Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Attachment 1980834 Details for
Bug 2060421
Invalid KDC signature encryption type for PAC [rhel-9]
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh89 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
freeipa-4.10.2-1.fc38 enctype accepted by AD with S4U2Proxy
freeipa-4.10.2-1.fc38-s4u2proxy-enctype_accepted.txt (text/plain), 633.32 KB, created by
Julien Rische
on 2023-07-31 08:35:28 UTC
(
hide
)
Description:
freeipa-4.10.2-1.fc38 enctype accepted by AD with S4U2Proxy
Filename:
MIME Type:
Creator:
Julien Rische
Created:
2023-07-31 08:35:28 UTC
Size:
633.32 KB
patch
obsolete
>Frame 1: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 43028, Dst Port: 88, Seq: 0, Len: 0 > >Frame 2: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 43028, Seq: 0, Ack: 1, Len: 0 > >Frame 3: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 43028, Dst Port: 88, Seq: 1, Ack: 1, Len: 0 > >Frame 4: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 43028, Dst Port: 88, Seq: 1, Ack: 1, Len: 191 >Kerberos > Record Mark: 187 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0000 1011 1011 = Record Length: 187 > as-req > pvno: 5 > msg-type: krb-as-req (10) > padata: 2 items > PA-DATA Unknown:150 > padata-type: Unknown (150) > padata-value: <MISSING> > PA-DATA pA-REQ-ENC-PA-REP > padata-type: pA-REQ-ENC-PA-REP (149) > padata-value: <MISSING> > req-body > Padding: 0 > kdc-options: 40010010 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..0. = constrained-delegation: False > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...1 .... = renewable-ok: True > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: IPA.TEST > till: Jul 29, 2023 17:29:26.000000000 CEST > nonce: 197000263 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > >Frame 5: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 43028, Seq: 1, Ack: 192, Len: 0 > >Frame 6: 609 bytes on wire (4872 bits), 609 bytes captured (4872 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 43028, Seq: 1, Ack: 192, Len: 537 >Kerberos > Record Mark: 533 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0010 0001 0101 = Record Length: 533 > krb-error > pvno: 5 > msg-type: krb-error (30) > stime: Jul 28, 2023 17:29:26.000000000 CEST > susec: 567900 > error-code: eRR-PREAUTH-REQUIRED (25) > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: IPA.TEST > e-text: NEEDED_PREAUTH > e-data: 3082016b300aa10402020088a20204003026a103020113a21f041d301b3019a003020112⦠> PA-DATA pA-FX-FAST > padata-type: pA-FX-FAST (136) > padata-value: <MISSING> > PA-DATA pA-ETYPE-INFO2 > padata-type: pA-ETYPE-INFO2 (19) > padata-value: 301b3019a003020112a1121b104e2a4b3775233b566c3935362b2a2751 > ETYPE-INFO2-ENTRY > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > salt: N*K7u#;Vl956+*'Q > PA-DATA pA-PK-AS-REQ > padata-type: pA-PK-AS-REQ (16) > padata-value: <MISSING> > PA-DATA pA-PKINIT-KX > padata-type: pA-PKINIT-KX (147) > padata-value: <MISSING> > PA-DATA pA-SPAKE > padata-type: pA-SPAKE (151) > padata-value: a1363034a003020101a1220420a55bf08b4a8b02bff80e808e2933fbb98189dd71f02593⦠challenge > challenge > group: sPAKEGroup-edwards25519 (1) > pubkey: a55bf08b4a8b02bff80e808e2933fbb98189dd71f02593e2fd871c0117b387ad > factors: 1 item > SPAKESecondFactor > type: sPAKESecondFactor-SF-NONE (1) > PA-DATA pA-ENC-TIMESTAMP > padata-type: pA-ENC-TIMESTAMP (2) > padata-value: <MISSING> > PA-DATA Unknown:150 > padata-type: Unknown (150) > padata-value: 64c3ded600000001b43389eba359fcfb4820dc85d45eeb852598d8fc25655d4b > PA-DATA pA-FX-COOKIE > padata-type: pA-FX-COOKIE (133) > padata-value: 4d49543100000001e9b01542715705ac635e1a382df19c4878892a330cfca423dbf419fa⦠> >Frame 7: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 43028, Dst Port: 88, Seq: 192, Ack: 538, Len: 0 > >Frame 8: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 43028, Seq: 538, Ack: 192, Len: 0 > >Frame 9: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 43028, Dst Port: 88, Seq: 192, Ack: 539, Len: 0 > >Frame 10: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 43028, Seq: 539, Ack: 193, Len: 0 > >Frame 11: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 43040, Dst Port: 88, Seq: 0, Len: 0 > >Frame 12: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 43040, Seq: 0, Ack: 1, Len: 0 > >Frame 13: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 43040, Dst Port: 88, Seq: 1, Ack: 1, Len: 0 > >Frame 14: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 43040, Dst Port: 88, Seq: 1, Ack: 1, Len: 462 >Kerberos > Record Mark: 458 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0001 1100 1010 = Record Length: 458 > as-req > pvno: 5 > msg-type: krb-as-req (10) > padata: 4 items > PA-DATA pA-FX-COOKIE > padata-type: pA-FX-COOKIE (133) > padata-value: 4d49543100000001e9b01542715705ac635e1a382df19c4878892a330cfca423dbf419fa⦠> PA-DATA pA-SPAKE > padata-type: pA-SPAKE (151) > padata-value: a2563054a022042082acbd28568a9caf9e15200f0151eab759ce784de7c1ba722a8e1989⦠response > response > pubkey: 82acbd28568a9caf9e15200f0151eab759ce784de7c1ba722a8e198970a1db35 > factor > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: b6b4ec99ce8b4767a691ac48ae0d53dd58211888faf0b7be2bce86a5a295ec99ef4b59 > PA-DATA Unknown:150 > padata-type: Unknown (150) > padata-value: <MISSING> > PA-DATA pA-REQ-ENC-PA-REP > padata-type: pA-REQ-ENC-PA-REP (149) > padata-value: <MISSING> > req-body > Padding: 0 > kdc-options: 40010010 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..0. = constrained-delegation: False > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...1 .... = renewable-ok: True > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: IPA.TEST > till: Jul 29, 2023 17:29:26.000000000 CEST > nonce: 1867075615 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > >Frame 15: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 43040, Seq: 1, Ack: 463, Len: 0 > >Frame 16: 1854 bytes on wire (14832 bits), 1854 bytes captured (14832 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 43040, Seq: 1, Ack: 463, Len: 1782 >Kerberos > Record Mark: 1778 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0110 1111 0010 = Record Length: 1778 > as-rep > pvno: 5 > msg-type: krb-as-rep (11) > padata: 1 item > PA-DATA pA-ETYPE-INFO2 > padata-type: pA-ETYPE-INFO2 (19) > padata-value: 301b3019a003020112a1121b104e2a4b3775233b566c3935362b2a2751 > ETYPE-INFO2-ENTRY > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > salt: N*K7u#;Vl956+*'Q > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: IPA.TEST > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > kvno: 1 > cipher: c1f2e11698368816b7cfe6ffb2cd6b881d8f2a9644d9f55e478dcbf5e7ab8f0cfe344793⦠> Decrypted keytype 20 usage 2 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Decrypted keytype 20 usage 2 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Decrypted keytype 20 usage 2 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=92 num_tries=9)] > [Used keymap=all_keys num_keys=92 num_tries=9)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40610000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .1.. .... = initial: True > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 0... = transited-policy-checked: False > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=16.1) (bd30cfcb...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=16.1) (bd30cfcb...)] > [Learnt encTicketPart_key keytype 18 (id=16.1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: bd30cfcb47edbbd2e7fd0e4a9f5bb1eec4c8c4eb9007a02eb88b50d969696cfb > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 2 items > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 308203a23082039ea00402020080a182039404820390070000000000000001000000c801⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 070000000000000001000000c801000078000000000000000c000000ac00000040020000⦠> Verified Server checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified Server checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified Server checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=93 num_tries=9)] > [Used keymap=all_keys num_keys=93 num_tries=9)] > [Severity level: Chat] > [Group: Security] > Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Severity level: Chat] > [Group: Security] > Num Entries: 7 > Version: 0 > Type: Logon Info (1) > Size: 456 > Offset: 120 > PAC_LOGON_INFO: 01100800ccccccccb80100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 440 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 17:04:43.000000000 CEST > PWD Can Change: Jul 28, 2023 17:04:43.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: cifs/master.ipa.test > Length: 40 > Size: 40 > Character Array: cifs/master.ipa.test > Referent ID: 0x00020004 > Max Count: 20 > Offset: 0 > Actual Count: 20 > Acct Name: cifs/master.ipa.test > Full Name > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020008 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 516 > Group RID: 515 > Num RIDs: 0 > GroupIDs > Referent ID: 0x0002001c > Max Count: 0 > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000100 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...1 .... .... = Server Trust Account: This account is a SERVER_TRUST_ACCOUNT > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...0 .... = Normal Account: This account is NOT a normal_account > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-1 (Authentication Authority Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 1 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 172 > Offset: 576 > UPN_DNS_INFO: 3a0018001000580002000000280068001c0090000000000063006900660073002f006d00⦠> UPN Len: 58 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 88 > Flags: 0x00000002, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...0 = UPN Name Constructed: UPN Name is NOT Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 40 > sAMAccountName Offset: 104 > objectSid Len: 28 > objectSid Offset: 144 > UPN Name: cifs/master.ipa.test@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: cifs/master.ipa.test > objectSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Attributes Info (17) > Size: 8 > Offset: 752 > PAC_ATTRIBUTES_INFO: 0200000002000000 > Flags Valid Length: 2 > Flags: 0x00000002, PAC given Implicitly > .... .... .... .... .... .... .... ...0 = PAC Requested: PAC was NOT requested > .... .... .... .... .... .... .... ..1. = PAC given Implicitly: PAC was given implicitly > Type: Requester Sid (18) > Size: 28 > Offset: 760 > PAC_REQUESTER_SID: 0105000000000005150000004af13eeabfc1d2f4878c959904020000 > RequesterSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Client Info Type (10) > Size: 50 > Offset: 792 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d901280063006900660073002f006d00610073007400650072002e006900⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 40 > Name: cifs/master.ipa.test > Type: Server Checksum (6) > Size: 28 > Offset: 848 > PAC_SERVER_CHECKSUM: 14000000919fead9c156c6ed7a75250f455a0abb4f955251cd46326c > Type: 20 > Signature: 919fead9c156c6ed7a75250f455a0abb4f955251cd46326c > Type: Privsvr Checksum (7) > Size: 28 > Offset: 880 > PAC_PRIVSVR_CHECKSUM: 140000007ece6df3a058c66c4db38123fe3b12872e391b903b57413d > Type: 20 > Signature: 7ece6df3a058c66c4db38123fe3b12872e391b903b57413d > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 307f307da003020160a17604743072a01930173015a003020161a10e040c300a0c086861⦠> AuthorizationData item > ad-type: Unknown (96) > ad-data: 3072a01930173015a003020161a10e040c300a0c0868617264656e6564a12c302aa10302⦠> enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: eb83e06a3afcbc3c5dbe8bd245f8a10c77a1307b0aba82576e74a06afdf8e2360183e244⦠> Missing keytype 18 usage 3 (id=missing.1) > [Expert Info (Warning/Decryption): Missing keytype 18 usage 3 (id=missing.1)] > [Missing keytype 18 usage 3 (id=missing.1)] > [Severity level: Warning] > [Group: Decryption] > [Expert Info (Warning/Decryption): Used keymap=all_keys num_keys=93 num_tries=22)] > [Used keymap=all_keys num_keys=93 num_tries=22)] > [Severity level: Warning] > [Group: Decryption] > Provides learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=0) (bd30cfcb...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=0) (bd30cfcb...)] > [Provides learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=0) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Missing keytype 18 usage 3 missing in frame 16 keytype 18 (id=missing.1 same=0) (00000000...) > [Expert Info (Warning/Decryption): Missing keytype 18 usage 3 missing in frame 16 keytype 18 (id=missing.1 same=0) (00000000...)] > [Missing keytype 18 usage 3 missing in frame 16 keytype 18 (id=missing.1 same=0) (00000000...)] > [Severity level: Warning] > [Group: Decryption] > Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...)] > [Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > >Frame 17: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 43040, Dst Port: 88, Seq: 463, Ack: 1783, Len: 0 > >Frame 18: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 43040, Seq: 1783, Ack: 463, Len: 0 > >Frame 19: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 43040, Dst Port: 88, Seq: 463, Ack: 1783, Len: 0 > >Frame 20: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 43040, Seq: 1784, Ack: 464, Len: 0 > >Frame 21: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 43040, Dst Port: 88, Seq: 464, Ack: 1784, Len: 0 > >Frame 22: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39474, Dst Port: 88, Seq: 0, Len: 0 > >Frame 23: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39474, Seq: 0, Ack: 1, Len: 0 > >Frame 24: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39474, Dst Port: 88, Seq: 1, Ack: 1, Len: 0 > >Frame 25: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39474, Dst Port: 88, Seq: 1, Ack: 1, Len: 184 >Kerberos > Record Mark: 180 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0000 1011 0100 = Record Length: 180 > as-req > pvno: 5 > msg-type: krb-as-req (10) > padata: 2 items > PA-DATA Unknown:150 > padata-type: Unknown (150) > padata-value: <MISSING> > PA-DATA pA-REQ-ENC-PA-REP > padata-type: pA-REQ-ENC-PA-REP (149) > padata-value: <MISSING> > req-body > Padding: 0 > kdc-options: 00010010 > 0... .... = reserved: False > .0.. .... = forwardable: False > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..0. = constrained-delegation: False > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...1 .... = renewable-ok: True > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > cname > name-type: kRB5-NT-ENTERPRISE-PRINCIPAL (10) > cname-string: 1 item > CNameString: admin@IPA.TEST > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: IPA.TEST > till: Jul 28, 2023 17:29:58.000000000 CEST > nonce: 442478104 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > >Frame 26: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39474, Seq: 1, Ack: 185, Len: 0 > >Frame 27: 602 bytes on wire (4816 bits), 602 bytes captured (4816 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39474, Seq: 1, Ack: 185, Len: 530 >Kerberos > Record Mark: 526 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0010 0000 1110 = Record Length: 526 > krb-error > pvno: 5 > msg-type: krb-error (30) > stime: Jul 28, 2023 17:29:43.000000000 CEST > susec: 651122 > error-code: eRR-PREAUTH-REQUIRED (25) > crealm: IPA.TEST > cname > name-type: kRB5-NT-ENTERPRISE-PRINCIPAL (10) > cname-string: 1 item > CNameString: admin@IPA.TEST > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: IPA.TEST > e-text: NEEDED_PREAUTH > e-data: 3082016b300aa10402020088a20204003026a103020113a21f041d301b3019a003020112⦠> PA-DATA pA-FX-FAST > padata-type: pA-FX-FAST (136) > padata-value: <MISSING> > PA-DATA pA-ETYPE-INFO2 > padata-type: pA-ETYPE-INFO2 (19) > padata-value: 301b3019a003020112a1121b105e765562234e6e25222d4c564d7a344c > ETYPE-INFO2-ENTRY > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > salt: ^vUb#Nn%"-LVMz4L > PA-DATA pA-PK-AS-REQ > padata-type: pA-PK-AS-REQ (16) > padata-value: <MISSING> > PA-DATA pA-PKINIT-KX > padata-type: pA-PKINIT-KX (147) > padata-value: <MISSING> > PA-DATA pA-SPAKE > padata-type: pA-SPAKE (151) > padata-value: a1363034a003020101a1220420e835663effd4e6964118137ba764947cdda5e67eea68d5⦠challenge > challenge > group: sPAKEGroup-edwards25519 (1) > pubkey: e835663effd4e6964118137ba764947cdda5e67eea68d553836e6e6dee836848 > factors: 1 item > SPAKESecondFactor > type: sPAKESecondFactor-SF-NONE (1) > PA-DATA pA-ENC-TIMESTAMP > padata-type: pA-ENC-TIMESTAMP (2) > padata-value: <MISSING> > PA-DATA Unknown:150 > padata-type: Unknown (150) > padata-value: 64c3dee7000000012830320c37bc5bf2f5cc195adce7010e5c525aaa856d50aa > PA-DATA pA-FX-COOKIE > padata-type: pA-FX-COOKIE (133) > padata-value: 4d49543100000001ce7cbdcc977a4ab2bd8c017505bd848536ced96b30f4f3d6020bb62a⦠> >Frame 28: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39474, Dst Port: 88, Seq: 185, Ack: 531, Len: 0 > >Frame 29: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39474, Seq: 531, Ack: 185, Len: 0 > >Frame 30: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39474, Dst Port: 88, Seq: 185, Ack: 531, Len: 0 > >Frame 31: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39474, Seq: 532, Ack: 186, Len: 0 > >Frame 32: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39474, Dst Port: 88, Seq: 186, Ack: 532, Len: 0 > >Frame 33: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39484, Dst Port: 88, Seq: 0, Len: 0 > >Frame 34: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39484, Seq: 0, Ack: 1, Len: 0 > >Frame 35: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39484, Dst Port: 88, Seq: 1, Ack: 1, Len: 0 > >Frame 36: 2470 bytes on wire (19760 bits), 2470 bytes captured (19760 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39484, Dst Port: 88, Seq: 1, Ack: 1, Len: 2398 >Kerberos > Record Mark: 2394 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 1001 0101 1010 = Record Length: 2394 > tgs-req > pvno: 5 > msg-type: krb-tgs-req (12) > padata: 4 items > PA-DATA pA-TGS-REQ > padata-type: pA-TGS-REQ (1) > padata-value: 6e82064c30820648a003020105a10302010ea20703050000000000a38205696182056530⦠> ap-req > pvno: 5 > msg-type: krb-ap-req (14) > Padding: 0 > ap-options: 00000000 > 0... .... = reserved: False > .0.. .... = use-session-key: False > ..0. .... = mutual-required: False > ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: IPA.TEST > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > kvno: 1 > cipher: c1f2e11698368816b7cfe6ffb2cd6b881d8f2a9644d9f55e478dcbf5e7ab8f0cfe344793⦠> Decrypted keytype 20 usage 2 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Decrypted keytype 20 usage 2 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Decrypted keytype 20 usage 2 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=93 num_tries=9)] > [Used keymap=all_keys num_keys=93 num_tries=9)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40610000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .1.. .... = initial: True > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 0... = transited-policy-checked: False > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=36.1) (bd30cfcb...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=36.1) (bd30cfcb...)] > [Learnt encTicketPart_key keytype 18 (id=36.1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: bd30cfcb47edbbd2e7fd0e4a9f5bb1eec4c8c4eb9007a02eb88b50d969696cfb > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 2 items > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 308203a23082039ea00402020080a182039404820390070000000000000001000000c801⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 070000000000000001000000c801000078000000000000000c000000ac00000040020000⦠> Verified Server checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified Server checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified Server checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=93 num_tries=9)] > [Used keymap=all_keys num_keys=93 num_tries=9)] > [Severity level: Chat] > [Group: Security] > Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Severity level: Chat] > [Group: Security] > Num Entries: 7 > Version: 0 > Type: Logon Info (1) > Size: 456 > Offset: 120 > PAC_LOGON_INFO: 01100800ccccccccb80100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 440 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 17:04:43.000000000 CEST > PWD Can Change: Jul 28, 2023 17:04:43.