Hello Dochelp! It was brought to our attention that Windows Server 2025-based Active Directory domain controllers appear to regress in handling KPASSWD protocol. Namely, a password change request is being processed and a password of an Active Directory account has been changed but the response produced by the domain controller is Kerberos error with code 0, explicitly not allowed by the RFC3244 describing Microsoft KPASSWD protocol.
There is an issue reported upstream to adcli utility which performs
Linux system domain join. As a part of the join process, we set a new
credential to the machine account. The machine account credential is
updated in AD but the response contains this KPASSWD error response with
result code 0
103 3.624528 192.168.122.48 192.168.122.109 KPASSWD 1742 Request
(attached file)
106 3.709703 192.168.122.109 192.168.122.48 KPASSWD 165
Kerberos
krb-error
pvno: 5
msg-type: krb-error (30)
stime: Dec 13, 2024 02:55:10.000000000 EET
susec: 213134
error-code: eRR-NONE (0)
realm: FOREST.MY
sname
name-type: kRB5-NT-SRV-INST (2)
sname-string: 2 items
SNameString: kadmin
SNameString: changepw
e-data: 0000
This issue was also reported by Windows Insiders in June 2024:
https://techcommunity.microsoft.com/discussions/windowsserverinsiders/problems-to-join-debianubuntu-machines-to-a-domain/4158051
The message they reported is the same. The issue 'Message stream
modified' is due to MIT Kerberos processing the returned Kerberos error
with result code 0 and rejecting it according to the RFC 3244.
Since Kerberos errors aren't protected from mid-stream modifications,
RFC 3244 explicitly states in the section 2, describing the protocol,
that:
----------------------------------------------
The user-data component of the KRB-PRIV message, or e-data component
of the KRB-ERROR message, consists of the following data.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| result code | result string /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
result code (16 bits) (result codes 0-4 are from the original change
password protocol):
The result code must have one of the following values
(big-endian integer):
KRB5_KPASSWD_SUCCESS 0 request succeeds (This value
is not allowed in a KRB-ERROR
message)
----------------------------------------------
I can provide a network trace and a keytab that shows the whole
communication during the domain join operation, including this kpasswd
exchange. However, I've been told the same situation happens with a
normal user account password change against Windows Server 2025 AD DC as
well.
If this is an implementation regression, would you please consult with
the engineering team on Windows Server side. However, if this is a
protocol change, can we see the changes documented?
--
/ Alexander Bokovoy
MS Kpasswd
Record Mark: 1672 bytes
0... .... .... .... .... .... .... .... = Reserved: Not set
.000 0000 0000 0000 0000 0110 1000 1000 = Record Length: 1672
Message Length: 1672
Version: Request (0xff80)
AP_REQ Length: 1411
AP_REQ
Kerberos
ap-req
pvno: 5
msg-type: krb-ap-req (14)
Padding: 0
ap-options: 00000000
0... .... = reserved: False
.0.. .... = use-session-key: False
..0. .... = mutual-required: False
ticket
tkt-vno: 5
realm: FOREST.MY
sname
name-type: kRB5-NT-PRINCIPAL (1)
sname-string: 2 items
SNameString: kadmin
SNameString: changepw
enc-part
etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
kvno: 2
cipher […]:
25222195658650c8c14e1eac23a50ab6f8fe7296fd1f2f86a66c58d554960fabb3c1a2093dba37b85576e467c4a452d3649c3eea0118fc2981f46f1790a2d71a94e07477a80d86d1abe863b365a5488495acdeb6f89ad8b2ebc1406a7a4b1cfc62c9c767bdd8cb1b1e519c9fb48c9ca57
Decrypted keytype 18 usage 2 using keytab principal
[email protected] (id=keytab.13 same=0) (f062e2a4...)
[Expert Info (Chat/Security): Decrypted keytype
18 usage 2 using keytab principal [email protected] (id=keytab.13 same=0)
(f062e2a4...)]
