLIENT TO THE DC)
Kerberos KRB-ERROR (User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1071 (1071)) (FROM THE DC TO THE CLIENT)
Pvno: 5
MSG Type: KRB-ERROR (30)
stime: 2005-05-07 20:27:19 (Z)
susec: 106484
error_code: KRB5KRB_ERR_RESPONSE_TOO_BIG (52)
Realm: W2K3DOMAIN.LAN
Server Name (Service and Host): host/w2k3sp1srv00.w2k3domain.lan
Name-type: Service and Host (3)
Name: host
Name: w2k3sp1srv00.w2k3domain.lanKerberos TGS-REQ (User Datagram Protocol, Src Port: 1073 (1073), Dst Port: kerberos (88)) (FROM THE CLIENT TO THE DC)
Kerberos KRB-ERROR (User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1073 (1073)) (FROM THE DC TO THE CLIENT)
Pvno: 5
MSG Type: KRB-ERROR (30)
stime: 2005-05-07 20:27:20 (Z)
susec: 75234
error_code: KRB5KRB_ERR_RESPONSE_TOO_BIG (52)
Realm: W2K3DOMAIN.LAN
Server Name (Service and Instance): cifs/W2K3DC01.W2K3DOMAIN.LAN
Name-type: Service and Instance (2)
Name: cifs
Name: W2K3DC01.W2K3DOMAIN.LAN(3) findings
NO SRV RRs used hereKerberos TGS-REQ (User Datagram Protocol, Src Port: 1085 (1085), Dst Port: kerberos (88)) (FROM THE CLIENT TO THE DC)
Kerberos KRB-ERROR (User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1085 (1085)) (FROM THE DC TO THE CLIENT)
Pvno: 5
MSG Type: KRB-ERROR (30)
stime: 2005-05-07 20:31:10 (Z)
susec: 262734
error_code: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Realm: W2K3DOMAIN.LAN
Server Name (Service and Instance): cifs/172.16.1.11
Name-type: Service and Instance (2)
Name: cifs
Name: 172.16.1.11Met vriendelijke groet / Kind regards,
Jorge de Almeida Pinto
Infrastructure Consultant
__________________________________________<< OLE Object: Picture (Metafile) >>
LogicaCMG Nederland B.V. (BU SD/AT)
Division Industry, Distribution and Transport (ID&T)
Kennedyplein 248, 5611 ZT, Eindhoven
. Postbus 7089
5605 JB Eindhoven
( Tel : +31-(0)40-29.57.777
2 Fax : +31-(0)40-29.57.709
( Mobile : +31-(0)6-26.26.62.80
* E-mail : [EMAIL PROTECTED]
" <http://www.logicacmg.com/> - Solutions that matter -
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
==============================================================================
This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure.
==============================================================================