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: cifs/master.ipa.test > Length: 40 > Size: 40 > Character Array: cifs/master.ipa.test > Referent ID: 0x00020004 > Max Count: 20 > Offset: 0 > Actual Count: 20 > Acct Name: cifs/master.ipa.test > Full Name > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020008 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 516 > Group RID: 515 > Num RIDs: 0 > GroupIDs > Referent ID: 0x0002001c > Max Count: 0 > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000100 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...1 .... .... = Server Trust Account: This account is a SERVER_TRUST_ACCOUNT > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...0 .... = Normal Account: This account is NOT a normal_account > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-1 (Authentication Authority Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 1 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 172 > Offset: 576 > UPN_DNS_INFO: 3a0018001000580002000000280068001c0090000000000063006900660073002f006d00⦠> UPN Len: 58 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 88 > Flags: 0x00000002, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...0 = UPN Name Constructed: UPN Name is NOT Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 40 > sAMAccountName Offset: 104 > objectSid Len: 28 > objectSid Offset: 144 > UPN Name: cifs/master.ipa.test@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: cifs/master.ipa.test > objectSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Attributes Info (17) > Size: 8 > Offset: 752 > PAC_ATTRIBUTES_INFO: 0200000002000000 > Flags Valid Length: 2 > Flags: 0x00000002, PAC given Implicitly > .... .... .... .... .... .... .... ...0 = PAC Requested: PAC was NOT requested > .... .... .... .... .... .... .... ..1. = PAC given Implicitly: PAC was given implicitly > Type: Requester Sid (18) > Size: 28 > Offset: 760 > PAC_REQUESTER_SID: 0105000000000005150000004af13eeabfc1d2f4878c959904020000 > RequesterSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Client Info Type (10) > Size: 50 > Offset: 792 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d901280063006900660073002f006d00610073007400650072002e006900⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 40 > Name: cifs/master.ipa.test > Type: Server Checksum (6) > Size: 28 > Offset: 848 > PAC_SERVER_CHECKSUM: 14000000919fead9c156c6ed7a75250f455a0abb4f955251cd46326c > Type: 20 > Signature: 919fead9c156c6ed7a75250f455a0abb4f955251cd46326c > Type: Privsvr Checksum (7) > Size: 28 > Offset: 880 > PAC_PRIVSVR_CHECKSUM: 140000007ece6df3a058c66c4db38123fe3b12872e391b903b57413d > Type: 20 > Signature: 7ece6df3a058c66c4db38123fe3b12872e391b903b57413d > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 307f307da003020160a17604743072a01930173015a003020161a10e040c300a0c086861⦠> AuthorizationData item > ad-type: Unknown (96) > ad-data: 3072a01930173015a003020161a10e040c300a0c0868617264656e6564a12c302aa10302⦠> authenticator > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: a6cb29fbbb7ac29bdae7286b28ee8318e508d924428f078a7d1e6393f7b2bd79e0009a37⦠> Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 16 (id=16.1 same=1) (bd30cfcb...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 16 (id=16.1 same=1) (bd30cfcb...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 16 (id=16.1 same=1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=93 num_tries=12)] > [Used keymap=all_keys num_keys=93 num_tries=12)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 36 (id=36.1 same=0) (bd30cfcb...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 36 (id=36.1 same=0) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > authenticator > authenticator-vno: 5 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > cksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: 37e0ec4d04f66cb27201ee79 > cusec: 637441 > ctime: Jul 28, 2023 17:29:43.000000000 CEST > subkey > Learnt authenticator_subkey keytype 18 (id=36.2) (8e857102...) > [Expert Info (Chat/Security): Learnt authenticator_subkey keytype 18 (id=36.2) (8e857102...)] > [Learnt authenticator_subkey keytype 18 (id=36.2) (8e857102...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: 8e857102223bf20b37feb3be30c821a42e4b79a24d0311ab022f3482dff96c1c > PA-DATA pA-FX-FAST > padata-type: pA-FX-FAST (136) > padata-value: a082019530820191a1173015a003020110a10e040c2cd2681ab09435f38b1e11dfa28201⦠> armored-data > req-checksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: 2cd2681ab09435f38b1e11df > enc-fast-req > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 815a2d2547c320332fddb4df09b2a62e58db662f59a857a2a7b58c0a112dcd6c7056276d⦠> Derived KrbFastReq_TGS_armorKey keytype 18 (id=36.3) (50328e8d...) > [Expert Info (Chat/Security): Derived KrbFastReq_TGS_armorKey keytype 18 (id=36.3) (50328e8d...)] > [Derived KrbFastReq_TGS_armorKey keytype 18 (id=36.3) (50328e8d...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [SRC1 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 36 (id=36.3 same=0) (50328e8d...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 36 (id=36.3 same=0) (50328e8d...)] > [Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 36 (id=36.3 same=0) (50328e8d...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=95 num_tries=20)] > [Used keymap=all_keys num_keys=95 num_tries=20)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [SRC1 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Padding: 0 > fast-options: 00000000 > 0... .... = reserved: False > .0.. .... = hide-client-names: False > ..0. .... = spare_bit2: False > ...0 .... = spare_bit3: False > .... 0... = spare_bit4: False > .... .0.. = spare_bit5: False > .... ..0. = spare_bit6: False > .... ...0 = spare_bit7: False > 0... .... = spare_bit8: False > .0.. .... = spare_bit9: False > ..0. .... = spare_bit10: False > ...0 .... = spare_bit11: False > .... 0... = spare_bit12: False > .... .0.. = spare_bit13: False > .... ..0. = spare_bit14: False > .... ...0 = spare_bit15: False > 0... .... = kdc-follow-referrals: False > padata: 2 items > PA-DATA pA-FOR-X509-USER > padata-type: pA-FOR-X509-USER (130) > padata-value: 3057a03c303aa006020432bf0518a11b3019a00302010aa11230101b0e61646d696e4049⦠> user-id > nonce: 851379480 > cname > name-type: kRB5-NT-ENTERPRISE-PRINCIPAL (10) > name-string: 1 item > KerberosString: admin@IPA.TEST > crealm: IPA.TEST > Padding: 0 > options: 20000000 > checksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: 0b5ae2520c188d89b91c48bd > PA-DATA pA-FOR-USER > padata-type: pA-FOR-USER (129) > padata-value: 3053a01b3019a00302010aa11230101b0e61646d696e404950412e54455354a10a1b0849⦠> name > name-type: kRB5-NT-ENTERPRISE-PRINCIPAL (10) > name-string: 1 item > KerberosString: admin@IPA.TEST > realm: IPA.TEST > cksum > cksumtype: cKSUMTYPE-HMAC-MD5 (-138) > checksum: a593bedec96741f0e3d80ccb47c7b1a9 > auth: Kerberos > req-body > Padding: 0 > kdc-options: 40010000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..0. = constrained-delegation: False > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...0 .... = renewable-ok: False > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > realm: IPA.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: master.ipa.test > till: Jul 29, 2023 17:25:40.000000000 CEST > nonce: 851379480 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > PA-DATA pA-FOR-X509-USER > padata-type: pA-FOR-X509-USER (130) > padata-value: 3057a03c303aa006020432bf0518a11b3019a00302010aa11230101b0e61646d696e4049⦠> user-id > nonce: 851379480 > cname > name-type: kRB5-NT-ENTERPRISE-PRINCIPAL (10) > name-string: 1 item > KerberosString: admin@IPA.TEST > crealm: IPA.TEST > Padding: 0 > options: 20000000 > checksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: 0b5ae2520c188d89b91c48bd > PA-DATA pA-FOR-USER > padata-type: pA-FOR-USER (129) > padata-value: 3053a01b3019a00302010aa11230101b0e61646d696e404950412e54455354a10a1b0849⦠> name > name-type: kRB5-NT-ENTERPRISE-PRINCIPAL (10) > name-string: 1 item > KerberosString: admin@IPA.TEST > realm: IPA.TEST > cksum > cksumtype: cKSUMTYPE-HMAC-MD5 (-138) > checksum: a593bedec96741f0e3d80ccb47c7b1a9 > auth: Kerberos > req-body > Padding: 0 > kdc-options: 40010000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..0. = constrained-delegation: False > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...0 .... = renewable-ok: False > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > realm: IPA.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: master.ipa.test > till: Jul 29, 2023 17:25:40.000000000 CEST > nonce: 851379480 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > Provides learnt encTicketPart_key in frame 36 keytype 18 (id=36.1 same=0) (bd30cfcb...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 36 keytype 18 (id=36.1 same=0) (bd30cfcb...)] > [Provides learnt encTicketPart_key in frame 36 keytype 18 (id=36.1 same=0) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Provides learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...) > [Expert Info (Chat/Security): Provides learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [Provides learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [Severity level: Chat] > [Group: Security] > Provides derived KrbFastReq_TGS_armorKey in frame 36 keytype 18 (id=36.3 same=0) (50328e8d...) > [Expert Info (Chat/Security): Provides derived KrbFastReq_TGS_armorKey in frame 36 keytype 18 (id=36.3 same=0) (50328e8d...)] > [Provides derived KrbFastReq_TGS_armorKey in frame 36 keytype 18 (id=36.3 same=0) (50328e8d...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [SRC1 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...)] > [Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > Used learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...) > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [Used learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 36 keytype 18 (id=36.1 same=0) (bd30cfcb...)] > [Used learnt encTicketPart_key in frame 36 keytype 18 (id=36.1 same=0) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Used derived KrbFastReq_TGS_armorKey in frame 36 keytype 18 (id=36.3 same=0) (50328e8d...) > [Expert Info (Chat/Security): Used derived KrbFastReq_TGS_armorKey in frame 36 keytype 18 (id=36.3 same=0) (50328e8d...)] > [Used derived KrbFastReq_TGS_armorKey in frame 36 keytype 18 (id=36.3 same=0) (50328e8d...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [SRC1 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > >Frame 37: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39484, Seq: 1, Ack: 2399, Len: 0 > >Frame 38: 1962 bytes on wire (15696 bits), 1962 bytes captured (15696 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39484, Seq: 1, Ack: 2399, Len: 1890 >Kerberos > Record Mark: 1886 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0111 0101 1110 = Record Length: 1886 > tgs-rep > pvno: 5 > msg-type: krb-tgs-rep (13) > padata: 1 item > PA-DATA pA-FX-FAST > padata-type: pA-FX-FAST (136) > padata-value: a082013630820132a082012e3082012aa003020112a28201210482011d9622012ae0993b⦠> armored-data > enc-fast-rep > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 9622012ae0993b00db20d108a3b13163c2a991510d909898427dc03f60feab7d87f40f7c⦠> Decrypted keytype 18 usage 52 using derived KrbFastReq_TGS_armorKey in frame 36 (id=36.3 same=0) (50328e8d...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 52 using derived KrbFastReq_TGS_armorKey in frame 36 (id=36.3 same=0) (50328e8d...)] > [Decrypted keytype 18 usage 52 using derived KrbFastReq_TGS_armorKey in frame 36 (id=36.3 same=0) (50328e8d...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=95 num_tries=20)] > [Used keymap=all_keys num_keys=95 num_tries=20)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [SRC1 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > padata: 1 item > PA-DATA pA-FOR-X509-USER > padata-type: pA-FOR-X509-USER (130) > padata-value: 3057a03c303aa006020432bf0518a11b3019a00302010aa11230101b0e61646d696e4049⦠> user-id > nonce: 851379480 > cname > name-type: kRB5-NT-ENTERPRISE-PRINCIPAL (10) > name-string: 1 item > KerberosString: admin@IPA.TEST > crealm: IPA.TEST > Padding: 0 > options: 20000000 > checksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: 240bc10999df50b3b83f714c > strengthen-key > Learnt KrbFastResponse_strengthen-key keytype 18 (id=38.1) (7a1a6bfd...) > [Expert Info (Chat/Security): Learnt KrbFastResponse_strengthen-key keytype 18 (id=38.1) (7a1a6bfd...)] > [Learnt KrbFastResponse_strengthen-key keytype 18 (id=38.1) (7a1a6bfd...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: 7a1a6bfd9c8596470ba8efa1401c7505a8f817d4fd4076fca29bd59b21902186 > finished > timestamp: Jul 28, 2023 17:29:43.000000000 CEST > usec: 675733 > crealm: IPA.TEST > cname > name-type: kRB5-NT-ENTERPRISE-PRINCIPAL (10) > name-string: 1 item > KerberosString: admin@IPA.TEST > ticket-checksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: a404a5d5bf1eedc5fd6d3616 > nonce: 851379480 > crealm: IPA.TEST > cname > name-type: kRB5-NT-ENTERPRISE-PRINCIPAL (10) > cname-string: 1 item > CNameString: admin@IPA.TEST > ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: master.ipa.test > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > kvno: 1 > cipher: e068052f1383cd120a032bce3830c5e8253b9bf5f3d33d136d19c1cd104605205a4d3c1c⦠> Decrypted keytype 20 usage 2 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...) > [Expert Info (Chat/Security): Decrypted keytype 20 usage 2 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...)] > [Decrypted keytype 20 usage 2 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=96 num_tries=1)] > [Used keymap=all_keys num_keys=96 num_tries=1)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40290000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 1... = transited-policy-checked: True > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=38.2) (f9cd87d5...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=38.2) (f9cd87d5...)] > [Learnt encTicketPart_key keytype 18 (id=38.2) (f9cd87d5...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: f9cd87d5d3316001c8fd48be43708b5ee846509cd86f6d64c138cc15aafda2ab > crealm: IPA.TEST > cname > name-type: kRB5-NT-ENTERPRISE-PRINCIPAL (10) > cname-string: 1 item > CNameString: admin@IPA.TEST > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:43.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 1 item > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 3082038a30820386a00402020080a182037c04820378080000000000000001000000d001⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 080000000000000001000000d001000088000000000000000c0000006e00000058020000⦠> Verified Server checksum 20 keytype 20 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...) > [Expert Info (Chat/Security): Verified Server checksum 20 keytype 20 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...)] > [Verified Server checksum 20 keytype 20 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=97 num_tries=1)] > [Used keymap=all_keys num_keys=97 num_tries=1)] > [Severity level: Chat] > [Group: Security] > Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Severity level: Chat] > [Group: Security] > Verified Ticket checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified Ticket checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified Ticket checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=kdc_checksum_key num_keys=1 num_tries=1)] > [Used keymap=kdc_checksum_key num_keys=1 num_tries=1)] > [Severity level: Chat] > [Group: Security] > Num Entries: 8 > Version: 0 > Type: Logon Info (1) > Size: 464 > Offset: 136 > PAC_LOGON_INFO: 01100800ccccccccc00100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 448 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 16:48:21.000000000 CEST > PWD Can Change: Jul 28, 2023 16:48:21.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: admin > Length: 10 > Size: 10 > Character Array: admin > Referent ID: 0x00020004 > Max Count: 5 > Offset: 0 > Actual Count: 5 > Acct Name: admin > Full Name: Administrator > Length: 26 > Size: 26 > Character Array: Administrator > Referent ID: 0x00020008 > Max Count: 13 > Offset: 0 > Actual Count: 13 > Full Name: Administrator > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 500 > Group RID: 512 > Num RIDs: 1 > GroupIDs > Referent ID: 0x0002001c > Max Count: 1 > GROUP_MEMBERSHIP: > Group RID: 512 > Attributes: 0x00000007 > .... .... .... .... .... .... .... .1.. = Enabled: The enabled bit is SET > .... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET > .... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000010 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...0 .... .... = Server Trust Account: This account is NOT a server_trust_account > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...1 .... = Normal Account: This account is a NORMAL_ACCOUNT > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-2 (Service Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 2 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 110 > Offset: 600 > UPN_DNS_INFO: 1c00180010003800030000000a0048001c00520000000000610064006d0069006e004000⦠> UPN Len: 28 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 56 > Flags: 0x00000003, UPN Name Constructed, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...1 = UPN Name Constructed: UPN Name is Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 10 > sAMAccountName Offset: 72 > objectSid Len: 28 > objectSid Offset: 82 > UPN Name: admin@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: admin > objectSid: S-1-5-21-3929993546-4107452863-2576714887-500 (Domain SID-Administrator) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-500 > RID: 500 (Administrator) > Type: Attributes Info (17) > Size: 8 > Offset: 712 > PAC_ATTRIBUTES_INFO: 0200000002000000 > Flags Valid Length: 2 > Flags: 0x00000002, PAC given Implicitly > .... .... .... .... .... .... .... ...0 = PAC Requested: PAC was NOT requested > .... .... .... .... .... .... .... ..1. = PAC given Implicitly: PAC was given implicitly > Type: Ticket Checksum (16) > Size: 28 > Offset: 720 > PAC_TICKET_CHECKSUM: 140000002de6f8af111227ca2a84ca4608aae34463682682af2daa6f > Type: 20 > Signature: 2de6f8af111227ca2a84ca4608aae34463682682af2daa6f > Type: Client Info Type (10) > Size: 38 > Offset: 752 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d9011c00610064006d0069006e0040004900500041002e00540045005300⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 28 > Name: admin@IPA.TEST > Type: Server Checksum (6) > Size: 28 > Offset: 792 > PAC_SERVER_CHECKSUM: 1400000016a16cde234d0b17fa1b121886d8e0a118b4b7fc44d942dd > Type: 20 > Signature: 16a16cde234d0b17fa1b121886d8e0a118b4b7fc44d942dd > Type: Privsvr Checksum (7) > Size: 28 > Offset: 824 > PAC_PRIVSVR_CHECKSUM: 140000000dcf08109368cdafabcffc19c6db4e12d1a355619fab1491 > Type: 20 > Signature: 0dcf08109368cdafabcffc19c6db4e12d1a355619fab1491 > Type: Unknown (19) > Size: 28 > Offset: 856 > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: e57ce09bdb99919e4fce8c50e16cbd49edbf160386761780c65b603013829cbfe59c49f1⦠> Derived strengthen-reply-key keytype 18 (id=38.3) (9f8c84ce...) > [Expert Info (Chat/Security): Derived strengthen-reply-key keytype 18 (id=38.3) (9f8c84ce...)] > [Derived strengthen-reply-key keytype 18 (id=38.3) (9f8c84ce...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 38 keytype 18 (id=38.1 same=0) (7a1a6bfd...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 38 keytype 18 (id=38.1 same=0) (7a1a6bfd...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [SRC2 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [Severity level: Chat] > [Group: Security] > Decrypted keytype 18 usage 9 using derived strengthen-reply-key in frame 38 (id=38.3 same=0) (9f8c84ce...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 9 using derived strengthen-reply-key in frame 38 (id=38.3 same=0) (9f8c84ce...)] > [Decrypted keytype 18 usage 9 using derived strengthen-reply-key in frame 38 (id=38.3 same=0) (9f8c84ce...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=98 num_tries=1)] > [Used keymap=all_keys num_keys=98 num_tries=1)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 38 keytype 18 (id=38.1 same=0) (7a1a6bfd...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 38 keytype 18 (id=38.1 same=0) (7a1a6bfd...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [SRC2 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [Severity level: Chat] > [Group: Security] > encTGSRepPart > key > Learnt encTGSRepPart_key keytype 18 (id=38.4) (f9cd87d5...) > [Expert Info (Chat/Security): Learnt encTGSRepPart_key keytype 18 (id=38.4) (f9cd87d5...)] > [Learnt encTGSRepPart_key keytype 18 (id=38.4) (f9cd87d5...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: f9cd87d5d3316001c8fd48be43708b5ee846509cd86f6d64c138cc15aafda2ab > last-req: 1 item > LastReq item > lr-type: lR-NONE (0) > lr-value: Jan 1, 1970 01:00:00.000000000 CET > nonce: 851379480 > Padding: 0 > flags: 40290000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 1... = transited-policy-checked: True > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:43.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > srealm: IPA.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: master.ipa.test > Provides learnt KrbFastResponse_strengthen-key in frame 38 keytype 18 (id=38.1 same=0) (7a1a6bfd...) > [Expert Info (Chat/Security): Provides learnt KrbFastResponse_strengthen-key in frame 38 keytype 18 (id=38.1 same=0) (7a1a6bfd...)] > [Provides learnt KrbFastResponse_strengthen-key in frame 38 keytype 18 (id=38.1 same=0) (7a1a6bfd...)] > [Severity level: Chat] > [Group: Security] > Provides learnt encTicketPart_key in frame 38 keytype 18 (id=38.2 same=1) (f9cd87d5...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 38 keytype 18 (id=38.2 same=1) (f9cd87d5...)] > [Provides learnt encTicketPart_key in frame 38 keytype 18 (id=38.2 same=1) (f9cd87d5...