[Decrypted keytype 18 usage 2 using keytab
principal [email protected] (id=keytab.13 same=0) (f062e2a4...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Used
keymap=all_keys num_keys=46 num_tries=12)]
[Used keymap=all_keys num_keys=46
num_tries=12)]
[Severity level: Chat]
[Group: Security]
encTicketPart
Padding: 0
flags: 40a10000
0... .... = reserved: False
.1.. .... = forwardable: True
..0. .... = forwarded: False
...0 .... = proxiable: False
.... 0... = proxy: False
.... .0.. = may-postdate: False
.... ..0. = postdated: False
.... ...0 = invalid: False
1... .... = renewable: True
.0.. .... = initial: False
..1. .... = pre-authent: True
...0 .... = hw-authent: False
.... 0... = transited-policy-checked: False
.... .0.. = ok-as-delegate: False
.... ..0. = unused: False
.... ...1 = enc-pa-rep: True
0... .... = anonymous: False
key
Learnt encTicketPart_key keytype 18
(id=103.1) (268fc3fa...)
[Expert Info (Chat/Security): Learnt
encTicketPart_key keytype 18 (id=103.1) (268fc3fa...)]
[Learnt encTicketPart_key keytype
18 (id=103.1) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
keytype: 18
keyvalue:
268fc3fa0c9ffed70445b36488e8df2ee88b7db0f3bdf8c212cbad007c142a74
crealm: FOREST.MY
cname
name-type: kRB5-NT-PRINCIPAL (1)
cname-string: 1 item
CNameString: Administrator
transited
tr-type: 1
contents: <MISSING>
authtime: Dec 13, 2024 02:55:09.000000000 EET
starttime: Dec 13, 2024 02:55:09.000000000 EET
endtime: Dec 13, 2024 02:57:09.000000000 EET
renew-till: Dec 13, 2024 02:57:09.000000000 EET
authorization-data: 1 item
AuthorizationData item
ad-type: aD-IF-RELEVANT (1)
ad-data […]:
308203723082036ea00402020080a18203640482036005000000000000000100000020020000580000000000000006000000100000007802000000000000070000001000000088020000000000000a0000002400000098020000000000000c000000a0000000c0020000000000000110
AuthorizationData item
ad-type: aD-WIN2K-PAC (128)
ad-data […]:
05000000000000000100000020020000580000000000000006000000100000007802000000000000070000001000000088020000000000000a0000002400000098020000000000000c000000a0000000c00200000000000001100800cccccccc1002000000000000000002006a96bda8
Verified Server checksum 16
keytype 18 using keytab principal [email protected] (id=keytab.13 same=0)
(f062e2a4...)
[Expert Info
(Chat/Security): Verified Server checksum 16 keytype 18 using keytab principal
[email protected] (id=keytab.13 same=0) (f062e2a4...)]
[Verified Server
checksum 16 keytype 18 using keytab principal [email protected] (id=keytab.13
same=0) (f062e2a4...)]
[Severity level:
Chat]
[Group: Security]
[Expert Info
(Chat/Security): Used keymap=all_keys num_keys=46 num_tries=12)]
[Used
keymap=all_keys num_keys=46 num_tries=12)]
[Severity level:
Chat]
[Group: Security]
Verified KDC checksum 16
keytype 18 using keytab principal [email protected] (id=keytab.13 same=0)
(f062e2a4...)
[Expert Info
(Chat/Security): Verified KDC checksum 16 keytype 18 using keytab principal
[email protected] (id=keytab.13 same=0) (f062e2a4...)]
[Verified KDC
checksum 16 keytype 18 using keytab principal [email protected] (id=keytab.13
same=0) (f062e2a4...)]
