On 04/16/2012 10:36 AM, Sebastian Galiano wrote: > I applied the patches to my clients, and still not working. Is there any way > to test if the enconding has been placed correctly? Should I also apply the > patch to the kdc?
No, it's not necessary to apply it to the KDC. If you're using wireshark, you can look at how the kvno is encoded in a TGS request. Expand the PA-TGS-REQ padata item, then the type and value, then the Ticket in there, and then click on the Tkt-vno field. Now look at the hex window below. You should see "02 LL" followed by some highlighted bytes, where LL is between 01 and 05 and is equal to the number of highlighted bytes. For a TGS request to a Windows RODC, the kvno value will be large. The interop issue arises when the kvno is between 2147483648 and 4294967295. If such a value is encoded with five bytes, then the fix hasn't been properly applied and the kvno encoding issue is your problem. If it's encoded with four bytes, the interop fix has been properly applied and your problem lies elsewhere. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