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Provides learnt encTGSRepPart_key in frame 38 keytype 18 (id=38.4 same=0) (f9cd87d5...)] > [Provides learnt encTGSRepPart_key in frame 38 keytype 18 (id=38.4 same=0) (f9cd87d5...)] > [Severity level: Chat] > [Group: Security] > Provides derived strengthen-reply-key in frame 38 keytype 18 (id=38.3 same=0) (9f8c84ce...) > [Expert Info (Chat/Security): Provides derived strengthen-reply-key in frame 38 keytype 18 (id=38.3 same=0) (9f8c84ce...)] > [Provides derived strengthen-reply-key in frame 38 keytype 18 (id=38.3 same=0) (9f8c84ce...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 38 keytype 18 (id=38.1 same=0) (7a1a6bfd...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 38 keytype 18 (id=38.1 same=0) (7a1a6bfd...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [SRC2 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [Severity level: Chat] > [Group: Security] > Provides learnt encTGSRepPart_key in frame 38 keytype 18 (id=38.4 same=0) (f9cd87d5...) > [Expert Info (Chat/Security): Provides learnt encTGSRepPart_key in frame 38 keytype 18 (id=38.4 same=0) (f9cd87d5...)] > [Provides learnt encTGSRepPart_key in frame 38 keytype 18 (id=38.4 same=0) (f9cd87d5...)] > [Severity level: Chat] > [Group: Security] > Used derived KrbFastReq_TGS_armorKey in frame 36 keytype 18 (id=36.3 same=0) (50328e8d...) > [Expert Info (Chat/Security): Used derived KrbFastReq_TGS_armorKey in frame 36 keytype 18 (id=36.3 same=0) (50328e8d...)] > [Used derived KrbFastReq_TGS_armorKey in frame 36 keytype 18 (id=36.3 same=0) (50328e8d...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [SRC1 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Used keytab principal cifs/master.ipa.test@IPA.TEST keytype 20 (id=keytab.83 same=0) (a9fce312...) > [Expert Info (Chat/Security): Used keytab principal cifs/master.ipa.test@IPA.TEST keytype 20 (id=keytab.83 same=0) (a9fce312...)] > [Used keytab principal cifs/master.ipa.test@IPA.TEST keytype 20 (id=keytab.83 same=0) (a9fce312...)] > [Severity level: Chat] > [Group: Security] > Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...)] > [Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > Used derived strengthen-reply-key in frame 38 keytype 18 (id=38.3 same=0) (9f8c84ce...) > [Expert Info (Chat/Security): Used derived strengthen-reply-key in frame 38 keytype 18 (id=38.3 same=0) (9f8c84ce...)] > [Used derived strengthen-reply-key in frame 38 keytype 18 (id=38.3 same=0) (9f8c84ce...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 38 keytype 18 (id=38.1 same=0) (7a1a6bfd...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 38 keytype 18 (id=38.1 same=0) (7a1a6bfd...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [SRC2 learnt authenticator_subkey in frame 36 keytype 18 (id=36.2 same=0) (8e857102...)] > [Severity level: Chat] > [Group: Security] > >Frame 39: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39484, Dst Port: 88, Seq: 2399, Ack: 1891, Len: 0 > >Frame 40: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39484, Seq: 1891, Ack: 2399, Len: 0 > >Frame 41: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39484, Dst Port: 88, Seq: 2399, Ack: 1892, Len: 0 > >Frame 42: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39484, Seq: 1892, Ack: 2400, Len: 0 > >Frame 43: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39494, Dst Port: 88, Seq: 0, Len: 0 > >Frame 44: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39494, Seq: 0, Ack: 1, Len: 0 > >Frame 45: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39494, Dst Port: 88, Seq: 1, Ack: 1, Len: 0 > >Frame 46: 4622 bytes on wire (36976 bits), 4622 bytes captured (36976 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39494, Dst Port: 88, Seq: 1, Ack: 1, Len: 4550 >Kerberos > Record Mark: 4546 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0001 0001 1100 0010 = Record Length: 4546 > tgs-req > pvno: 5 > msg-type: krb-tgs-req (12) > padata: 3 items > PA-DATA pA-TGS-REQ > padata-type: pA-TGS-REQ (1) > padata-value: 6e82064c30820648a003020105a10302010ea20703050000000000a38205696182056530⦠> ap-req > pvno: 5 > msg-type: krb-ap-req (14) > Padding: 0 > ap-options: 00000000 > 0... .... = reserved: False > .0.. .... = use-session-key: False > ..0. .... = mutual-required: False > ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: IPA.TEST > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > kvno: 1 > cipher: c1f2e11698368816b7cfe6ffb2cd6b881d8f2a9644d9f55e478dcbf5e7ab8f0cfe344793⦠> Decrypted keytype 20 usage 2 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Decrypted keytype 20 usage 2 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Decrypted keytype 20 usage 2 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=98 num_tries=9)] > [Used keymap=all_keys num_keys=98 num_tries=9)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40610000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .1.. .... = initial: True > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 0... = transited-policy-checked: False > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=46.1) (bd30cfcb...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=46.1) (bd30cfcb...)] > [Learnt encTicketPart_key keytype 18 (id=46.1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: bd30cfcb47edbbd2e7fd0e4a9f5bb1eec4c8c4eb9007a02eb88b50d969696cfb > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 2 items > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 308203a23082039ea00402020080a182039404820390070000000000000001000000c801⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 070000000000000001000000c801000078000000000000000c000000ac00000040020000⦠> Verified Server checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified Server checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified Server checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=98 num_tries=9)] > [Used keymap=all_keys num_keys=98 num_tries=9)] > [Severity level: Chat] > [Group: Security] > Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Severity level: Chat] > [Group: Security] > Num Entries: 7 > Version: 0 > Type: Logon Info (1) > Size: 456 > Offset: 120 > PAC_LOGON_INFO: 01100800ccccccccb80100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 440 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 17:04:43.000000000 CEST > PWD Can Change: Jul 28, 2023 17:04:43.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: cifs/master.ipa.test > Length: 40 > Size: 40 > Character Array: cifs/master.ipa.test > Referent ID: 0x00020004 > Max Count: 20 > Offset: 0 > Actual Count: 20 > Acct Name: cifs/master.ipa.test > Full Name > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020008 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 516 > Group RID: 515 > Num RIDs: 0 > GroupIDs > Referent ID: 0x0002001c > Max Count: 0 > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000100 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...1 .... .... = Server Trust Account: This account is a SERVER_TRUST_ACCOUNT > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...0 .... = Normal Account: This account is NOT a normal_account > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-1 (Authentication Authority Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 1 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 172 > Offset: 576 > UPN_DNS_INFO: 3a0018001000580002000000280068001c0090000000000063006900660073002f006d00⦠> UPN Len: 58 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 88 > Flags: 0x00000002, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...0 = UPN Name Constructed: UPN Name is NOT Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 40 > sAMAccountName Offset: 104 > objectSid Len: 28 > objectSid Offset: 144 > UPN Name: cifs/master.ipa.test@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: cifs/master.ipa.test > objectSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Attributes Info (17) > Size: 8 > Offset: 752 > PAC_ATTRIBUTES_INFO: 0200000002000000 > Flags Valid Length: 2 > Flags: 0x00000002, PAC given Implicitly > .... .... .... .... .... .... .... ...0 = PAC Requested: PAC was NOT requested > .... .... .... .... .... .... .... ..1. = PAC given Implicitly: PAC was given implicitly > Type: Requester Sid (18) > Size: 28 > Offset: 760 > PAC_REQUESTER_SID: 0105000000000005150000004af13eeabfc1d2f4878c959904020000 > RequesterSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Client Info Type (10) > Size: 50 > Offset: 792 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d901280063006900660073002f006d00610073007400650072002e006900⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 40 > Name: cifs/master.ipa.test > Type: Server Checksum (6) > Size: 28 > Offset: 848 > PAC_SERVER_CHECKSUM: 14000000919fead9c156c6ed7a75250f455a0abb4f955251cd46326c > Type: 20 > Signature: 919fead9c156c6ed7a75250f455a0abb4f955251cd46326c > Type: Privsvr Checksum (7) > Size: 28 > Offset: 880 > PAC_PRIVSVR_CHECKSUM: 140000007ece6df3a058c66c4db38123fe3b12872e391b903b57413d > Type: 20 > Signature: 7ece6df3a058c66c4db38123fe3b12872e391b903b57413d > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 307f307da003020160a17604743072a01930173015a003020161a10e040c300a0c086861⦠> AuthorizationData item > ad-type: Unknown (96) > ad-data: 3072a01930173015a003020161a10e040c300a0c0868617264656e6564a12c302aa10302⦠> authenticator > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 2567cf3d0eec0510d4bcb5313425847ccb642baf0dc3849bb26062e4ba3b78b696032b69⦠> Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 16 (id=16.1 same=2) (bd30cfcb...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 16 (id=16.1 same=2) (bd30cfcb...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 16 (id=16.1 same=2) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=98 num_tries=14)] > [Used keymap=all_keys num_keys=98 num_tries=14)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 36 (id=36.1 same=1) (bd30cfcb...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 36 (id=36.1 same=1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 46 (id=46.1 same=0) (bd30cfcb...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 46 (id=46.1 same=0) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > authenticator > authenticator-vno: 5 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > cksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: 21a2f8a2343fcd6de51e2b5a > cusec: 637461 > ctime: Jul 28, 2023 17:29:43.000000000 CEST > subkey > Learnt authenticator_subkey keytype 18 (id=46.2) (c005a296...) > [Expert Info (Chat/Security): Learnt authenticator_subkey keytype 18 (id=46.2) (c005a296...)] > [Learnt authenticator_subkey keytype 18 (id=46.2) (c005a296...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: c005a296411c6887841e7183ef1ba89a33c1a6ce990e6b2750da72a34f65c258 > PA-DATA pA-FX-FAST > padata-type: pA-FX-FAST (136) > padata-value: a08205c8308205c4a1173015a003020110a10e040cd7f1ec36b8b15378b81d8386a28205⦠> armored-data > req-checksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: d7f1ec36b8b15378b81d8386 > enc-fast-req > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 593d09f103dc932174f456775ce4fbcf52c4d85a3ca041dae00928d19d071f918c206e31⦠> Derived KrbFastReq_TGS_armorKey keytype 18 (id=46.3) (87384fd8...) > [Expert Info (Chat/Security): Derived KrbFastReq_TGS_armorKey keytype 18 (id=46.3) (87384fd8...)] > [Derived KrbFastReq_TGS_armorKey keytype 18 (id=46.3) (87384fd8...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [SRC1 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 46 (id=46.3 same=0) (87384fd8...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 46 (id=46.3 same=0) (87384fd8...)] > [Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 46 (id=46.3 same=0) (87384fd8...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=100 num_tries=22)] > [Used keymap=all_keys num_keys=100 num_tries=22)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [SRC1 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Padding: 0 > fast-options: 00000000 > 0... .... = reserved: False > .0.. .... = hide-client-names: False > ..0. .... = spare_bit2: False > ...0 .... = spare_bit3: False > .... 0... = spare_bit4: False > .... .0.. = spare_bit5: False > .... ..0. = spare_bit6: False > .... ...0 = spare_bit7: False > 0... .... = spare_bit8: False > .0.. .... = spare_bit9: False > ..0. .... = spare_bit10: False > ...0 .... = spare_bit11: False > .... 0... = spare_bit12: False > .... .0.. = spare_bit13: False > .... ..0. = spare_bit14: False > .... ...0 = spare_bit15: False > 0... .... = kdc-follow-referrals: False > padata: 1 item > PA-DATA pA-PAC-OPTIONS > padata-type: pA-PAC-OPTIONS (167) > padata-value: 3009a00703050010000000 > Padding: 0 > flags: 10000000 > 0... .... = claims: False > .0.. .... = branch-aware: False > ..0. .... = forward-to-full-dc: False > ...1 .... = resource-based-constrained-delegation: True > req-body > Padding: 0 > kdc-options: 40030000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..1. = constrained-delegation: True > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...0 .... = renewable-ok: False > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > realm: IPA.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: dc-xk57.ad-xk57.test > till: Jul 29, 2023 17:25:40.000000000 CEST > nonce: 2053158447 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > additional-tickets: 1 item > Ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: master.ipa.test > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > kvno: 1 > cipher: e068052f1383cd120a032bce3830c5e8253b9bf5f3d33d136d19c1cd104605205a4d3c1c⦠> Decrypted keytype 20 usage 2 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...) > [Expert Info (Chat/Security): Decrypted keytype 20 usage 2 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...)] > [Decrypted keytype 20 usage 2 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=100 num_tries=1)] > [Used keymap=all_keys num_keys=100 num_tries=1)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40290000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 1... = transited-policy-checked: True > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=46.4) (f9cd87d5...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=46.4) (f9cd87d5...)] > [Learnt encTicketPart_key keytype 18 (id=46.4) (f9cd87d5...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: f9cd87d5d3316001c8fd48be43708b5ee846509cd86f6d64c138cc15aafda2ab > crealm: IPA.TEST > cname > name-type: kRB5-NT-ENTERPRISE-PRINCIPAL (10) > cname-string: 1 item > CNameString: admin@IPA.TEST > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:43.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 1 item > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 3082038a30820386a00402020080a182037c04820378080000000000000001000000d001⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 080000000000000001000000d001000088000000000000000c0000006e00000058020000⦠> Verified Server checksum 20 keytype 20 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...) > [Expert Info (Chat/Security): Verified Server checksum 20 keytype 20 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...)] > [Verified Server checksum 20 keytype 20 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=100 num_tries=1)] > [Used keymap=all_keys num_keys=100 num_tries=1)] > [Severity level: Chat] > [Group: Security] > Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Severity level: Chat] > [Group: Security] > Verified Ticket checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified Ticket checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified Ticket checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=kdc_checksum_key num_keys=1 num_tries=1)] > [Used keymap=kdc_checksum_key num_keys=1 num_tries=1)] > [Severity level: Chat] > [Group: Security] > Num Entries: 8 > Version: 0 > Type: Logon Info (1) > Size: 464 > Offset: 136 > PAC_LOGON_INFO: 01100800ccccccccc00100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 448 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 16:48:21.000000000 CEST > PWD Can Change: Jul 28, 2023 16:48:21.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: admin > Length: 10 > Size: 10 > Character Array: admin > Referent ID: 0x00020004 > Max Count: 5 > Offset: 0 > Actual Count: 5 > Acct Name: admin > Full Name: Administrator > Length: 26 > Size: 26 > Character Array: Administrator > Referent ID: 0x00020008 > Max Count: 13 > Offset: 0 > Actual Count: 13 > Full Name: Administrator > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 500 > Group RID: 512 > Num RIDs: 1 > GroupIDs > Referent ID: 0x0002001c > Max Count: 1 > GROUP_MEMBERSHIP: > Group RID: 512 > Attributes: 0x00000007 > .... .... .... .... .... .... .... .1.. = Enabled: The enabled bit is SET > .... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET > .... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000010 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...0 .... .... = Server Trust Account: This account is NOT a server_trust_account > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...1 .... = Normal Account: This account is a NORMAL_ACCOUNT > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-2 (Service Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 2 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 110 > Offset: 600 > UPN_DNS_INFO: 1c00180010003800030000000a0048001c00520000000000610064006d0069006e004000⦠> UPN Len: 28 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 56 > Flags: 0x00000003, UPN Name Constructed, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...1 = UPN Name Constructed: UPN Name is Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 10 > sAMAccountName Offset: 72 > objectSid Len: 28 > objectSid Offset: 82 > UPN Name: admin@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: admin > objectSid: S-1-5-21-3929993546-4107452863-2576714887-500 (Domain SID-Administrator) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-500 > RID: 500 (Administrator) > Type: Attributes Info (17) > Size: 8 > Offset: 712 > PAC_ATTRIBUTES_INFO: 0200000002000000 > Flags Valid Length: 2 > Flags: 0x00000002, PAC given Implicitly > .... .... .... .... .... .... .... ...0 = PAC Requested: PAC was NOT requested > .... .... .... .... .... .... .... ..1. = PAC given Implicitly: PAC was given implicitly > Type: Ticket Checksum (16) > Size: 28 > Offset: 720 > PAC_TICKET_CHECKSUM: 140000002de6f8af111227ca2a84ca4608aae34463682682af2daa6f > Type: 20 > Signature: 2de6f8af111227ca2a84ca4608aae34463682682af2daa6f > Type: Client Info Type (10) > Size: 38 > Offset: 752 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d9011c00610064006d0069006e0040004900500041002e00540045005300⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 28 > Name: admin@IPA.TEST > Type: Server Checksum (6) > Size: 28 > Offset: 792 > PAC_SERVER_CHECKSUM: 1400000016a16cde234d0b17fa1b121886d8e0a118b4b7fc44d942dd > Type: 20 > Signature: 16a16cde234d0b17fa1b121886d8e0a118b4b7fc44d942dd > Type: Privsvr Checksum (7) > Size: 28 > Offset: 824 > PAC_PRIVSVR_CHECKSUM: 140000000dcf08109368cdafabcffc19c6db4e12d1a355619fab1491 > Type: 20 > Signature: 0dcf08109368cdafabcffc19c6db4e12d1a355619fab1491 > Type: Unknown (19) > Size: 28 > Offset: 856 > PA-DATA pA-PAC-OPTIONS > padata-type: pA-PAC-OPTIONS (167) > padata-value: 3009a00703050010000000 > Padding: 0 > flags: 10000000 > 0... .... = claims: False > .0.. .... = branch-aware: False > ..0. .... = forward-to-full-dc: False > ...1 .... = resource-based-constrained-delegation: True > req-body > Padding: 0 > kdc-options: 40030000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..1. = constrained-delegation: True > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...0 .... = renewable-ok: False > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > realm: IPA.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: dc-xk57.ad-xk57.test > till: Jul 29, 2023 17:25:40.000000000 CEST > nonce: 2053158447 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > additional-tickets: 1 item > Ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: master.ipa.test > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > kvno: 1 > cipher: e068052f1383cd120a032bce3830c5e8253b9bf5f3d33d136d19c1cd104605205a4d3c1c⦠> Decrypted keytype 20 usage 2 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...) > [Expert Info (Chat/Security): Decrypted keytype 20 usage 2 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...)] > [Decrypted keytype 20 usage 2 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=100 num_tries=1)] > [Used keymap=all_keys num_keys=100 num_tries=1)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40290000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 1... = transited-policy-checked: True > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=46.5) (f9cd87d5...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=46.5) (f9cd87d5...)] > [Learnt encTicketPart_key keytype 18 (id=46.5) (f9cd87d5...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: f9cd87d5d3316001c8fd48be43708b5ee846509cd86f6d64c138cc15aafda2ab > crealm: IPA.TEST > cname > name-type: kRB5-NT-ENTERPRISE-PRINCIPAL (10) > cname-string: 1 item > CNameString: admin@IPA.TEST > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:43.