[Severity level:
Chat]
[Group: Security]
[Expert Info
(Chat/Security): Used keymap=longterm_keys num_keys=32 num_tries=5)]
[Used
keymap=longterm_keys num_keys=32 num_tries=5)]
[Severity level:
Chat]
[Group: Security]
Num Entries: 5
Version: 0
Type: Logon Info (1)
Size: 544
Offset: 88
PAC_LOGON_INFO […]:
01100800cccccccc1002000000000000000002006a96bda8f94cdb01ffffffffffffff7fffffffffffffff7f9bb9b6c88a4cdb019b7920f3534ddb01ffffffffffffff7f1a001a00040002000000000008000200000000000c000200000000001000020000000000140002000
MES header
Version: 1
DREP
Byte order:
Little-endian (1)
HDR Length: 8
Fill bytes:
0xcccccccc
Blob Length: 528
PAC_LOGON_INFO:
Referent ID:
0x00020000
Logon Time: Dec
13, 2024 02:55:09.912637800 EET
Logoff Time:
Infinity (absolute time)
Kickoff Time:
Infinity (absolute time)
PWD Last Set:
Dec 12, 2024 13:41:29.417769100 EET
PWD Can Change:
Dec 13, 2024 13:41:29.417769100 EET
PWD Must
Change: Infinity (absolute time)
Acct Name:
Administrator
Length: 26
Size: 26
Character
Array: Administrator
Referent ID: 0x00020004
Max
Count: 13
Offset: 0
Actual
Count: 13
Acct
Name: Administrator
Full Name
Length: 0
Size: 0
Character
Array
Referent ID: 0x00020008
Max
Count: 0
Offset: 0
Actual
Count: 0
Logon Script
Length: 0
Size: 0
Character
Array
Referent ID: 0x0002000c
Max
Count: 0
Offset: 0
Actual
Count: 0
Profile Path
Length: 0
Size: 0
Character
Array
Referent ID: 0x00020010
Max
Count: 0
Offset: 0
Actual
Count: 0
Home Dir
Length: 0
Size: 0
Character
Array
Referent ID: 0x00020014
Max
Count: 0
Offset: 0
Actual
Count: 0
Dir Drive
Length: 0
Size: 0
Character
Array
Referent ID: 0x00020018
Max
Count: 0
Offset: 0
Actual
Count: 0
Logon Count: 20
Bad PW Count: 0
User RID: 500
Group RID: 513
Num RIDs: 5
GroupIDs
Referent
ID: 0x0002001c
Max Count: 5
GROUP_MEMBERSHIP:
Group
RID: 520
Group
Attributes: 0x00000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The
ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..0. .... .... .... .... .... .... .... = Resource Group: The resource group
bit is NOT set
GROUP_MEMBERSHIP:
Group
RID: 512
Group
Attributes: 0x00000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The
ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..0. .... .... .... .... .... .... .... = Resource Group: The resource group
bit is NOT set
GROUP_MEMBERSHIP:
Group
RID: 513
Group
Attributes: 0x00000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The
ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..0. .... .... .... .... .... .... .... = Resource Group: The resource group
bit is NOT set
GROUP_MEMBERSHIP:
Group
RID: 518
Group
Attributes: 0x00000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The
ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..0. .... .... .... .... .... .... .... = Resource Group: The resource group
bit is NOT set
GROUP_MEMBERSHIP:
Group
RID: 519
Group
Attributes: 0x00000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The
ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..0. .... .... .... .... .... .... .... = Resource Group: The resource group
bit is NOT set
User Flags:
0x00000220
.... ....
.... .... .... ..1. .... .... = Resource Groups: The RESOURCE_GROUPS bit is SET
.... ....
.... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET
User Session
Key: 00000000000000000000000000000000
Server:
WIN-720P3J7PAP3
Length: 30
Size: 32
Character
Array: WIN-720P3J7PAP3
Referent ID: 0x00020020
Max
Count: 16
Offset: 0
Actual
Count: 15
Server:
WIN-720P3J7PAP3
Domain: FOREST
Length: 12
Size: 14
Character
Array: FOREST
Referent ID: 0x00020024
Max
Count: 7
Offset: 0
Actual
Count: 6
Domain:
FOREST
SID pointer:
S-1-5-21-1191110912-437985896-597071733 (Domain SID)
SID
pointer: S-1-5-21-1191110912-437985896-597071733 (Domain SID)
Referent ID: 0x00020028
Count: 4
Domain
SID: S-1-5-21-1191110912-437985896-597071733 (Domain SID)
Revision: 1
Num
Auth: 4
Authority: 5
Subauthorities: 21-1191110912-437985896-597071733
Dummy1 Long:
0x00000000
Dummy2 Long:
0x00000000
User Account
Control: 0x00000210
.... ....
.... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES
preauthentication
.... ....
.... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to
use_des_key_only
.... ....
.... .... .0.. .... .... .... = Not Delegated: This might have been delegated
.... ....
.... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT
trusted_for_delegation
.... ....
.... .... ...0 .... .... .... = SmartCard Required: This account does NOT
require_smartcard to authenticate
.... ....
.... .... .... 0... .... .... = Encrypted Text Password Allowed: This account
does NOT allow encrypted_text_password
.... ....
.... .... .... .0.. .... .... = Account Auto Locked: This account is NOT
auto_locked
.... ....
.... .... .... ..1. .... .... = Don't Expire Password: This account
DOESN'T_EXPIRE_PASSWORDs
.... ....
.... .... .... ...0 .... .... = Server Trust Account: This account is NOT a
server_trust_account
.... ....
.... .... .... .... 0... .... = Workstation Trust Account: This account is NOT
a workstation_trust_account
.... ....
.... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT
an interdomain_trust_account
.... ....
.... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a
mns_logon_account
.... ....
.... .... .... .... ...1 .... = Normal Account: This account is a NORMAL_ACCOUNT
.... ....
.... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a
temp_duplicate_account
.... ....
.... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a
password
.... ....
.... .... .... .... .... ..0. = Home Directory Required: This account does NOT
require_home_directory
.... ....
.... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled
Dummy4 Long:
0x00000000
Dummy5 Long:
0x00000000
Dummy6 Long:
0x00000000
Dummy7 Long:
0x00000000
Dummy8 Long:
0x00000000
Dummy9 Long:
0x00000000
Dummy10 Long:
0x00000000
Num Extra SID: 1
SID_AND_ATTRIBUTES_ARRAY:
Referent
ID: 0x0002002c
SID_AND_ATTRIBUTES array:
Max
Count: 1
SID_AND_ATTRIBUTES:
SID
pointer: S-1-18-1 (Authentication Authority Asserted Identity)
SID pointer: S-1-18-1 (Authentication Authority Asserted Identity)
Referent ID: 0x00020030
Count: 1
Domain SID: S-1-18-1 (Authentication Authority Asserted Identity)
Revision: 1
Num Auth: 1
Authority: 18
Subauthorities: 1
Group Attributes: 0x00000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The
ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..0. .... .... .... .... .... .... .... = Resource Group: The resource group
bit is NOT set
ResourceGroupIDs
SID
pointer: S-1-5-21-1191110912-437985896-597071733 (Domain SID)
SID
pointer: S-1-5-21-1191110912-437985896-597071733 (Domain SID)
Referent ID: 0x00020034
Count: 4
Domain SID: S-1-5-21-1191110912-437985896-597071733 (Domain SID)
Revision: 1
Num Auth: 4
Authority: 5
Subauthorities: 21-1191110912-437985896-597071733
ResourceGroup count: 1
GroupIDs
Referent ID: 0x00020038
Max
Count: 1
GROUP_MEMBERSHIP:
Group RID: 572
Group Attributes: 0x20000007
.... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET
.... .... .... .... .... .... .... ..1. = Enabled By Default: The
ENABLED_BY_DEFAULT bit is SET
.... .... .... .... .... .... .... .1.. = Enabled: The ENABLED bit is SET
.... .... .... .... .... .... .... 0... = Owner: The owner bit is NOT set
..1. .... .... .... .... .... .... .... = Resource Group: The RESOURCE GROUP
bit is SET
Type: Server Checksum (6)
Size: 16
Offset: 632
PAC_SERVER_CHECKSUM:
100000008e288bfb8354a76d5b95dcda
Type: 16
Signature:
8e288bfb8354a76d5b95dcda
Type: Privsvr Checksum (7)
Size: 16
Offset: 648
PAC_PRIVSVR_CHECKSUM:
10000000d559491be8012254716dbc0b
Type: 16
Signature:
d559491be8012254716dbc0b
Type: Client Info Type (10)
Size: 36
Offset: 664
PAC_CLIENT_INFO_TYPE:
805432a8f94cdb011a00410064006d0069006e006900730074007200610074006f007200
ClientID: Dec 13,
2024 02:55:09.000000000 EET
Name Length: 26
Name: Administrator
Type: UPN DNS Info (12)
Size: 160
Offset: 704
UPN_DNS_INFO […]:
2e00180012004800030000001a0060001c00800000000000410064006d0069006e006900730074007200610074006f007200400066006f0072006500730074002e006d007900000046004f0052004500530054002e004d005900000000000000410064006d0069006e006900730
UPN Len: 46
UPN Offset: 24
DNS Len: 18
DNS Offset: 72
Flags: 0x00000003,
UPN Name Constructed, SAM_NAME and SID Included
.... .... ....