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 1 item > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 3082038a30820386a00402020080a182037c04820378080000000000000001000000d001⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 080000000000000001000000d001000088000000000000000c0000006e00000058020000⦠> Verified Server checksum 20 keytype 20 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...) > [Expert Info (Chat/Security): Verified Server checksum 20 keytype 20 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...)] > [Verified Server checksum 20 keytype 20 using keytab principal cifs/master.ipa.test@IPA.TEST (id=keytab.83 same=0) (a9fce312...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=100 num_tries=1)] > [Used keymap=all_keys num_keys=100 num_tries=1)] > [Severity level: Chat] > [Group: Security] > Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Severity level: Chat] > [Group: Security] > Verified Ticket checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified Ticket checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified Ticket checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=kdc_checksum_key num_keys=1 num_tries=1)] > [Used keymap=kdc_checksum_key num_keys=1 num_tries=1)] > [Severity level: Chat] > [Group: Security] > Num Entries: 8 > Version: 0 > Type: Logon Info (1) > Size: 464 > Offset: 136 > PAC_LOGON_INFO: 01100800ccccccccc00100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 448 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 16:48:21.000000000 CEST > PWD Can Change: Jul 28, 2023 16:48:21.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: admin > Length: 10 > Size: 10 > Character Array: admin > Referent ID: 0x00020004 > Max Count: 5 > Offset: 0 > Actual Count: 5 > Acct Name: admin > Full Name: Administrator > Length: 26 > Size: 26 > Character Array: Administrator > Referent ID: 0x00020008 > Max Count: 13 > Offset: 0 > Actual Count: 13 > Full Name: Administrator > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 500 > Group RID: 512 > Num RIDs: 1 > GroupIDs > Referent ID: 0x0002001c > Max Count: 1 > GROUP_MEMBERSHIP: > Group RID: 512 > Attributes: 0x00000007 > .... .... .... .... .... .... .... .1.. = Enabled: The enabled bit is SET > .... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET > .... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000010 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...0 .... .... = Server Trust Account: This account is NOT a server_trust_account > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...1 .... = Normal Account: This account is a NORMAL_ACCOUNT > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-2 (Service Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 2 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 110 > Offset: 600 > UPN_DNS_INFO: 1c00180010003800030000000a0048001c00520000000000610064006d0069006e004000⦠> UPN Len: 28 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 56 > Flags: 0x00000003, UPN Name Constructed, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...1 = UPN Name Constructed: UPN Name is Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 10 > sAMAccountName Offset: 72 > objectSid Len: 28 > objectSid Offset: 82 > UPN Name: admin@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: admin > objectSid: S-1-5-21-3929993546-4107452863-2576714887-500 (Domain SID-Administrator) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-500 > RID: 500 (Administrator) > Type: Attributes Info (17) > Size: 8 > Offset: 712 > PAC_ATTRIBUTES_INFO: 0200000002000000 > Flags Valid Length: 2 > Flags: 0x00000002, PAC given Implicitly > .... .... .... .... .... .... .... ...0 = PAC Requested: PAC was NOT requested > .... .... .... .... .... .... .... ..1. = PAC given Implicitly: PAC was given implicitly > Type: Ticket Checksum (16) > Size: 28 > Offset: 720 > PAC_TICKET_CHECKSUM: 140000002de6f8af111227ca2a84ca4608aae34463682682af2daa6f > Type: 20 > Signature: 2de6f8af111227ca2a84ca4608aae34463682682af2daa6f > Type: Client Info Type (10) > Size: 38 > Offset: 752 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d9011c00610064006d0069006e0040004900500041002e00540045005300⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 28 > Name: admin@IPA.TEST > Type: Server Checksum (6) > Size: 28 > Offset: 792 > PAC_SERVER_CHECKSUM: 1400000016a16cde234d0b17fa1b121886d8e0a118b4b7fc44d942dd > Type: 20 > Signature: 16a16cde234d0b17fa1b121886d8e0a118b4b7fc44d942dd > Type: Privsvr Checksum (7) > Size: 28 > Offset: 824 > PAC_PRIVSVR_CHECKSUM: 140000000dcf08109368cdafabcffc19c6db4e12d1a355619fab1491 > Type: 20 > Signature: 0dcf08109368cdafabcffc19c6db4e12d1a355619fab1491 > Type: Unknown (19) > Size: 28 > Offset: 856 > Provides learnt encTicketPart_key in frame 46 keytype 18 (id=46.1 same=0) (bd30cfcb...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 46 keytype 18 (id=46.1 same=0) (bd30cfcb...)] > [Provides learnt encTicketPart_key in frame 46 keytype 18 (id=46.1 same=0) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Provides learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...) > [Expert Info (Chat/Security): Provides learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [Provides learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [Severity level: Chat] > [Group: Security] > Provides derived KrbFastReq_TGS_armorKey in frame 46 keytype 18 (id=46.3 same=0) (87384fd8...) > [Expert Info (Chat/Security): Provides derived KrbFastReq_TGS_armorKey in frame 46 keytype 18 (id=46.3 same=0) (87384fd8...)] > [Provides derived KrbFastReq_TGS_armorKey in frame 46 keytype 18 (id=46.3 same=0) (87384fd8...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [SRC1 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Provides learnt encTicketPart_key in frame 46 keytype 18 (id=46.4 same=1) (f9cd87d5...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 46 keytype 18 (id=46.4 same=1) (f9cd87d5...)] > [Provides learnt encTicketPart_key in frame 46 keytype 18 (id=46.4 same=1) (f9cd87d5...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 46 keytype 18 (id=46.5 same=0) (f9cd87d5...)] > [Provides learnt encTicketPart_key in frame 46 keytype 18 (id=46.5 same=0) (f9cd87d5...)] > [Severity level: Chat] > [Group: Security] > Provides learnt encTicketPart_key in frame 46 keytype 18 (id=46.5 same=0) (f9cd87d5...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 46 keytype 18 (id=46.5 same=0) (f9cd87d5...)] > [Provides learnt encTicketPart_key in frame 46 keytype 18 (id=46.5 same=0) (f9cd87d5...)] > [Severity level: Chat] > [Group: Security] > Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...)] > [Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > Used learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...) > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [Used learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 36 keytype 18 (id=36.1 same=1) (bd30cfcb...)] > [Used learnt encTicketPart_key in frame 36 keytype 18 (id=36.1 same=1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 46 keytype 18 (id=46.1 same=0) (bd30cfcb...)] > [Used learnt encTicketPart_key in frame 46 keytype 18 (id=46.1 same=0) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Used derived KrbFastReq_TGS_armorKey in frame 46 keytype 18 (id=46.3 same=0) (87384fd8...) > [Expert Info (Chat/Security): Used derived KrbFastReq_TGS_armorKey in frame 46 keytype 18 (id=46.3 same=0) (87384fd8...)] > [Used derived KrbFastReq_TGS_armorKey in frame 46 keytype 18 (id=46.3 same=0) (87384fd8...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [SRC1 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Used keytab principal cifs/master.ipa.test@IPA.TEST keytype 20 (id=keytab.83 same=0) (a9fce312...) > [Expert Info (Chat/Security): Used keytab principal cifs/master.ipa.test@IPA.TEST keytype 20 (id=keytab.83 same=0) (a9fce312...)] > [Used keytab principal cifs/master.ipa.test@IPA.TEST keytype 20 (id=keytab.83 same=0) (a9fce312...)] > [Severity level: Chat] > [Group: Security] > >Frame 47: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39494, Seq: 1, Ack: 4551, Len: 0 > >Frame 48: 2024 bytes on wire (16192 bits), 2024 bytes captured (16192 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39494, Seq: 1, Ack: 4551, Len: 1952 >Kerberos > Record Mark: 1948 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0111 1001 1100 = Record Length: 1948 > tgs-rep > pvno: 5 > msg-type: krb-tgs-rep (13) > padata: 1 item > PA-DATA pA-FX-FAST > padata-type: pA-FX-FAST (136) > padata-value: a081d33081d0a081cd3081caa003020112a281c20481bf939f8fbded2b81f8d7489af060⦠> armored-data > enc-fast-rep > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 939f8fbded2b81f8d7489af060a1030282fd89e47f070bb0d6cb051c66ee6bf1370cceee⦠> Decrypted keytype 18 usage 52 using derived KrbFastReq_TGS_armorKey in frame 46 (id=46.3 same=0) (87384fd8...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 52 using derived KrbFastReq_TGS_armorKey in frame 46 (id=46.3 same=0) (87384fd8...)] > [Decrypted keytype 18 usage 52 using derived KrbFastReq_TGS_armorKey in frame 46 (id=46.3 same=0) (87384fd8...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=100 num_tries=22)] > [Used keymap=all_keys num_keys=100 num_tries=22)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [SRC1 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > padata: 0 items > strengthen-key > Learnt KrbFastResponse_strengthen-key keytype 18 (id=48.1) (d40300b3...) > [Expert Info (Chat/Security): Learnt KrbFastResponse_strengthen-key keytype 18 (id=48.1) (d40300b3...)] > [Learnt KrbFastResponse_strengthen-key keytype 18 (id=48.1) (d40300b3...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: d40300b3068f1120469d4fa79564e1ce097379e35a8aff24def6818163119223 > finished > timestamp: Jul 28, 2023 17:29:43.000000000 CEST > usec: 675734 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > name-string: 2 items > KerberosString: cifs > KerberosString: master.ipa.test > ticket-checksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: 0fe69e7a6fd6713219a99b79 > nonce: 2053158447 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: AD-XK57.TEST > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > kvno: 1 > cipher: 9bd90bca685aa033f2fbde3d357bb345041bc3d2b6fdf1315fd6a6329b705056c0b7b76d⦠> Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=101 num_tries=5)] > [Used keymap=all_keys num_keys=101 num_tries=5)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40290000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 1... = transited-policy-checked: True > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=48.2) (e756396a...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=48.2) (e756396a...)] > [Learnt encTicketPart_key keytype 18 (id=48.2) (e756396a...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: e756396abf58692c38c22692406793aa9dbeb0627631e89df38ee107d6152c09 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:43.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 1 item > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 308204123082040ea00402020080a182040404820400080000000000000001000000d001⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 080000000000000001000000d001000088000000000000000c0000006e00000058020000⦠> Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=102 num_tries=5)] > [Used keymap=all_keys num_keys=102 num_tries=5)] > [Severity level: Chat] > [Group: Security] > Missing KDC checksum 16 keytype 18 (id=missing.1) > [Expert Info (Warning/Decryption): Missing KDC checksum 16 keytype 18 (id=missing.1)] > [Missing KDC checksum 16 keytype 18 (id=missing.1)] > [Severity level: Warning] > [Group: Decryption] > [Expert Info (Warning/Decryption): Used keymap=longterm_keys num_keys=92 num_tries=21)] > [Used keymap=longterm_keys num_keys=92 num_tries=21)] > [Severity level: Warning] > [Group: Decryption] > Missing KDC (for ticket) checksum 20 keytype -1 (id=missing.2) > [Expert Info (Warning/Decryption): Missing KDC (for ticket) checksum 20 keytype -1 (id=missing.2)] > [Missing KDC (for ticket) checksum 20 keytype -1 (id=missing.2)] > [Severity level: Warning] > [Group: Decryption] > [Expert Info (Warning/Decryption): Used keymap=kdc_checksum_key num_keys=0 num_tries=0)] > [Used keymap=kdc_checksum_key num_keys=0 num_tries=0)] > [Severity level: Warning] > [Group: Decryption] > Num Entries: 8 > Version: 0 > Type: Logon Info (1) > Size: 464 > Offset: 136 > PAC_LOGON_INFO: 01100800ccccccccc00100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 448 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 16:48:21.000000000 CEST > PWD Can Change: Jul 28, 2023 16:48:21.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: admin > Length: 10 > Size: 10 > Character Array: admin > Referent ID: 0x00020004 > Max Count: 5 > Offset: 0 > Actual Count: 5 > Acct Name: admin > Full Name: Administrator > Length: 26 > Size: 26 > Character Array: Administrator > Referent ID: 0x00020008 > Max Count: 13 > Offset: 0 > Actual Count: 13 > Full Name: Administrator > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 500 > Group RID: 512 > Num RIDs: 1 > GroupIDs > Referent ID: 0x0002001c > Max Count: 1 > GROUP_MEMBERSHIP: > Group RID: 512 > Attributes: 0x00000007 > .... .... .... .... .... .... .... .1.. = Enabled: The enabled bit is SET > .... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET > .... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000010 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...0 .... .... = Server Trust Account: This account is NOT a server_trust_account > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...1 .... = Normal Account: This account is a NORMAL_ACCOUNT > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-2 (Service Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 2 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 110 > Offset: 600 > UPN_DNS_INFO: 1c00180010003800030000000a0048001c00520000000000610064006d0069006e004000⦠> UPN Len: 28 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 56 > Flags: 0x00000003, UPN Name Constructed, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...1 = UPN Name Constructed: UPN Name is Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 10 > sAMAccountName Offset: 72 > objectSid Len: 28 > objectSid Offset: 82 > UPN Name: admin@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: admin > objectSid: S-1-5-21-3929993546-4107452863-2576714887-500 (Domain SID-Administrator) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-500 > RID: 500 (Administrator) > Type: Attributes Info (17) > Size: 8 > Offset: 712 > PAC_ATTRIBUTES_INFO: 0200000001000000 > Flags Valid Length: 2 > Flags: 0x00000001, PAC Requested > .... .... .... .... .... .... .... ...1 = PAC Requested: PAC was requested > .... .... .... .... .... .... .... ..0. = PAC given Implicitly: PAC was NOT given implicitly > Type: Ticket Checksum (16) > Size: 28 > Offset: 720 > PAC_TICKET_CHECKSUM: 140000002de6f8af111227ca2a84ca4608aae34463682682af2daa6f > Type: 20 > Signature: 2de6f8af111227ca2a84ca4608aae34463682682af2daa6f > Type: S4U Delegation Info (11) > Size: 184 > Offset: 752 > PAC_S4U_DELEGATION_INFO: 01100800cccccccca8000000000000000000020032003400040002000100000008000200⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 168 > PAC_S4U_DELEGATION_INFO: > Referent ID: 0x00020000 > S4U2proxyTarget: cifs/dc-xk57.ad-xk57.test > Length: 50 > Size: 52 > Character Array: cifs/dc-xk57.ad-xk57.test > Referent ID: 0x00020004 > Max Count: 26 > Offset: 0 > Actual Count: 25 > S4U2proxyTarget: cifs/dc-xk57.ad-xk57.test > TransitedListSize: 0x00000001 > S4UTransitedServices cifs/master.ipa.test@IPA.TEST > Referent ID: 0x00020008 > Max Count: 1 > Transited Service: cifs/master.ipa.test@IPA.TEST > Length: 58 > Size: 60 > Character Array: cifs/master.ipa.test@IPA.TEST > Referent ID: 0x0002000c > Max Count: 30 > Offset: 0 > Actual Count: 29 > Transited Service: cifs/master.ipa.test@IPA.TEST > Type: Client Info Type (10) > Size: 56 > Offset: 936 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d9012e00610064006d0069006e0040004900500041002e00540045005300⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 46 > Name: admin@IPA.TEST@IPA.TEST > Type: Server Checksum (6) > Size: 16 > Offset: 992 > PAC_SERVER_CHECKSUM: 100000001379583a3e5f54c43d9c8427 > Type: 16 > Signature: 1379583a3e5f54c43d9c8427 > Type: Privsvr Checksum (7) > Size: 16 > Offset: 1008 > PAC_PRIVSVR_CHECKSUM: 10000000040cc0ce452e191fe19ff6b6 > Type: 16 > Signature: 040cc0ce452e191fe19ff6b6 > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: a1c1e95068254a52801289550369fc4cec8c11d2ba6948407df4d61a2380b35171deda55⦠> Derived strengthen-reply-key keytype 18 (id=48.3) (674070ea...) > [Expert Info (Chat/Security): Derived strengthen-reply-key keytype 18 (id=48.3) (674070ea...)] > [Derived strengthen-reply-key keytype 18 (id=48.3) (674070ea...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 48 keytype 18 (id=48.1 same=0) (d40300b3...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 48 keytype 18 (id=48.1 same=0) (d40300b3...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [SRC2 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [Severity level: Chat] > [Group: Security] > Decrypted keytype 18 usage 9 using derived strengthen-reply-key in frame 48 (id=48.3 same=0) (674070ea...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 9 using derived strengthen-reply-key in frame 48 (id=48.3 same=0) (674070ea...)] > [Decrypted keytype 18 usage 9 using derived strengthen-reply-key in frame 48 (id=48.3 same=0) (674070ea...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=103 num_tries=15)] > [Used keymap=all_keys num_keys=103 num_tries=15)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 48 keytype 18 (id=48.1 same=0) (d40300b3...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 48 keytype 18 (id=48.1 same=0) (d40300b3...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [SRC2 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [Severity level: Chat] > [Group: Security] > encTGSRepPart > key > Learnt encTGSRepPart_key keytype 18 (id=48.4) (e756396a...) > [Expert Info (Chat/Security): Learnt encTGSRepPart_key keytype 18 (id=48.4) (e756396a...)] > [Learnt encTGSRepPart_key keytype 18 (id=48.4) (e756396a...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: e756396abf58692c38c22692406793aa9dbeb0627631e89df38ee107d6152c09 > last-req: 1 item > LastReq item > lr-type: lR-NONE (0) > lr-value: Jan 1, 1970 01:00:00.000000000 CET > nonce: 2053158447 > Padding: 0 > flags: 40290000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 1... = transited-policy-checked: True > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:43.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > srealm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: AD-XK57.TEST > encrypted-pa-data: 1 item > PA-DATA pA-PAC-OPTIONS > padata-type: pA-PAC-OPTIONS (167) > padata-value: 3009a00703050010000000 > Padding: 0 > flags: 10000000 > 0... .... = claims: False > .0.. .... = branch-aware: False > ..0. .... = forward-to-full-dc: False > ...1 .... = resource-based-constrained-delegation: True > Provides learnt KrbFastResponse_strengthen-key in frame 48 keytype 18 (id=48.1 same=0) (d40300b3...) > [Expert Info (Chat/Security): Provides learnt KrbFastResponse_strengthen-key in frame 48 keytype 18 (id=48.1 same=0) (d40300b3...)] > [Provides learnt KrbFastResponse_strengthen-key in frame 48 keytype 18 (id=48.1 same=0) (d40300b3...)] > [Severity level: Chat] > [Group: Security] > Provides learnt encTicketPart_key in frame 48 keytype 18 (id=48.2 same=1) (e756396a...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 48 keytype 18 (id=48.2 same=1) (e756396a...)] > [Provides learnt encTicketPart_key in frame 48 keytype 18 (id=48.2 same=1) (e756396a...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Provides learnt encTGSRepPart_key in frame 48 keytype 18 (id=48.4 same=0) (e756396a...)] > [Provides learnt encTGSRepPart_key in frame 48 keytype 18 (id=48.4 same=0) (e756396a...)] > [Severity level: Chat] > [Group: Security] > Provides derived strengthen-reply-key in frame 48 keytype 18 (id=48.3 same=0) (674070ea...) > [Expert Info (Chat/Security): Provides derived strengthen-reply-key in frame 48 keytype 18 (id=48.3 same=0) (674070ea...)] > [Provides derived strengthen-reply-key in frame 48 keytype 18 (id=48.3 same=0) (674070ea...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 48 keytype 18 (id=48.1 same=0) (d40300b3...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 48 keytype 18 (id=48.1 same=0) (d40300b3...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [SRC2 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [Severity level: Chat] > [Group: Security] > Provides learnt encTGSRepPart_key in frame 48 keytype 18 (id=48.4 same=0) (e756396a...) > [Expert Info (Chat/Security): Provides learnt encTGSRepPart_key in frame 48 keytype 18 (id=48.4 same=0) (e756396a...)] > [Provides learnt encTGSRepPart_key in frame 48 keytype 18 (id=48.4 same=0) (e756396a...)] > [Severity level: Chat] > [Group: Security] > Missing checksum 16 keytype 18 missing in frame 48 keytype 18 (id=missing.1 same=0) (00000000...) > [Expert Info (Warning/Decryption): Missing checksum 16 keytype 18 missing in frame 48 keytype 18 (id=missing.1 same=0) (00000000...)] > [Missing checksum 16 keytype 18 missing in frame 48 keytype 18 (id=missing.1 same=0) (00000000...)] > [Severity level: Warning] > [Group: Decryption] > Missing checksum 20 keytype -1 missing in frame 48 keytype -1 (id=missing.2 same=0) (00000000...) > [Expert Info (Warning/Decryption): Missing checksum 20 keytype -1 missing in frame 48 keytype -1 (id=missing.2 same=0) (00000000...)] > [Missing checksum 20 keytype -1 missing in frame 48 keytype -1 (id=missing.2 same=0) (00000000...)] > [Severity level: Warning] > [Group: Decryption] > Used derived KrbFastReq_TGS_armorKey in frame 46 keytype 18 (id=46.3 same=0) (87384fd8...) > [Expert Info (Chat/Security): Used derived KrbFastReq_TGS_armorKey in frame 46 keytype 18 (id=46.3 same=0) (87384fd8...)] > [Used derived KrbFastReq_TGS_armorKey in frame 46 keytype 18 (id=46.3 same=0) (87384fd8...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [SRC1 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=2) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Used keytab principal krbtgt/AD-XK57.TEST@IPA.TEST keytype 18 (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Used keytab principal krbtgt/AD-XK57.TEST@IPA.TEST keytype 18 (id=keytab.90 same=0) (e15eec3b...)] > [Used keytab principal krbtgt/AD-XK57.TEST@IPA.TEST keytype 18 (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > Used derived strengthen-reply-key in frame 48 keytype 18 (id=48.3 same=0) (674070ea...) > [Expert Info (Chat/Security): Used derived strengthen-reply-key in frame 48 keytype 18 (id=48.3 same=0) (674070ea...)] > [Used derived strengthen-reply-key in frame 48 keytype 18 (id=48.3 same=0) (674070ea...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 48 keytype 18 (id=48.1 same=0) (d40300b3...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 48 keytype 18 (id=48.1 same=0) (d40300b3...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [SRC2 learnt authenticator_subkey in frame 46 keytype 18 (id=46.2 same=0) (c005a296...)] > [Severity level: Chat] > [Group: Security] > >Frame 49: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39494, Dst Port: 88, Seq: 4551, Ack: 1953, Len: 0 > >Frame 50: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39494, Dst Port: 88, Seq: 4551, Ack: 1953, Len: 0 > >Frame 51: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39494, Seq: 1953, Ack: 4552, Len: 0 > >Frame 52: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39494, Dst Port: 88, Seq: 4552, Ack: 1954, Len: 0 > >Frame 53: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39508, Dst Port: 88, Seq: 0, Len: 0 > >Frame 54: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39508, Seq: 0, Ack: 1, Len: 0 > >Frame 55: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39508, Dst Port: 88, Seq: 1, Ack: 1, Len: 0 > >Frame 56: 2072 bytes on wire (16576 bits), 2072 bytes captured (16576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39508, Dst Port: 88, Seq: 1, Ack: 1, Len: 2000 >Kerberos > Record Mark: 1996 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0111 1100 1100 = Record Length: 1996 > tgs-req > pvno: 5 > msg-type: krb-tgs-req (12) > padata: 2 items > PA-DATA pA-TGS-REQ > padata-type: pA-TGS-REQ (1) > padata-value: 6e82064c30820648a003020105a10302010ea20703050000000000a38205696182056530⦠> ap-req > pvno: 5 > msg-type: krb-ap-req (14) > Padding: 0 > ap-options: 00000000 > 0... .... = reserved: False > .0.. .... = use-session-key: False > ..0. .... = mutual-required: False > ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: IPA.TEST > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > kvno: 1 > cipher: c1f2e11698368816b7cfe6ffb2cd6b881d8f2a9644d9f55e478dcbf5e7ab8f0cfe344793⦠> Decrypted keytype 20 usage 2 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Decrypted keytype 20 usage 2 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Decrypted keytype 20 usage 2 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=103 num_tries=9)] > [Used keymap=all_keys num_keys=103 num_tries=9)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40610000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .1.. .... = initial: True > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 0... = transited-policy-checked: False > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=56.1) (bd30cfcb...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=56.1) (bd30cfcb...)] > [Learnt encTicketPart_key keytype 18 (id=56.1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: bd30cfcb47edbbd2e7fd0e4a9f5bb1eec4c8c4eb9007a02eb88b50d969696cfb > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 2 items > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 308203a23082039ea00402020080a182039404820390070000000000000001000000c801⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 070000000000000001000000c801000078000000000000000c000000ac00000040020000⦠> Verified Server checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified Server checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified Server checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=103 num_tries=9)] > [Used keymap=all_keys num_keys=103 num_tries=9)] > [Severity level: Chat] > [Group: Security] > Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Verified KDC checksum 20 keytype 20 using keytab principal krbtgt/IPA.TEST@IPA.TEST (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Used keymap=longterm_keys num_keys=92 num_tries=9)] > [Severity level: Chat] > [Group: Security] > Num Entries: 7 > Version: 0 > Type: Logon Info (1) > Size: 456 > Offset: 120 > PAC_LOGON_INFO: 01100800ccccccccb80100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 440 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 17:04:43.000000000 CEST > PWD Can Change: Jul 28, 2023 17:04:43.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: cifs/master.ipa.test > Length: 40 > Size: 40 > Character Array: cifs/master.ipa.test > Referent ID: 0x00020004 > Max Count: 20 > Offset: 0 > Actual Count: 20 > Acct Name: cifs/master.ipa.test > Full Name > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020008 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 516 > Group RID: 515 > Num RIDs: 0 > GroupIDs > Referent ID: 0x0002001c > Max Count: 0 > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000100 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...1 .... .... = Server Trust Account: This account is a SERVER_TRUST_ACCOUNT > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...0 .... = Normal Account: This account is NOT a normal_account > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-1 (Authentication Authority Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 1 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 172 > Offset: 576 > UPN_DNS_INFO: 3a0018001000580002000000280068001c0090000000000063006900660073002f006d00⦠> UPN Len: 58 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 88 > Flags: 0x00000002, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...0 = UPN Name Constructed: UPN Name is NOT Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 40 > sAMAccountName Offset: 104 > objectSid Len: 28 > objectSid Offset: 144 > UPN Name: cifs/master.ipa.test@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: cifs/master.ipa.test > objectSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Attributes Info (17) > Size: 8 > Offset: 752 > PAC_ATTRIBUTES_INFO: 0200000002000000 > Flags Valid Length: 2 > Flags: 0x00000002, PAC given Implicitly > .... .... .... .... .... .... .... ...0 = PAC Requested: PAC was NOT requested > .... .... .... .... .... .... .... ..1. = PAC given Implicitly: PAC was given implicitly > Type: Requester Sid (18) > Size: 28 > Offset: 760 > PAC_REQUESTER_SID: 0105000000000005150000004af13eeabfc1d2f4878c959904020000 > RequesterSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Client Info Type (10) > Size: 50 > Offset: 792 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d901280063006900660073002f006d00610073007400650072002e006900⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 40 > Name: cifs/master.ipa.test > Type: Server Checksum (6) > Size: 28 > Offset: 848 > PAC_SERVER_CHECKSUM: 14000000919fead9c156c6ed7a75250f455a0abb4f955251cd46326c > Type: 20 > Signature: 919fead9c156c6ed7a75250f455a0abb4f955251cd46326c > Type: Privsvr Checksum (7) > Size: 28 > Offset: 880 > PAC_PRIVSVR_CHECKSUM: 140000007ece6df3a058c66c4db38123fe3b12872e391b903b57413d > Type: 20 > Signature: 7ece6df3a058c66c4db38123fe3b12872e391b903b57413d > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 307f307da003020160a17604743072a01930173015a003020161a10e040c300a0c086861⦠> AuthorizationData item > ad-type: Unknown (96) > ad-data: 3072a01930173015a003020161a10e040c300a0c0868617264656e6564a12c302aa10302⦠> authenticator > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 192cded8f98cbe4e767fb2e4f536e5735da16f27dfd94d85e1adeb2d7b8d753a569d0fd7⦠> Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 16 (id=16.1 same=3) (bd30cfcb...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 16 (id=16.1 same=3) (bd30cfcb...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 16 (id=16.1 same=3) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=103 num_tries=15)] > [Used keymap=all_keys num_keys=103 num_tries=15)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 36 (id=36.1 same=2) (bd30cfcb...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 36 (id=36.1 same=2) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 46 (id=46.1 same=1) (bd30cfcb...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 46 (id=46.1 same=1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 56 (id=56.1 same=0) (bd30cfcb...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 56 (id=56.1 same=0) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > authenticator > authenticator-vno: 5 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > cksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: 6a987ad6ae63d2ef7c6d5a9d > cusec: 637477 > ctime: Jul 28, 2023 17:29:43.000000000 CEST > subkey > Learnt authenticator_subkey keytype 18 (id=56.2) (bcebfcc7...) > [Expert Info (Chat/Security): Learnt authenticator_subkey keytype 18 (id=56.2) (bcebfcc7...)] > [Learnt authenticator_subkey keytype 18 (id=56.2) (bcebfcc7...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: bcebfcc7f1616bd70e7130e26292eb2ad9c8e8d14488f9de5f103ecc1782870f > PA-DATA pA-FX-FAST > padata-type: pA-FX-FAST (136) > padata-value: a081cc3081c9a1173015a003020110a10e040ccf3f0c0a4ad4c692e87427eba281ad3081⦠> armored-data > req-checksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: cf3f0c0a4ad4c692e87427eb > enc-fast-req > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: a0ff78317752ada5b77a0c8d8a6792e9f76bbb2f4d3c1dd8a659cfcddf283fe52acbf044⦠> Derived KrbFastReq_TGS_armorKey keytype 18 (id=56.3) (73bf94d1...) > [Expert Info (Chat/Security): Derived KrbFastReq_TGS_armorKey keytype 18 (id=56.3) (73bf94d1...)] > [Derived KrbFastReq_TGS_armorKey keytype 18 (id=56.3) (73bf94d1...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [SRC1 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 56 (id=56.3 same=0) (73bf94d1...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 56 (id=56.3 same=0) (73bf94d1...)] > [Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 56 (id=56.3 same=0) (73bf94d1...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=105 num_tries=5)] > [Used keymap=all_keys num_keys=105 num_tries=5)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [SRC1 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Padding: 0 > fast-options: 00000000 > 0... .... = reserved: False > .0.. .... = hide-client-names: False > ..0. .... = spare_bit2: False > ...0 .... = spare_bit3: False > .... 0... = spare_bit4: False > .... .0.. = spare_bit5: False > .... ..0. = spare_bit6: False > .... ...0 = spare_bit7: False > 0... .... = spare_bit8: False > .0.. .... = spare_bit9: False > ..0. .... = spare_bit10: False > ...0 .... = spare_bit11: False > .... 0... = spare_bit12: False > .... .0.. = spare_bit13: False > .... ..0. = spare_bit14: False > .... ...0 = spare_bit15: False > 0... .... = kdc-follow-referrals: False > padata: 0 items > req-body > Padding: 0 > kdc-options: 40010000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..0. = constrained-delegation: False > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...0 .... = renewable-ok: False > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > realm: IPA.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: dc-xk57.ad-xk57.test > till: Jul 29, 2023 17:25:40.000000000 CEST > nonce: 177995597 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > req-body > Padding: 0 > kdc-options: 40010000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..0. = constrained-delegation: False > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...0 .... = renewable-ok: False > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > realm: IPA.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: dc-xk57.ad-xk57.test > till: Jul 29, 2023 17:25:40.000000000 CEST > nonce: 177995597 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > Provides learnt encTicketPart_key in frame 56 keytype 18 (id=56.1 same=0) (bd30cfcb...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 56 keytype 18 (id=56.1 same=0) (bd30cfcb...)] > [Provides learnt encTicketPart_key in frame 56 keytype 18 (id=56.1 same=0) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Provides learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...) > [Expert Info (Chat/Security): Provides learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [Provides learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [Severity level: Chat] > [Group: Security] > Provides derived KrbFastReq_TGS_armorKey in frame 56 keytype 18 (id=56.3 same=0) (73bf94d1...) > [Expert Info (Chat/Security): Provides derived KrbFastReq_TGS_armorKey in frame 56 keytype 18 (id=56.3 same=0) (73bf94d1...)] > [Provides derived KrbFastReq_TGS_armorKey in frame 56 keytype 18 (id=56.3 same=0) (73bf94d1...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [SRC1 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...) > [Expert Info (Chat/Security): Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...)] > [Used keytab principal krbtgt/IPA.TEST@IPA.TEST keytype 20 (id=keytab.21 same=0) (bc1bad17...)] > [Severity level: Chat] > [Group: Security] > Used learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...) > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [Used learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 36 keytype 18 (id=36.1 same=2) (bd30cfcb...)] > [Used learnt encTicketPart_key in frame 36 keytype 18 (id=36.1 same=2) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 46 keytype 18 (id=46.1 same=1) (bd30cfcb...)] > [Used learnt encTicketPart_key in frame 46 keytype 18 (id=46.1 same=1) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 56 keytype 18 (id=56.1 same=0) (bd30cfcb...)] > [Used learnt encTicketPart_key in frame 56 keytype 18 (id=56.1 same=0) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Used derived KrbFastReq_TGS_armorKey in frame 56 keytype 18 (id=56.3 same=0) (73bf94d1...) > [Expert Info (Chat/Security): Used derived KrbFastReq_TGS_armorKey in frame 56 keytype 18 (id=56.3 same=0) (73bf94d1...)] > [Used derived KrbFastReq_TGS_armorKey in frame 56 keytype 18 (id=56.3 same=0) (73bf94d1...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [SRC1 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > >Frame 57: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39508, Seq: 1, Ack: 2001, Len: 0 > >Frame 58: 1977 bytes on wire (15816 bits), 1977 bytes captured (15816 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39508, Seq: 1, Ack: 2001, Len: 1905 >Kerberos > Record Mark: 1901 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0111 0110 1101 = Record Length: 1901 > tgs-rep > pvno: 5 > msg-type: krb-tgs-rep (13) > padata: 1 item > PA-DATA pA-FX-FAST > padata-type: pA-FX-FAST (136) > padata-value: a081d33081d0a081cd3081caa003020112a281c20481bf2173fe79ca0d53ca088bf96cce⦠> armored-data > enc-fast-rep > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 2173fe79ca0d53ca088bf96ccea94e302796acc9db3dd0e4b50e13fbce3b9dc2ffd72bf7⦠> Decrypted keytype 18 usage 52 using derived KrbFastReq_TGS_armorKey in frame 56 (id=56.3 same=0) (73bf94d1...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 52 using derived KrbFastReq_TGS_armorKey in frame 56 (id=56.3 same=0) (73bf94d1...)] > [Decrypted keytype 18 usage 52 using derived KrbFastReq_TGS_armorKey in frame 56 (id=56.3 same=0) (73bf94d1...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=105 num_tries=5)] > [Used keymap=all_keys num_keys=105 num_tries=5)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [SRC1 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > padata: 0 items > strengthen-key > Learnt KrbFastResponse_strengthen-key keytype 18 (id=58.1) (c71e5097...) > [Expert Info (Chat/Security): Learnt KrbFastResponse_strengthen-key keytype 18 (id=58.1) (c71e5097...)] > [Learnt KrbFastResponse_strengthen-key keytype 18 (id=58.1) (c71e5097...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: c71e5097a41be483d3c01975528a73ea170291ba03ef1803462f9567bacc1339 > finished > timestamp: Jul 28, 2023 17:29:43.000000000 CEST > usec: 651123 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > name-string: 2 items > KerberosString: cifs > KerberosString: master.ipa.test > ticket-checksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: e495ed192a6ed2976d945d14 > nonce: 177995597 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: AD-XK57.TEST > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > kvno: 1 > cipher: 75ab30785f863c2783752628663c3707893f6af2d2c0355e61e14949aed52c65b92effc2⦠> Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=106 num_tries=7)] > [Used keymap=all_keys num_keys=106 num_tries=7)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40290000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 1... = transited-policy-checked: True > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=58.2) (47230605...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=58.2) (47230605...)] > [Learnt encTicketPart_key keytype 18 (id=58.2) (47230605...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: 47230605ca501d97ce313cc868729e87ad2ab3ca05e6bee6aac5956bbcd85a7b > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:43.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 2 items > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 308203823082037ea00402020080a182037404820370070000000000000001000000c801⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 070000000000000001000000c801000078000000000000000c000000ac00000040020000⦠> Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=107 num_tries=7)] > [Used keymap=all_keys num_keys=107 num_tries=7)] > [Severity level: Chat] > [Group: Security] > Missing KDC checksum 16 keytype 18 (id=missing.1) > [Expert Info (Warning/Decryption): Missing KDC checksum 16 keytype 18 (id=missing.1)] > [Missing KDC checksum 16 keytype 18 (id=missing.1)] > [Severity level: Warning] > [Group: Decryption] > [Expert Info (Warning/Decryption): Used keymap=longterm_keys num_keys=92 num_tries=21)] > [Used keymap=longterm_keys num_keys=92 num_tries=21)] > [Severity level: Warning] > [Group: Decryption] > Num Entries: 7 > Version: 0 > Type: Logon Info (1) > Size: 456 > Offset: 120 > PAC_LOGON_INFO: 01100800ccccccccb80100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 440 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 17:04:43.000000000 CEST > PWD Can Change: Jul 28, 2023 17:04:43.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: cifs/master.ipa.test > Length: 40 > Size: 40 > Character Array: cifs/master.ipa.test > Referent ID: 0x00020004 > Max Count: 20 > Offset: 0 > Actual Count: 20 > Acct Name: cifs/master.ipa.test > Full Name > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020008 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 516 > Group RID: 515 > Num RIDs: 0 > GroupIDs > Referent ID: 0x0002001c > Max Count: 0 > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000100 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...1 .... .... = Server Trust Account: This account is a SERVER_TRUST_ACCOUNT > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...0 .... = Normal Account: This account is NOT a normal_account > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-1 (Authentication Authority Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 1 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 172 > Offset: 576 > UPN_DNS_INFO: 3a0018001000580002000000280068001c0090000000000063006900660073002f006d00⦠> UPN Len: 58 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 88 > Flags: 0x00000002, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...0 = UPN Name Constructed: UPN Name is NOT Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 40 > sAMAccountName Offset: 104 > objectSid Len: 28 > objectSid Offset: 144 > UPN Name: cifs/master.ipa.test@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: cifs/master.ipa.test > objectSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Attributes Info (17) > Size: 8 > Offset: 752 > PAC_ATTRIBUTES_INFO: 0200000001000000 > Flags Valid Length: 2 > Flags: 0x00000001, PAC Requested > .... .... .... .... .... .... .... ...1 = PAC Requested: PAC was requested > .... .... .... .... .... .... .... ..0. = PAC given Implicitly: PAC was NOT given implicitly > Type: Requester Sid (18) > Size: 28 > Offset: 760 > PAC_REQUESTER_SID: 0105000000000005150000004af13eeabfc1d2f4878c959904020000 > RequesterSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Client Info Type (10) > Size: 50 > Offset: 792 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d901280063006900660073002f006d00610073007400650072002e006900⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 40 > Name: cifs/master.ipa.test > Type: Server Checksum (6) > Size: 16 > Offset: 848 > PAC_SERVER_CHECKSUM: 100000002e52c643300ff72fc7e5a562 > Type: 16 > Signature: 2e52c643300ff72fc7e5a562 > Type: Privsvr Checksum (7) > Size: 16 > Offset: 864 > PAC_PRIVSVR_CHECKSUM: 10000000f4741969eca361093a9810e8 > Type: 16 > Signature: f4741969eca361093a9810e8 > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 30733071a003020160a16a04683066a01930173015a003020161a10e040c300a0c086861⦠> AuthorizationData item > ad-type: Unknown (96) > ad-data: 3066a01930173015a003020161a10e040c300a0c0868617264656e6564a12c302aa10302⦠> enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: ddd78fe5bed1fdc49d1ecd51d0b653448db92cf5dd91d86bb106e8f7155d009810b3abc8⦠> Derived strengthen-reply-key keytype 18 (id=58.3) (76b618f6...) > [Expert Info (Chat/Security): Derived strengthen-reply-key keytype 18 (id=58.3) (76b618f6...)] > [Derived strengthen-reply-key keytype 18 (id=58.3) (76b618f6...