.... .... .... .... ...1 = UPN Name Constructed: UPN Name is Constructed
.... .... ....
.... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are
included
sAMAccountName Len:
26
sAMAccountName
Offset: 96
objectSid Len: 28
objectSid Offset:
128
UPN Name:
[email protected]
DNS Name: FOREST.MY
sAMAccountName:
Administrator
objectSid:
S-1-5-21-1191110912-437985896-597071733-500 (Domain SID-Administrator)
Revision: 1
Num Auth: 5
Authority: 5
Subauthorities:
21-1191110912-437985896-597071733-500
RID: 500
(Administrator)
authenticator
etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
cipher […]:
b94aed41c599abc5894ffb70a6c751071210ea134f0e8f57ef11c3126f7a16cc43a8bc300ef7b5685707ff198598b17a421a28e4f4f96a3f9c2b6f24626c7123b533d17f05f8bd2d7ec0c018c2a792aa12d48ac28169d6a65c366d8f284b6c0e311ebe78911a3d76ebc7961a5f4e2c8d1
Decrypted keytype 18 usage 11 using learnt
encTicketPart_key in frame 91 (id=91.2 same=2) (268fc3fa...)
[Expert Info (Chat/Security): Decrypted keytype 18
usage 11 using learnt encTicketPart_key in frame 91 (id=91.2 same=2)
(268fc3fa...)]
[Decrypted keytype 18 usage 11 using learnt
encTicketPart_key in frame 91 (id=91.2 same=2) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Used keymap=all_keys
num_keys=46 num_tries=11)]
[Used keymap=all_keys num_keys=46 num_tries=11)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Decrypted keytype 18
usage 11 using learnt encTGSRepPart_key in frame 91 (id=91.4 same=1)
(268fc3fa...)]
[Decrypted keytype 18 usage 11 using learnt
encTGSRepPart_key in frame 91 (id=91.4 same=1) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Decrypted keytype 18
usage 11 using learnt encTicketPart_key in frame 103 (id=103.1 same=0)
(268fc3fa...)]
[Decrypted keytype 18 usage 11 using learnt
encTicketPart_key in frame 103 (id=103.1 same=0) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
authenticator
authenticator-vno: 5
crealm: FOREST.MY
cname
name-type: kRB5-NT-PRINCIPAL (1)
cname-string: 1 item
CNameString: Administrator
cusec: 143833
ctime: Dec 13, 2024 02:55:09.000000000 EET
subkey
Learnt authenticator_subkey keytype 18
(id=103.2) (8b4caf1b...)
[Expert Info (Chat/Security): Learnt
authenticator_subkey keytype 18 (id=103.2) (8b4caf1b...)]
[Learnt authenticator_subkey keytype 18
(id=103.2) (8b4caf1b...)]
[Severity level: Chat]
[Group: Security]
keytype: 18
keyvalue:
8b4caf1ba85cad7aefcb1f18e47fcf6c8df6753147c6fb5ed786b62f019eb339
Provides learnt encTicketPart_key in frame 103 keytype 18 (id=103.1
same=0) (268fc3fa...)
[Expert Info (Chat/Security): Provides learnt encTicketPart_key
in frame 103 keytype 18 (id=103.1 same=0) (268fc3fa...)]
[Provides learnt encTicketPart_key in frame 103 keytype 18
(id=103.1 same=0) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
Provides learnt authenticator_subkey in frame 103 keytype 18
(id=103.2 same=0) (8b4caf1b...)
[Expert Info (Chat/Security): Provides learnt
authenticator_subkey in frame 103 keytype 18 (id=103.2 same=0) (8b4caf1b...)]