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 58 keytype 18 (id=58.1 same=0) (c71e5097...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 58 keytype 18 (id=58.1 same=0) (c71e5097...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [SRC2 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [Severity level: Chat] > [Group: Security] > Decrypted keytype 18 usage 9 using derived strengthen-reply-key in frame 58 (id=58.3 same=0) (76b618f6...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 9 using derived strengthen-reply-key in frame 58 (id=58.3 same=0) (76b618f6...)] > [Decrypted keytype 18 usage 9 using derived strengthen-reply-key in frame 58 (id=58.3 same=0) (76b618f6...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=108 num_tries=24)] > [Used keymap=all_keys num_keys=108 num_tries=24)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 58 keytype 18 (id=58.1 same=0) (c71e5097...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 58 keytype 18 (id=58.1 same=0) (c71e5097...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [SRC2 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [Severity level: Chat] > [Group: Security] > encTGSRepPart > key > Learnt encTGSRepPart_key keytype 18 (id=58.4) (47230605...) > [Expert Info (Chat/Security): Learnt encTGSRepPart_key keytype 18 (id=58.4) (47230605...)] > [Learnt encTGSRepPart_key keytype 18 (id=58.4) (47230605...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: 47230605ca501d97ce313cc868729e87ad2ab3ca05e6bee6aac5956bbcd85a7b > last-req: 1 item > LastReq item > lr-type: lR-NONE (0) > lr-value: Jan 1, 1970 01:00:00.000000000 CET > nonce: 177995597 > Padding: 0 > flags: 40290000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 1... = transited-policy-checked: True > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:43.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > srealm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: AD-XK57.TEST > Provides learnt KrbFastResponse_strengthen-key in frame 58 keytype 18 (id=58.1 same=0) (c71e5097...) > [Expert Info (Chat/Security): Provides learnt KrbFastResponse_strengthen-key in frame 58 keytype 18 (id=58.1 same=0) (c71e5097...)] > [Provides learnt KrbFastResponse_strengthen-key in frame 58 keytype 18 (id=58.1 same=0) (c71e5097...)] > [Severity level: Chat] > [Group: Security] > Provides learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=1) (47230605...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=1) (47230605...)] > [Provides learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=1) (47230605...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Provides learnt encTGSRepPart_key in frame 58 keytype 18 (id=58.4 same=0) (47230605...)] > [Provides learnt encTGSRepPart_key in frame 58 keytype 18 (id=58.4 same=0) (47230605...)] > [Severity level: Chat] > [Group: Security] > Provides derived strengthen-reply-key in frame 58 keytype 18 (id=58.3 same=0) (76b618f6...) > [Expert Info (Chat/Security): Provides derived strengthen-reply-key in frame 58 keytype 18 (id=58.3 same=0) (76b618f6...)] > [Provides derived strengthen-reply-key in frame 58 keytype 18 (id=58.3 same=0) (76b618f6...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 58 keytype 18 (id=58.1 same=0) (c71e5097...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 58 keytype 18 (id=58.1 same=0) (c71e5097...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [SRC2 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [Severity level: Chat] > [Group: Security] > Provides learnt encTGSRepPart_key in frame 58 keytype 18 (id=58.4 same=0) (47230605...) > [Expert Info (Chat/Security): Provides learnt encTGSRepPart_key in frame 58 keytype 18 (id=58.4 same=0) (47230605...)] > [Provides learnt encTGSRepPart_key in frame 58 keytype 18 (id=58.4 same=0) (47230605...)] > [Severity level: Chat] > [Group: Security] > Missing checksum 16 keytype 18 missing in frame 58 keytype 18 (id=missing.1 same=0) (00000000...) > [Expert Info (Warning/Decryption): Missing checksum 16 keytype 18 missing in frame 58 keytype 18 (id=missing.1 same=0) (00000000...)] > [Missing checksum 16 keytype 18 missing in frame 58 keytype 18 (id=missing.1 same=0) (00000000...)] > [Severity level: Warning] > [Group: Decryption] > Used derived KrbFastReq_TGS_armorKey in frame 56 keytype 18 (id=56.3 same=0) (73bf94d1...) > [Expert Info (Chat/Security): Used derived KrbFastReq_TGS_armorKey in frame 56 keytype 18 (id=56.3 same=0) (73bf94d1...)] > [Used derived KrbFastReq_TGS_armorKey in frame 56 keytype 18 (id=56.3 same=0) (73bf94d1...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [SRC1 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [SRC2 learnt encTicketPart_key in frame 16 keytype 18 (id=16.1 same=3) (bd30cfcb...)] > [Severity level: Chat] > [Group: Security] > Used keytab principal krbtgt/AD-XK57.TEST@IPA.TEST keytype 18 (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Used keytab principal krbtgt/AD-XK57.TEST@IPA.TEST keytype 18 (id=keytab.90 same=0) (e15eec3b...)] > [Used keytab principal krbtgt/AD-XK57.TEST@IPA.TEST keytype 18 (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > Used derived strengthen-reply-key in frame 58 keytype 18 (id=58.3 same=0) (76b618f6...) > [Expert Info (Chat/Security): Used derived strengthen-reply-key in frame 58 keytype 18 (id=58.3 same=0) (76b618f6...)] > [Used derived strengthen-reply-key in frame 58 keytype 18 (id=58.3 same=0) (76b618f6...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 58 keytype 18 (id=58.1 same=0) (c71e5097...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 58 keytype 18 (id=58.1 same=0) (c71e5097...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [SRC2 learnt authenticator_subkey in frame 56 keytype 18 (id=56.2 same=0) (bcebfcc7...)] > [Severity level: Chat] > [Group: Security] > >Frame 59: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39508, Dst Port: 88, Seq: 2001, Ack: 1906, Len: 0 > >Frame 60: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39508, Dst Port: 88, Seq: 2001, Ack: 1906, Len: 0 > >Frame 61: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 39508, Seq: 1906, Ack: 2002, Len: 0 > >Frame 62: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 39508, Dst Port: 88, Seq: 2002, Ack: 1907, Len: 0 > >Frame 63: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.112 >Transmission Control Protocol, Src Port: 47200, Dst Port: 88, Seq: 0, Len: 0 > >Frame 64: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.112, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 47200, Seq: 0, Ack: 1, Len: 0 > >Frame 65: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.112 >Transmission Control Protocol, Src Port: 47200, Dst Port: 88, Seq: 1, Ack: 1, Len: 0 > >Frame 66: 2032 bytes on wire (16256 bits), 2032 bytes captured (16256 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.112 >Transmission Control Protocol, Src Port: 47200, Dst Port: 88, Seq: 1, Ack: 1, Len: 1972 >Kerberos > Record Mark: 1968 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0111 1011 0000 = Record Length: 1968 > tgs-req > pvno: 5 > msg-type: krb-tgs-req (12) > padata: 2 items > PA-DATA pA-TGS-REQ > padata-type: pA-TGS-REQ (1) > padata-value: 6e82062830820624a003020105a10302010ea20703050000000000a38205456182054130⦠> ap-req > pvno: 5 > msg-type: krb-ap-req (14) > Padding: 0 > ap-options: 00000000 > 0... .... = reserved: False > .0.. .... = use-session-key: False > ..0. .... = mutual-required: False > ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: AD-XK57.TEST > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > kvno: 1 > cipher: 75ab30785f863c2783752628663c3707893f6af2d2c0355e61e14949aed52c65b92effc2⦠> Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=108 num_tries=7)] > [Used keymap=all_keys num_keys=108 num_tries=7)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40290000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 1... = transited-policy-checked: True > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=66.1) (47230605...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=66.1) (47230605...)] > [Learnt encTicketPart_key keytype 18 (id=66.1) (47230605...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: 47230605ca501d97ce313cc868729e87ad2ab3ca05e6bee6aac5956bbcd85a7b > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:43.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 2 items > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 308203823082037ea00402020080a182037404820370070000000000000001000000c801⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 070000000000000001000000c801000078000000000000000c000000ac00000040020000⦠> Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=108 num_tries=7)] > [Used keymap=all_keys num_keys=108 num_tries=7)] > [Severity level: Chat] > [Group: Security] > Missing KDC checksum 16 keytype 18 (id=missing.1) > [Expert Info (Warning/Decryption): Missing KDC checksum 16 keytype 18 (id=missing.1)] > [Missing KDC checksum 16 keytype 18 (id=missing.1)] > [Severity level: Warning] > [Group: Decryption] > [Expert Info (Warning/Decryption): Used keymap=longterm_keys num_keys=92 num_tries=21)] > [Used keymap=longterm_keys num_keys=92 num_tries=21)] > [Severity level: Warning] > [Group: Decryption] > Num Entries: 7 > Version: 0 > Type: Logon Info (1) > Size: 456 > Offset: 120 > PAC_LOGON_INFO: 01100800ccccccccb80100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 440 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 17:04:43.000000000 CEST > PWD Can Change: Jul 28, 2023 17:04:43.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: cifs/master.ipa.test > Length: 40 > Size: 40 > Character Array: cifs/master.ipa.test > Referent ID: 0x00020004 > Max Count: 20 > Offset: 0 > Actual Count: 20 > Acct Name: cifs/master.ipa.test > Full Name > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020008 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 516 > Group RID: 515 > Num RIDs: 0 > GroupIDs > Referent ID: 0x0002001c > Max Count: 0 > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000100 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...1 .... .... = Server Trust Account: This account is a SERVER_TRUST_ACCOUNT > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...0 .... = Normal Account: This account is NOT a normal_account > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-1 (Authentication Authority Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 1 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 172 > Offset: 576 > UPN_DNS_INFO: 3a0018001000580002000000280068001c0090000000000063006900660073002f006d00⦠> UPN Len: 58 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 88 > Flags: 0x00000002, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...0 = UPN Name Constructed: UPN Name is NOT Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 40 > sAMAccountName Offset: 104 > objectSid Len: 28 > objectSid Offset: 144 > UPN Name: cifs/master.ipa.test@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: cifs/master.ipa.test > objectSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Attributes Info (17) > Size: 8 > Offset: 752 > PAC_ATTRIBUTES_INFO: 0200000001000000 > Flags Valid Length: 2 > Flags: 0x00000001, PAC Requested > .... .... .... .... .... .... .... ...1 = PAC Requested: PAC was requested > .... .... .... .... .... .... .... ..0. = PAC given Implicitly: PAC was NOT given implicitly > Type: Requester Sid (18) > Size: 28 > Offset: 760 > PAC_REQUESTER_SID: 0105000000000005150000004af13eeabfc1d2f4878c959904020000 > RequesterSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Client Info Type (10) > Size: 50 > Offset: 792 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d901280063006900660073002f006d00610073007400650072002e006900⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 40 > Name: cifs/master.ipa.test > Type: Server Checksum (6) > Size: 16 > Offset: 848 > PAC_SERVER_CHECKSUM: 100000002e52c643300ff72fc7e5a562 > Type: 16 > Signature: 2e52c643300ff72fc7e5a562 > Type: Privsvr Checksum (7) > Size: 16 > Offset: 864 > PAC_PRIVSVR_CHECKSUM: 10000000f4741969eca361093a9810e8 > Type: 16 > Signature: f4741969eca361093a9810e8 > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 30733071a003020160a16a04683066a01930173015a003020161a10e040c300a0c086861⦠> AuthorizationData item > ad-type: Unknown (96) > ad-data: 3066a01930173015a003020161a10e040c300a0c0868617264656e6564a12c302aa10302⦠> authenticator > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 914e0c54c815b731f654b4ffa9ab1338c3b2c0644814d05d0219bf58daacae4a4e146f4f⦠> Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 58 (id=58.2 same=2) (47230605...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 58 (id=58.2 same=2) (47230605...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 58 (id=58.2 same=2) (47230605...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=108 num_tries=13)] > [Used keymap=all_keys num_keys=108 num_tries=13)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTGSRepPart_key in frame 58 (id=58.4 same=1) (47230605...)] > [Decrypted keytype 18 usage 7 using learnt encTGSRepPart_key in frame 58 (id=58.4 same=1) (47230605...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 66 (id=66.1 same=0) (47230605...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 66 (id=66.1 same=0) (47230605...)] > [Severity level: Chat] > [Group: Security] > authenticator > authenticator-vno: 5 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > cksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: 932c8f545f267effbb4f12c5 > cusec: 637493 > ctime: Jul 28, 2023 17:29:43.000000000 CEST > subkey > Learnt authenticator_subkey keytype 18 (id=66.2) (fd4818a8...) > [Expert Info (Chat/Security): Learnt authenticator_subkey keytype 18 (id=66.2) (fd4818a8...)] > [Learnt authenticator_subkey keytype 18 (id=66.2) (fd4818a8...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: fd4818a8b344ba955bdc1785afae4e1f0d36a3258d26fb7393bd5002b9e93649 > PA-DATA pA-FX-FAST > padata-type: pA-FX-FAST (136) > padata-value: a081d03081cda1173015a003020110a10e040cefe47bc166bd9d5750c23be6a281b13081⦠> armored-data > req-checksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: efe47bc166bd9d5750c23be6 > enc-fast-req > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 3bd64616e90af55174d5c2eebbf513a29fbedb3d2bc50dcc8cd656200dc1761c84c672d1⦠> Derived KrbFastReq_TGS_armorKey keytype 18 (id=66.3) (1635dce1...) > [Expert Info (Chat/Security): Derived KrbFastReq_TGS_armorKey keytype 18 (id=66.3) (1635dce1...)] > [Derived KrbFastReq_TGS_armorKey keytype 18 (id=66.3) (1635dce1...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [SRC1 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [Severity level: Chat] > [Group: Security] > Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 66 (id=66.3 same=0) (1635dce1...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 66 (id=66.3 same=0) (1635dce1...)] > [Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 66 (id=66.3 same=0) (1635dce1...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=110 num_tries=30)] > [Used keymap=all_keys num_keys=110 num_tries=30)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [SRC1 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [Severity level: Chat] > [Group: Security] > Padding: 0 > fast-options: 00000000 > 0... .... = reserved: False > .0.. .... = hide-client-names: False > ..0. .... = spare_bit2: False > ...0 .... = spare_bit3: False > .... 0... = spare_bit4: False > .... .0.. = spare_bit5: False > .... ..0. = spare_bit6: False > .... ...0 = spare_bit7: False > 0... .... = spare_bit8: False > .0.. .... = spare_bit9: False > ..0. .... = spare_bit10: False > ...0 .... = spare_bit11: False > .... 0... = spare_bit12: False > .... .0.. = spare_bit13: False > .... ..0. = spare_bit14: False > .... ...0 = spare_bit15: False > 0... .... = kdc-follow-referrals: False > padata: 0 items > req-body > Padding: 0 > kdc-options: 40010000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..0. = constrained-delegation: False > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...0 .... = renewable-ok: False > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > realm: AD-XK57.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: dc-xk57.ad-xk57.test > till: Jul 29, 2023 17:25:40.000000000 CEST > nonce: 241224614 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > req-body > Padding: 0 > kdc-options: 40010000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..0. = constrained-delegation: False > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...0 .... = renewable-ok: False > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > realm: AD-XK57.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: dc-xk57.ad-xk57.test > till: Jul 29, 2023 17:25:40.000000000 CEST > nonce: 241224614 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > Provides learnt encTicketPart_key in frame 66 keytype 18 (id=66.1 same=0) (47230605...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 66 keytype 18 (id=66.1 same=0) (47230605...)] > [Provides learnt encTicketPart_key in frame 66 keytype 18 (id=66.1 same=0) (47230605...)] > [Severity level: Chat] > [Group: Security] > Provides learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...) > [Expert Info (Chat/Security): Provides learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [Provides learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [Severity level: Chat] > [Group: Security] > Provides derived KrbFastReq_TGS_armorKey in frame 66 keytype 18 (id=66.3 same=0) (1635dce1...) > [Expert Info (Chat/Security): Provides derived KrbFastReq_TGS_armorKey in frame 66 keytype 18 (id=66.3 same=0) (1635dce1...)] > [Provides derived KrbFastReq_TGS_armorKey in frame 66 keytype 18 (id=66.3 same=0) (1635dce1...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [SRC1 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [Severity level: Chat] > [Group: Security] > Missing checksum 16 keytype 18 missing in frame 66 keytype 18 (id=missing.1 same=0) (00000000...) > [Expert Info (Warning/Decryption): Missing checksum 16 keytype 18 missing in frame 66 keytype 18 (id=missing.1 same=0) (00000000...)] > [Missing checksum 16 keytype 18 missing in frame 66 keytype 18 (id=missing.1 same=0) (00000000...)] > [Severity level: Warning] > [Group: Decryption] > Used keytab principal krbtgt/AD-XK57.TEST@IPA.TEST keytype 18 (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Used keytab principal krbtgt/AD-XK57.TEST@IPA.TEST keytype 18 (id=keytab.90 same=0) (e15eec3b...)] > [Used keytab principal krbtgt/AD-XK57.TEST@IPA.TEST keytype 18 (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > Used learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...) > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [Used learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used learnt encTGSRepPart_key in frame 58 keytype 18 (id=58.4 same=1) (47230605...)] > [Used learnt encTGSRepPart_key in frame 58 keytype 18 (id=58.4 same=1) (47230605...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 66 keytype 18 (id=66.1 same=0) (47230605...)] > [Used learnt encTicketPart_key in frame 66 keytype 18 (id=66.1 same=0) (47230605...)] > [Severity level: Chat] > [Group: Security] > Used derived KrbFastReq_TGS_armorKey in frame 66 keytype 18 (id=66.3 same=0) (1635dce1...) > [Expert Info (Chat/Security): Used derived KrbFastReq_TGS_armorKey in frame 66 keytype 18 (id=66.3 same=0) (1635dce1...)] > [Used derived KrbFastReq_TGS_armorKey in frame 66 keytype 18 (id=66.3 same=0) (1635dce1...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [SRC1 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [Severity level: Chat] > [Group: Security] > >Frame 67: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.112, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 47200, Seq: 1, Ack: 1973, Len: 0 > >Frame 68: 1873 bytes on wire (14984 bits), 1873 bytes captured (14984 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.112, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 47200, Seq: 1, Ack: 1973, Len: 1813 >Kerberos > Record Mark: 1809 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0111 0001 0001 = Record Length: 1809 > tgs-rep > pvno: 5 > msg-type: krb-tgs-rep (13) > padata: 1 item > PA-DATA pA-FX-FAST > padata-type: pA-FX-FAST (136) > padata-value: a081d33081d0a081cd3081caa003020112a281c20481bf9ebbd218d8c37aa3da9314ee7c⦠> armored-data > enc-fast-rep > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 9ebbd218d8c37aa3da9314ee7c803bbc53e881ec33915fadf7128ae92578b6ba3a201b33⦠> Decrypted keytype 18 usage 52 using derived KrbFastReq_TGS_armorKey in frame 66 (id=66.3 same=0) (1635dce1...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 52 using derived KrbFastReq_TGS_armorKey in frame 66 (id=66.3 same=0) (1635dce1...)] > [Decrypted keytype 18 usage 52 using derived KrbFastReq_TGS_armorKey in frame 66 (id=66.3 same=0) (1635dce1...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=110 num_tries=30)] > [Used keymap=all_keys num_keys=110 num_tries=30)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [SRC1 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [Severity level: Chat] > [Group: Security] > padata: 0 items > strengthen-key > Learnt KrbFastResponse_strengthen-key keytype 18 (id=68.1) (10f2d644...) > [Expert Info (Chat/Security): Learnt KrbFastResponse_strengthen-key keytype 18 (id=68.1) (10f2d644...)] > [Learnt KrbFastResponse_strengthen-key keytype 18 (id=68.1) (10f2d644...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: 10f2d64470060fe01c00cabd89354928a7b83d41275afb5becc8d950c70de745 > finished > timestamp: Jul 28, 2023 17:29:44.000000000 CEST > usec: 689675 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > name-string: 2 items > KerberosString: cifs > KerberosString: master.ipa.test > ticket-checksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: 13ea7d902b5fd9e8102a90f8 > nonce: 241224614 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > ticket > tkt-vno: 5 > realm: AD-XK57.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: dc-xk57.ad-xk57.test > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > kvno: 3 > cipher: e849bf14196bc32814d845fe550c3f070272df10b9f9bcbeb7a9d95189ed1e30fb6361b2⦠> Decrypted keytype 18 usage 2 using keytab principal DC-XK57$@AD-XK57.TEST (id=keytab.10 same=0) (a2ef280e...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 2 using keytab principal DC-XK57$@AD-XK57.TEST (id=keytab.10 same=0) (a2ef280e...)] > [Decrypted keytype 18 usage 2 using keytab principal DC-XK57$@AD-XK57.TEST (id=keytab.10 same=0) (a2ef280e...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=111 num_tries=2)] > [Used keymap=all_keys num_keys=111 num_tries=2)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40250000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 0... = transited-policy-checked: False > .... .1.. = ok-as-delegate: True > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=68.2) (19185210...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=68.2) (19185210...)] > [Learnt encTicketPart_key keytype 18 (id=68.2) (19185210...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: 191852105836d1c069cbaac8aa5e206e034129798eea02eb2860a05142ef9d9d > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:44.000000000 CEST > endtime: Jul 29, 2023 03:29:44.000000000 CEST > authorization-data: 1 item > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 3082037a30820376a00402020080a182036c04820368070000000000000001000000c801⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 070000000000000001000000c80100007800000000000000060000001000000040020000⦠> Verified Server checksum 16 keytype 18 using keytab principal DC-XK57$@AD-XK57.TEST (id=keytab.10 same=0) (a2ef280e...) > [Expert Info (Chat/Security): Verified Server checksum 16 keytype 18 using keytab principal DC-XK57$@AD-XK57.TEST (id=keytab.10 same=0) (a2ef280e...)] > [Verified Server checksum 16 keytype 18 using keytab principal DC-XK57$@AD-XK57.TEST (id=keytab.10 same=0) (a2ef280e...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=112 num_tries=2)] > [Used keymap=all_keys num_keys=112 num_tries=2)] > [Severity level: Chat] > [Group: Security] > Verified KDC checksum 16 keytype 18 using keytab principal krbtgt@AD-XK57.TEST (id=keytab.13 same=0) (e3e593c2...) > [Expert Info (Chat/Security): Verified KDC checksum 16 keytype 18 using keytab principal krbtgt@AD-XK57.TEST (id=keytab.13 same=0) (e3e593c2...)] > [Verified KDC checksum 16 keytype 18 using keytab principal krbtgt@AD-XK57.TEST (id=keytab.13 same=0) (e3e593c2...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=longterm_keys num_keys=92 num_tries=19)] > [Used keymap=longterm_keys num_keys=92 num_tries=19)] > [Severity level: Chat] > [Group: Security] > Verified Ticket checksum 16 keytype 18 using keytab principal krbtgt@AD-XK57.TEST (id=keytab.13 same=0) (e3e593c2...) > [Expert Info (Chat/Security): Verified Ticket checksum 16 keytype 18 using keytab principal krbtgt@AD-XK57.TEST (id=keytab.13 same=0) (e3e593c2...)] > [Verified Ticket checksum 16 keytype 18 using keytab principal krbtgt@AD-XK57.TEST (id=keytab.13 same=0) (e3e593c2...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=kdc_checksum_key num_keys=1 num_tries=1)] > [Used keymap=kdc_checksum_key num_keys=1 num_tries=1)] > [Severity level: Chat] > [Group: Security] > Num Entries: 7 > Version: 0 > Type: Logon Info (1) > Size: 456 > Offset: 120 > PAC_LOGON_INFO: 01100800ccccccccb80100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 440 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 17:04:43.000000000 CEST > PWD Can Change: Jul 28, 2023 17:04:43.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: cifs/master.ipa.test > Length: 40 > Size: 40 > Character Array: cifs/master.ipa.test > Referent ID: 0x00020004 > Max Count: 20 > Offset: 0 > Actual Count: 20 > Acct Name: cifs/master.ipa.test > Full Name > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020008 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 516 > Group RID: 515 > Num RIDs: 0 > GroupIDs > Referent ID: 0x0002001c > Max Count: 0 > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000100 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...1 .... .... = Server Trust Account: This account is a SERVER_TRUST_ACCOUNT > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...0 .... = Normal Account: This account is NOT a normal_account > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-1 (Authentication Authority Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 1 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: Server Checksum (6) > Size: 16 > Offset: 576 > PAC_SERVER_CHECKSUM: 10000000d276e35db9158e631922722a > Type: 16 > Signature: d276e35db9158e631922722a > Type: Privsvr Checksum (7) > Size: 16 > Offset: 592 > PAC_PRIVSVR_CHECKSUM: 10000000f45513e26a974083b3ed24b1 > Type: 16 > Signature: f45513e26a974083b3ed24b1 > Type: Client Info Type (10) > Size: 50 > Offset: 608 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d901280063006900660073002f006d00610073007400650072002e006900⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 40 > Name: cifs/master.ipa.test > Type: UPN DNS Info (12) > Size: 172 > Offset: 664 > UPN_DNS_INFO: 3a0018001000580002000000280068001c0090000000000063006900660073002f006d00⦠> UPN Len: 58 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 88 > Flags: 0x00000002, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...0 = UPN Name Constructed: UPN Name is NOT Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 40 > sAMAccountName Offset: 104 > objectSid Len: 28 > objectSid Offset: 144 > UPN Name: cifs/master.ipa.test@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: cifs/master.ipa.test > objectSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Ticket Checksum (16) > Size: 16 > Offset: 840 > PAC_TICKET_CHECKSUM: 1000000022ab2838d4d16521bd7f717f > Type: 16 > Signature: 22ab2838d4d16521bd7f717f > Type: Unknown (19) > Size: 16 > Offset: 856 > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 45b648125162431b25944e9539c52159bcd6e080ed3fc2af0c4bdc44e6e7fa1ad332837b⦠> Derived strengthen-reply-key keytype 18 (id=68.3) (f7bdcd0b...) > [Expert Info (Chat/Security): Derived strengthen-reply-key keytype 18 (id=68.3) (f7bdcd0b...)] > [Derived strengthen-reply-key keytype 18 (id=68.3) (f7bdcd0b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 68 keytype 18 (id=68.1 same=0) (10f2d644...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 68 keytype 18 (id=68.1 same=0) (10f2d644...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [SRC2 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [Severity level: Chat] > [Group: Security] > Decrypted keytype 18 usage 9 using derived strengthen-reply-key in frame 68 (id=68.3 same=0) (f7bdcd0b...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 9 using derived strengthen-reply-key in frame 68 (id=68.3 same=0) (f7bdcd0b...)] > [Decrypted keytype 18 usage 9 using derived strengthen-reply-key in frame 68 (id=68.3 same=0) (f7bdcd0b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=113 num_tries=30)] > [Used keymap=all_keys num_keys=113 num_tries=30)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 68 keytype 18 (id=68.1 same=0) (10f2d644...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 68 keytype 18 (id=68.1 same=0) (10f2d644...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [SRC2 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [Severity level: Chat] > [Group: Security] > encTGSRepPart > key > Learnt encTGSRepPart_key keytype 18 (id=68.4) (19185210...) > [Expert Info (Chat/Security): Learnt encTGSRepPart_key keytype 18 (id=68.4) (19185210...)] > [Learnt encTGSRepPart_key keytype 18 (id=68.4) (19185210...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: 191852105836d1c069cbaac8aa5e206e034129798eea02eb2860a05142ef9d9d > last-req: 1 item > LastReq item > lr-type: lR-NONE (0) > lr-value: Jul 28, 2023 17:29:44.000000000 CEST > nonce: 241224614 > Padding: 0 > flags: 40250000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 0... = transited-policy-checked: False > .... .1.. = ok-as-delegate: True > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:44.000000000 CEST > endtime: Jul 29, 2023 03:29:44.000000000 CEST > srealm: AD-XK57.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: dc-xk57.ad-xk57.test > encrypted-pa-data: 1 item > PA-DATA pA-SUPPORTED-ETYPES > padata-type: pA-SUPPORTED-ETYPES (165) > padata-value: 1f000000 > SupportedEnctypes: 0x0000001f, des-cbc-crc, des-cbc-md5, rc4-hmac, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 > .... .... .... .... .... .... .... ...1 = des-cbc-crc: Supported > .... .... .... .... .... .... .... ..1. = des-cbc-md5: Supported > .... .... .... .... .... .... .... .1.. = rc4-hmac: Supported > .... .... .... .... .... .... .... 1... = aes128-cts-hmac-sha1-96: Supported > .... .... .... .... .... .... ...1 .... = aes256-cts-hmac-sha1-96: Supported > .... .... .... ...0 .... .... .... .... = fast-supported: Not supported > .... .... .... ..0. .... .... .... .... = compound-identity-supported: Not supported > .... .... .... .0.. .... .... .... .... = claims-supported: Not supported > .... .... .... 0... .... .... .... .... = resource-sid-compression-disabled: Not supported > Provides learnt KrbFastResponse_strengthen-key in frame 68 keytype 18 (id=68.1 same=0) (10f2d644...) > [Expert Info (Chat/Security): Provides learnt KrbFastResponse_strengthen-key in frame 68 keytype 18 (id=68.1 same=0) (10f2d644...)] > [Provides learnt KrbFastResponse_strengthen-key in frame 68 keytype 18 (id=68.1 same=0) (10f2d644...)] > [Severity level: Chat] > [Group: Security] > Provides learnt encTicketPart_key in frame 68 keytype 18 (id=68.2 same=1) (19185210...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 68 keytype 18 (id=68.2 same=1) (19185210...)] > [Provides learnt encTicketPart_key in frame 68 keytype 18 (id=68.2 same=1) (19185210...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Provides learnt encTGSRepPart_key in frame 68 keytype 18 (id=68.4 same=0) (19185210...)] > [Provides learnt encTGSRepPart_key in frame 68 keytype 18 (id=68.4 same=0) (19185210...)] > [Severity level: Chat] > [Group: Security] > Provides derived strengthen-reply-key in frame 68 keytype 18 (id=68.3 same=0) (f7bdcd0b...) > [Expert Info (Chat/Security): Provides derived strengthen-reply-key in frame 68 keytype 18 (id=68.3 same=0) (f7bdcd0b...)] > [Provides derived strengthen-reply-key in frame 68 keytype 18 (id=68.3 same=0) (f7bdcd0b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 68 keytype 18 (id=68.1 same=0) (10f2d644...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 68 keytype 18 (id=68.1 same=0) (10f2d644...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [SRC2 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [Severity level: Chat] > [Group: Security] > Provides learnt encTGSRepPart_key in frame 68 keytype 18 (id=68.4 same=0) (19185210...) > [Expert Info (Chat/Security): Provides learnt encTGSRepPart_key in frame 68 keytype 18 (id=68.4 same=0) (19185210...)] > [Provides learnt encTGSRepPart_key in frame 68 keytype 18 (id=68.4 same=0) (19185210...)] > [Severity level: Chat] > [Group: Security] > Used derived KrbFastReq_TGS_armorKey in frame 66 keytype 18 (id=66.3 same=0) (1635dce1...) > [Expert Info (Chat/Security): Used derived KrbFastReq_TGS_armorKey in frame 66 keytype 18 (id=66.3 same=0) (1635dce1...)] > [Used derived KrbFastReq_TGS_armorKey in frame 66 keytype 18 (id=66.3 same=0) (1635dce1...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [SRC1 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=2) (47230605...)] > [Severity level: Chat] > [Group: Security] > Used keytab principal DC-XK57$@AD-XK57.TEST keytype 18 (id=keytab.10 same=0) (a2ef280e...) > [Expert Info (Chat/Security): Used keytab principal DC-XK57$@AD-XK57.TEST keytype 18 (id=keytab.10 same=0) (a2ef280e...)] > [Used keytab principal DC-XK57$@AD-XK57.TEST keytype 18 (id=keytab.10 same=0) (a2ef280e...)] > [Severity level: Chat] > [Group: Security] > Used keytab principal krbtgt@AD-XK57.TEST keytype 18 (id=keytab.13 same=0) (e3e593c2...) > [Expert Info (Chat/Security): Used keytab principal krbtgt@AD-XK57.TEST keytype 18 (id=keytab.13 same=0) (e3e593c2...)] > [Used keytab principal krbtgt@AD-XK57.TEST keytype 18 (id=keytab.13 same=0) (e3e593c2...)] > [Severity level: Chat] > [Group: Security] > Used derived strengthen-reply-key in frame 68 keytype 18 (id=68.3 same=0) (f7bdcd0b...) > [Expert Info (Chat/Security): Used derived strengthen-reply-key in frame 68 keytype 18 (id=68.3 same=0) (f7bdcd0b...)] > [Used derived strengthen-reply-key in frame 68 keytype 18 (id=68.3 same=0) (f7bdcd0b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt KrbFastResponse_strengthen-key in frame 68 keytype 18 (id=68.1 same=0) (10f2d644...)] > [SRC1 learnt KrbFastResponse_strengthen-key in frame 68 keytype 18 (id=68.1 same=0) (10f2d644...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [SRC2 learnt authenticator_subkey in frame 66 keytype 18 (id=66.2 same=0) (fd4818a8...)] > [Severity level: Chat] > [Group: Security] > >Frame 69: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.112 >Transmission Control Protocol, Src Port: 47200, Dst Port: 88, Seq: 1973, Ack: 1814, Len: 0 > >Frame 70: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.112 >Transmission Control Protocol, Src Port: 47200, Dst Port: 88, Seq: 1973, Ack: 1814, Len: 0 > >Frame 71: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.112, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 47200, Seq: 1814, Ack: 1974, Len: 0 > >Frame 72: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.112, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 47200, Seq: 1814, Ack: 1974, Len: 0 > >Frame 73: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.112 >Transmission Control Protocol, Src Port: 47216, Dst Port: 88, Seq: 0, Len: 0 > >Frame 74: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.112, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 47216, Seq: 0, Ack: 1, Len: 0 > >Frame 75: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.112 >Transmission Control Protocol, Src Port: 47216, Dst Port: 88, Seq: 1, Ack: 1, Len: 0 > >Frame 76: 4842 bytes on wire (38736 bits), 4842 bytes captured (38736 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.112 >Transmission Control Protocol, Src Port: 47216, Dst Port: 88, Seq: 1, Ack: 1, Len: 4782 >Kerberos > Record Mark: 4778 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0001 0010 1010 1010 = Record Length: 4778 > tgs-req > pvno: 5 > msg-type: krb-tgs-req (12) > padata: 3 items > PA-DATA pA-TGS-REQ > padata-type: pA-TGS-REQ (1) > padata-value: 6e82062830820624a003020105a10302010ea20703050000000000a38205456182054130⦠> ap-req > pvno: 5 > msg-type: krb-ap-req (14) > Padding: 0 > ap-options: 00000000 > 0... .... = reserved: False > .0.. .... = use-session-key: False > ..0. .... = mutual-required: False > ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: AD-XK57.TEST > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > kvno: 1 > cipher: 75ab30785f863c2783752628663c3707893f6af2d2c0355e61e14949aed52c65b92effc2⦠> Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=113 num_tries=7)] > [Used keymap=all_keys num_keys=113 num_tries=7)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40290000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 1... = transited-policy-checked: True > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=76.1) (47230605...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=76.1) (47230605...)] > [Learnt encTicketPart_key keytype 18 (id=76.1) (47230605...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: 47230605ca501d97ce313cc868729e87ad2ab3ca05e6bee6aac5956bbcd85a7b > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:43.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 2 items > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 308203823082037ea00402020080a182037404820370070000000000000001000000c801⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 070000000000000001000000c801000078000000000000000c000000ac00000040020000⦠> Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=113 num_tries=7)] > [Used keymap=all_keys num_keys=113 num_tries=7)] > [Severity level: Chat] > [Group: Security] > Missing KDC checksum 16 keytype 18 (id=missing.1) > [Expert Info (Warning/Decryption): Missing KDC checksum 16 keytype 18 (id=missing.1)] > [Missing KDC checksum 16 keytype 18 (id=missing.1)] > [Severity level: Warning] > [Group: Decryption] > [Expert Info (Warning/Decryption): Used keymap=longterm_keys num_keys=92 num_tries=21)] > [Used keymap=longterm_keys num_keys=92 num_tries=21)] > [Severity level: Warning] > [Group: Decryption] > Num Entries: 7 > Version: 0 > Type: Logon Info (1) > Size: 456 > Offset: 120 > PAC_LOGON_INFO: 01100800ccccccccb80100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 440 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 17:04:43.000000000 CEST > PWD Can Change: Jul 28, 2023 17:04:43.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: cifs/master.ipa.test > Length: 40 > Size: 40 > Character Array: cifs/master.ipa.test > Referent ID: 0x00020004 > Max Count: 20 > Offset: 0 > Actual Count: 20 > Acct Name: cifs/master.ipa.test > Full Name > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020008 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 516 > Group RID: 515 > Num RIDs: 0 > GroupIDs > Referent ID: 0x0002001c > Max Count: 0 > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000100 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...1 .... .... = Server Trust Account: This account is a SERVER_TRUST_ACCOUNT > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...0 .... = Normal Account: This account is NOT a normal_account > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-1 (Authentication Authority Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 1 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 172 > Offset: 576 > UPN_DNS_INFO: 3a0018001000580002000000280068001c0090000000000063006900660073002f006d00⦠> UPN Len: 58 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 88 > Flags: 0x00000002, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...0 = UPN Name Constructed: UPN Name is NOT Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 40 > sAMAccountName Offset: 104 > objectSid Len: 28 > objectSid Offset: 144 > UPN Name: cifs/master.ipa.test@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: cifs/master.ipa.test > objectSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Attributes Info (17) > Size: 8 > Offset: 752 > PAC_ATTRIBUTES_INFO: 0200000001000000 > Flags Valid Length: 2 > Flags: 0x00000001, PAC Requested > .... .... .... .... .... .... .... ...1 = PAC Requested: PAC was requested > .... .... .... .... .... .... .... ..0. = PAC given Implicitly: PAC was NOT given implicitly > Type: Requester Sid (18) > Size: 28 > Offset: 760 > PAC_REQUESTER_SID: 0105000000000005150000004af13eeabfc1d2f4878c959904020000 > RequesterSid: S-1-5-21-3929993546-4107452863-2576714887-516 (Domain SID-Domain Controllers) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-516 > RID: 516 (Domain Controllers) > Type: Client Info Type (10) > Size: 50 > Offset: 792 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d901280063006900660073002f006d00610073007400650072002e006900⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 40 > Name: cifs/master.ipa.test > Type: Server Checksum (6) > Size: 16 > Offset: 848 > PAC_SERVER_CHECKSUM: 100000002e52c643300ff72fc7e5a562 > Type: 16 > Signature: 2e52c643300ff72fc7e5a562 > Type: Privsvr Checksum (7) > Size: 16 > Offset: 864 > PAC_PRIVSVR_CHECKSUM: 10000000f4741969eca361093a9810e8 > Type: 16 > Signature: f4741969eca361093a9810e8 > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 30733071a003020160a16a04683066a01930173015a003020161a10e040c300a0c086861⦠> AuthorizationData item > ad-type: Unknown (96) > ad-data: 3066a01930173015a003020161a10e040c300a0c0868617264656e6564a12c302aa10302⦠> authenticator > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 6cab163f545d0ece9564b3b9526175269cb8abffec9ba5a98362ef200647792e56a04fac⦠> Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 58 (id=58.2 same=3) (47230605...