[Provides learnt authenticator_subkey in frame 103 keytype
18 (id=103.2 same=0) (8b4caf1b...)]
[Severity level: Chat]
[Group: Security]
Used keytab principal [email protected] keytype 18 (id=keytab.13
same=0) (f062e2a4...)
[Expert Info (Chat/Security): Used keytab principal
[email protected] keytype 18 (id=keytab.13 same=0) (f062e2a4...)]
[Used keytab principal [email protected] keytype 18
(id=keytab.13 same=0) (f062e2a4...)]
[Severity level: Chat]
[Group: Security]
Used learnt encTicketPart_key in frame 91 keytype 18 (id=91.2
same=2) (268fc3fa...)
[Expert Info (Chat/Security): Used learnt encTicketPart_key in
frame 91 keytype 18 (id=91.2 same=2) (268fc3fa...)]
[Used learnt encTicketPart_key in frame 91 keytype 18
(id=91.2 same=2) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Used learnt encTGSRepPart_key in
frame 91 keytype 18 (id=91.4 same=1) (268fc3fa...)]
[Used learnt encTGSRepPart_key in frame 91 keytype 18
(id=91.4 same=1) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Used learnt encTicketPart_key in
frame 103 keytype 18 (id=103.1 same=0) (268fc3fa...)]
[Used learnt encTicketPart_key in frame 103 keytype 18
(id=103.1 same=0) (268fc3fa...)]
[Severity level: Chat]
[Group: Security]
KRB-PRIV
Kerberos
krb-priv
pvno: 5
msg-type: krb-priv (21)
enc-part
etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
cipher […]:
3ee1c1ae0c798097d5dd88e15e1884d4ab75b8e39d0b65dfe528d7a444e2baeba0a0b9a5273f3c232259cfac162b67e82b85b71b1e980f8119be19874e67753cfd38395cb56501c3900d33945c8f6ee58274ab04b11cd986dda6f744f828e822b1368f3630066030b07deded4d5365d1d
Decrypted keytype 18 usage 13 using learnt
authenticator_subkey in frame 103 (id=103.2 same=0) (8b4caf1b...)
[Expert Info (Chat/Security): Decrypted keytype 18
usage 13 using learnt authenticator_subkey in frame 103 (id=103.2 same=0)
(8b4caf1b...)]
[Decrypted keytype 18 usage 13 using learnt
authenticator_subkey in frame 103 (id=103.2 same=0) (8b4caf1b...)]
[Severity level: Chat]
[Group: Security]
[Expert Info (Chat/Security): Used keymap=all_keys
num_keys=46 num_tries=14)]
[Used keymap=all_keys num_keys=46 num_tries=14)]
[Severity level: Chat]
[Group: Security]
encKrbPrivPart 192.168.122.48
user-data […]:
3081a2a07a0478256f734650754231303e333f787a5671233b635367303a7378365f497537735d29503969237177763e4867634a557a5b3740716f28356376332d484265793d34233476585f475d41433826256654284a702d4278366d465f4a3074624b4f5a4d3850695e72685044
ChangePasswdData
newpasswd […]:
256f734650754231303e333f787a5671233b635367303a7378365f497537735d29503969237177763e4867634a557a5b3740716f28356376332d484265793d34233476585f475d41433826256654284a702d4278366d465f4a3074624b4f5a4d3850695e726850446149714f344f25
targname
name-type: kRB5-NT-PRINCIPAL (1)
name-string: 1 item
KerberosString: LOCALHOST$
targrealm: FOREST.MY
s-address 192.168.122.48
addr-type: iPv4 (2)
IP Address: 192.168.122.48
Used learnt authenticator_subkey in frame 103 keytype 18 (id=103.2
same=0) (8b4caf1b...)
[Expert Info (Chat/Security): Used learnt authenticator_subkey
in frame 103 keytype 18 (id=103.2 same=0) (8b4caf1b...)]
[Used learnt authenticator_subkey in frame 103 keytype 18
(id=103.2 same=0) (8b4caf1b...)]
[Severity level: Chat]
[Group: Security]
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