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 58 (id=58.2 same=3) (47230605...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 58 (id=58.2 same=3) (47230605...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=113 num_tries=13)] > [Used keymap=all_keys num_keys=113 num_tries=13)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTGSRepPart_key in frame 58 (id=58.4 same=2) (47230605...)] > [Decrypted keytype 18 usage 7 using learnt encTGSRepPart_key in frame 58 (id=58.4 same=2) (47230605...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 66 (id=66.1 same=1) (47230605...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 66 (id=66.1 same=1) (47230605...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 76 (id=76.1 same=0) (47230605...)] > [Decrypted keytype 18 usage 7 using learnt encTicketPart_key in frame 76 (id=76.1 same=0) (47230605...)] > [Severity level: Chat] > [Group: Security] > authenticator > authenticator-vno: 5 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > cksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: 96ecefc3b4cad87fdb2c29b7 > cusec: 637520 > ctime: Jul 28, 2023 17:29:43.000000000 CEST > subkey > Learnt authenticator_subkey keytype 18 (id=76.2) (628e2875...) > [Expert Info (Chat/Security): Learnt authenticator_subkey keytype 18 (id=76.2) (628e2875...)] > [Learnt authenticator_subkey keytype 18 (id=76.2) (628e2875...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: 628e28752b74a4dd29b2142b48cae5115c17019968b73c83f24ea8e9a2d87598 > PA-DATA pA-FX-FAST > padata-type: pA-FX-FAST (136) > padata-value: a082064e3082064aa1173015a003020110a10e040c9a9b87414c997420d8b50b60a28206⦠> armored-data > req-checksum > cksumtype: cKSUMTYPE-HMAC-SHA1-96-AES-256 (16) > checksum: 9a9b87414c997420d8b50b60 > enc-fast-req > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > cipher: 061f4748998da2a06dc27d2f38728f024ba20f6dda481c86c5917a7cb506c0f0b2ba2eac⦠> Derived KrbFastReq_TGS_armorKey keytype 18 (id=76.3) (948c1c85...) > [Expert Info (Chat/Security): Derived KrbFastReq_TGS_armorKey keytype 18 (id=76.3) (948c1c85...)] > [Derived KrbFastReq_TGS_armorKey keytype 18 (id=76.3) (948c1c85...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 76 keytype 18 (id=76.2 same=0) (628e2875...)] > [SRC1 learnt authenticator_subkey in frame 76 keytype 18 (id=76.2 same=0) (628e2875...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=3) (47230605...)] > [SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=3) (47230605...)] > [Severity level: Chat] > [Group: Security] > Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 76 (id=76.3 same=0) (948c1c85...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 76 (id=76.3 same=0) (948c1c85...)] > [Decrypted keytype 18 usage 51 using derived KrbFastReq_TGS_armorKey in frame 76 (id=76.3 same=0) (948c1c85...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=115 num_tries=20)] > [Used keymap=all_keys num_keys=115 num_tries=20)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 76 keytype 18 (id=76.2 same=0) (628e2875...)] > [SRC1 learnt authenticator_subkey in frame 76 keytype 18 (id=76.2 same=0) (628e2875...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=3) (47230605...)] > [SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=3) (47230605...)] > [Severity level: Chat] > [Group: Security] > Padding: 0 > fast-options: 00000000 > 0... .... = reserved: False > .0.. .... = hide-client-names: False > ..0. .... = spare_bit2: False > ...0 .... = spare_bit3: False > .... 0... = spare_bit4: False > .... .0.. = spare_bit5: False > .... ..0. = spare_bit6: False > .... ...0 = spare_bit7: False > 0... .... = spare_bit8: False > .0.. .... = spare_bit9: False > ..0. .... = spare_bit10: False > ...0 .... = spare_bit11: False > .... 0... = spare_bit12: False > .... .0.. = spare_bit13: False > .... ..0. = spare_bit14: False > .... ...0 = spare_bit15: False > 0... .... = kdc-follow-referrals: False > padata: 1 item > PA-DATA pA-PAC-OPTIONS > padata-type: pA-PAC-OPTIONS (167) > padata-value: 3009a00703050010000000 > Padding: 0 > flags: 10000000 > 0... .... = claims: False > .0.. .... = branch-aware: False > ..0. .... = forward-to-full-dc: False > ...1 .... = resource-based-constrained-delegation: True > req-body > Padding: 0 > kdc-options: 40030000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..1. = constrained-delegation: True > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...0 .... = renewable-ok: False > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > realm: AD-XK57.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: dc-xk57.ad-xk57.test > till: Jul 29, 2023 17:25:40.000000000 CEST > nonce: 1896382482 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > additional-tickets: 1 item > Ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: AD-XK57.TEST > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > kvno: 1 > cipher: 9bd90bca685aa033f2fbde3d357bb345041bc3d2b6fdf1315fd6a6329b705056c0b7b76d⦠> Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=115 num_tries=7)] > [Used keymap=all_keys num_keys=115 num_tries=7)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40290000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 1... = transited-policy-checked: True > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=76.4) (e756396a...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=76.4) (e756396a...)] > [Learnt encTicketPart_key keytype 18 (id=76.4) (e756396a...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: e756396abf58692c38c22692406793aa9dbeb0627631e89df38ee107d6152c09 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:43.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 1 item > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 308204123082040ea00402020080a182040404820400080000000000000001000000d001⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 080000000000000001000000d001000088000000000000000c0000006e00000058020000⦠> Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=115 num_tries=7)] > [Used keymap=all_keys num_keys=115 num_tries=7)] > [Severity level: Chat] > [Group: Security] > Missing KDC checksum 16 keytype 18 (id=missing.2) > [Expert Info (Warning/Decryption): Missing KDC checksum 16 keytype 18 (id=missing.2)] > [Missing KDC checksum 16 keytype 18 (id=missing.2)] > [Severity level: Warning] > [Group: Decryption] > [Expert Info (Warning/Decryption): Used keymap=longterm_keys num_keys=92 num_tries=21)] > [Used keymap=longterm_keys num_keys=92 num_tries=21)] > [Severity level: Warning] > [Group: Decryption] > Missing KDC (for ticket) checksum 20 keytype -1 (id=missing.3) > [Expert Info (Warning/Decryption): Missing KDC (for ticket) checksum 20 keytype -1 (id=missing.3)] > [Missing KDC (for ticket) checksum 20 keytype -1 (id=missing.3)] > [Severity level: Warning] > [Group: Decryption] > [Expert Info (Warning/Decryption): Used keymap=kdc_checksum_key num_keys=0 num_tries=0)] > [Used keymap=kdc_checksum_key num_keys=0 num_tries=0)] > [Severity level: Warning] > [Group: Decryption] > Num Entries: 8 > Version: 0 > Type: Logon Info (1) > Size: 464 > Offset: 136 > PAC_LOGON_INFO: 01100800ccccccccc00100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 448 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 16:48:21.000000000 CEST > PWD Can Change: Jul 28, 2023 16:48:21.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: admin > Length: 10 > Size: 10 > Character Array: admin > Referent ID: 0x00020004 > Max Count: 5 > Offset: 0 > Actual Count: 5 > Acct Name: admin > Full Name: Administrator > Length: 26 > Size: 26 > Character Array: Administrator > Referent ID: 0x00020008 > Max Count: 13 > Offset: 0 > Actual Count: 13 > Full Name: Administrator > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 500 > Group RID: 512 > Num RIDs: 1 > GroupIDs > Referent ID: 0x0002001c > Max Count: 1 > GROUP_MEMBERSHIP: > Group RID: 512 > Attributes: 0x00000007 > .... .... .... .... .... .... .... .1.. = Enabled: The enabled bit is SET > .... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET > .... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000010 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...0 .... .... = Server Trust Account: This account is NOT a server_trust_account > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...1 .... = Normal Account: This account is a NORMAL_ACCOUNT > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-2 (Service Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 2 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 110 > Offset: 600 > UPN_DNS_INFO: 1c00180010003800030000000a0048001c00520000000000610064006d0069006e004000⦠> UPN Len: 28 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 56 > Flags: 0x00000003, UPN Name Constructed, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...1 = UPN Name Constructed: UPN Name is Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 10 > sAMAccountName Offset: 72 > objectSid Len: 28 > objectSid Offset: 82 > UPN Name: admin@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: admin > objectSid: S-1-5-21-3929993546-4107452863-2576714887-500 (Domain SID-Administrator) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-500 > RID: 500 (Administrator) > Type: Attributes Info (17) > Size: 8 > Offset: 712 > PAC_ATTRIBUTES_INFO: 0200000001000000 > Flags Valid Length: 2 > Flags: 0x00000001, PAC Requested > .... .... .... .... .... .... .... ...1 = PAC Requested: PAC was requested > .... .... .... .... .... .... .... ..0. = PAC given Implicitly: PAC was NOT given implicitly > Type: Ticket Checksum (16) > Size: 28 > Offset: 720 > PAC_TICKET_CHECKSUM: 140000002de6f8af111227ca2a84ca4608aae34463682682af2daa6f > Type: 20 > Signature: 2de6f8af111227ca2a84ca4608aae34463682682af2daa6f > Type: S4U Delegation Info (11) > Size: 184 > Offset: 752 > PAC_S4U_DELEGATION_INFO: 01100800cccccccca8000000000000000000020032003400040002000100000008000200⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 168 > PAC_S4U_DELEGATION_INFO: > Referent ID: 0x00020000 > S4U2proxyTarget: cifs/dc-xk57.ad-xk57.test > Length: 50 > Size: 52 > Character Array: cifs/dc-xk57.ad-xk57.test > Referent ID: 0x00020004 > Max Count: 26 > Offset: 0 > Actual Count: 25 > S4U2proxyTarget: cifs/dc-xk57.ad-xk57.test > TransitedListSize: 0x00000001 > S4UTransitedServices cifs/master.ipa.test@IPA.TEST > Referent ID: 0x00020008 > Max Count: 1 > Transited Service: cifs/master.ipa.test@IPA.TEST > Length: 58 > Size: 60 > Character Array: cifs/master.ipa.test@IPA.TEST > Referent ID: 0x0002000c > Max Count: 30 > Offset: 0 > Actual Count: 29 > Transited Service: cifs/master.ipa.test@IPA.TEST > Type: Client Info Type (10) > Size: 56 > Offset: 936 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d9012e00610064006d0069006e0040004900500041002e00540045005300⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 46 > Name: admin@IPA.TEST@IPA.TEST > Type: Server Checksum (6) > Size: 16 > Offset: 992 > PAC_SERVER_CHECKSUM: 100000001379583a3e5f54c43d9c8427 > Type: 16 > Signature: 1379583a3e5f54c43d9c8427 > Type: Privsvr Checksum (7) > Size: 16 > Offset: 1008 > PAC_PRIVSVR_CHECKSUM: 10000000040cc0ce452e191fe19ff6b6 > Type: 16 > Signature: 040cc0ce452e191fe19ff6b6 > PA-DATA pA-PAC-OPTIONS > padata-type: pA-PAC-OPTIONS (167) > padata-value: 3009a00703050010000000 > Padding: 0 > flags: 10000000 > 0... .... = claims: False > .0.. .... = branch-aware: False > ..0. .... = forward-to-full-dc: False > ...1 .... = resource-based-constrained-delegation: True > req-body > Padding: 0 > kdc-options: 40030000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = allow-postdate: False > .... ..0. = postdated: False > .... ...0 = unused7: False > 0... .... = renewable: False > .0.. .... = unused9: False > ..0. .... = unused10: False > ...0 .... = opt-hardware-auth: False > .... 0... = unused12: False > .... .0.. = unused13: False > .... ..1. = constrained-delegation: True > .... ...1 = canonicalize: True > 0... .... = request-anonymous: False > .0.. .... = unused17: False > ..0. .... = unused18: False > ...0 .... = unused19: False > .... 0... = unused20: False > .... .0.. = unused21: False > .... ..0. = unused22: False > .... ...0 = unused23: False > 0... .... = unused24: False > .0.. .... = unused25: False > ..0. .... = disable-transited-check: False > ...0 .... = renewable-ok: False > .... 0... = enc-tkt-in-skey: False > .... .0.. = unused29: False > .... ..0. = renew: False > .... ...0 = validate: False > realm: AD-XK57.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: dc-xk57.ad-xk57.test > till: Jul 29, 2023 17:25:40.000000000 CEST > nonce: 1896382482 > etype: 6 items > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA384-192 (20) > ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA256-128 (19) > ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) > ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25) > additional-tickets: 1 item > Ticket > tkt-vno: 5 > realm: IPA.TEST > sname > name-type: kRB5-NT-SRV-INST (2) > sname-string: 2 items > SNameString: krbtgt > SNameString: AD-XK57.TEST > enc-part > etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) > kvno: 1 > cipher: 9bd90bca685aa033f2fbde3d357bb345041bc3d2b6fdf1315fd6a6329b705056c0b7b76d⦠> Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Decrypted keytype 18 usage 2 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=115 num_tries=7)] > [Used keymap=all_keys num_keys=115 num_tries=7)] > [Severity level: Chat] > [Group: Security] > encTicketPart > Padding: 0 > flags: 40290000 > 0... .... = reserved: False > .1.. .... = forwardable: True > ..0. .... = forwarded: False > ...0 .... = proxiable: False > .... 0... = proxy: False > .... .0.. = may-postdate: False > .... ..0. = postdated: False > .... ...0 = invalid: False > 0... .... = renewable: False > .0.. .... = initial: False > ..1. .... = pre-authent: True > ...0 .... = hw-authent: False > .... 1... = transited-policy-checked: True > .... .0.. = ok-as-delegate: False > .... ..0. = unused: False > .... ...1 = enc-pa-rep: True > 0... .... = anonymous: False > key > Learnt encTicketPart_key keytype 18 (id=76.5) (e756396a...) > [Expert Info (Chat/Security): Learnt encTicketPart_key keytype 18 (id=76.5) (e756396a...)] > [Learnt encTicketPart_key keytype 18 (id=76.5) (e756396a...)] > [Severity level: Chat] > [Group: Security] > keytype: 18 > keyvalue: e756396abf58692c38c22692406793aa9dbeb0627631e89df38ee107d6152c09 > crealm: IPA.TEST > cname > name-type: kRB5-NT-PRINCIPAL (1) > cname-string: 2 items > CNameString: cifs > CNameString: master.ipa.test > transited > tr-type: 1 > contents: <MISSING> > authtime: Jul 28, 2023 17:29:26.000000000 CEST > starttime: Jul 28, 2023 17:29:43.000000000 CEST > endtime: Jul 29, 2023 17:25:40.000000000 CEST > authorization-data: 1 item > AuthorizationData item > ad-type: aD-IF-RELEVANT (1) > ad-data: 308204123082040ea00402020080a182040404820400080000000000000001000000d001⦠> AuthorizationData item > ad-type: aD-WIN2K-PAC (128) > ad-data: 080000000000000001000000d001000088000000000000000c0000006e00000058020000⦠> Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Verified Server checksum 16 keytype 18 using keytab principal krbtgt/AD-XK57.TEST@IPA.TEST (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used keymap=all_keys num_keys=115 num_tries=7)] > [Used keymap=all_keys num_keys=115 num_tries=7)] > [Severity level: Chat] > [Group: Security] > Missing KDC checksum 16 keytype 18 (id=missing.4) > [Expert Info (Warning/Decryption): Missing KDC checksum 16 keytype 18 (id=missing.4)] > [Missing KDC checksum 16 keytype 18 (id=missing.4)] > [Severity level: Warning] > [Group: Decryption] > [Expert Info (Warning/Decryption): Used keymap=longterm_keys num_keys=92 num_tries=21)] > [Used keymap=longterm_keys num_keys=92 num_tries=21)] > [Severity level: Warning] > [Group: Decryption] > Missing KDC (for ticket) checksum 20 keytype -1 (id=missing.5) > [Expert Info (Warning/Decryption): Missing KDC (for ticket) checksum 20 keytype -1 (id=missing.5)] > [Missing KDC (for ticket) checksum 20 keytype -1 (id=missing.5)] > [Severity level: Warning] > [Group: Decryption] > [Expert Info (Warning/Decryption): Used keymap=kdc_checksum_key num_keys=0 num_tries=0)] > [Used keymap=kdc_checksum_key num_keys=0 num_tries=0)] > [Severity level: Warning] > [Group: Decryption] > Num Entries: 8 > Version: 0 > Type: Logon Info (1) > Size: 464 > Offset: 136 > PAC_LOGON_INFO: 01100800ccccccccc00100000000000000000200004fcf4a68c1d901ffffffffffffff7f⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 448 > PAC_LOGON_INFO: > Referent ID: 0x00020000 > Logon Time: Jul 28, 2023 17:29:26.000000000 CEST > Logoff Time: Infinity (absolute time) > Kickoff Time: Infinity (absolute time) > PWD Last Set: Jul 28, 2023 16:48:21.000000000 CEST > PWD Can Change: Jul 28, 2023 16:48:21.000000000 CEST > PWD Must Change: Infinity (absolute time) > Acct Name: admin > Length: 10 > Size: 10 > Character Array: admin > Referent ID: 0x00020004 > Max Count: 5 > Offset: 0 > Actual Count: 5 > Acct Name: admin > Full Name: Administrator > Length: 26 > Size: 26 > Character Array: Administrator > Referent ID: 0x00020008 > Max Count: 13 > Offset: 0 > Actual Count: 13 > Full Name: Administrator > Logon Script > Length: 0 > Size: 0 > Character Array > Referent ID: 0x0002000c > Max Count: 0 > Offset: 0 > Actual Count: 0 > Profile Path > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020010 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Home Dir > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020014 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Dir Drive > Length: 0 > Size: 0 > Character Array > Referent ID: 0x00020018 > Max Count: 0 > Offset: 0 > Actual Count: 0 > Logon Count: 0 > Bad PW Count: 0 > User RID: 500 > Group RID: 512 > Num RIDs: 1 > GroupIDs > Referent ID: 0x0002001c > Max Count: 1 > GROUP_MEMBERSHIP: > Group RID: 512 > Attributes: 0x00000007 > .... .... .... .... .... .... .... .1.. = Enabled: The enabled bit is SET > .... .... .... .... .... .... .... ..1. = Enabled By Default: The ENABLED_BY_DEFAULT bit is SET > .... .... .... .... .... .... .... ...1 = Mandatory: The MANDATORY bit is SET > User Flags: 0x00000020 > .... .... .... .... .... ..0. .... .... = Resource Groups: The resource_groups is NOT set > .... .... .... .... .... .... ..1. .... = Extra SIDs: The EXTRA_SIDS bit is SET > User Session Key: 00000000000000000000000000000000 > Server: MASTER > Length: 12 > Size: 14 > Character Array: MASTER > Referent ID: 0x00020020 > Max Count: 7 > Offset: 0 > Actual Count: 6 > Server: MASTER > Domain: IPA > Length: 6 > Size: 8 > Character Array: IPA > Referent ID: 0x00020024 > Max Count: 4 > Offset: 0 > Actual Count: 3 > Domain: IPA > SID pointer: > SID pointer > Referent ID: 0x00020028 > Count: 4 > Domain SID: S-1-5-21-3929993546-4107452863-2576714887 (Domain SID) > Revision: 1 > Num Auth: 4 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887 > Dummy1 Long: 0x00000000 > Dummy2 Long: 0x00000000 > User Account Control: 0x00000010 > .... .... .... ...0 .... .... .... .... = Don't Require PreAuth: This account REQUIRES preauthentication > .... .... .... .... 0... .... .... .... = Use DES Key Only: This account does NOT have to use_des_key_only > .... .... .... .... .0.. .... .... .... = Not Delegated: This might have been delegated > .... .... .... .... ..0. .... .... .... = Trusted For Delegation: This account is NOT trusted_for_delegation > .... .... .... .... ...0 .... .... .... = SmartCard Required: This account does NOT require_smartcard to authenticate > .... .... .... .... .... 0... .... .... = Encrypted Text Password Allowed: This account does NOT allow encrypted_text_password > .... .... .... .... .... .0.. .... .... = Account Auto Locked: This account is NOT auto_locked > .... .... .... .... .... ..0. .... .... = Don't Expire Password: This account might expire_passwords > .... .... .... .... .... ...0 .... .... = Server Trust Account: This account is NOT a server_trust_account > .... .... .... .... .... .... 0... .... = Workstation Trust Account: This account is NOT a workstation_trust_account > .... .... .... .... .... .... .0.. .... = Interdomain trust Account: This account is NOT an interdomain_trust_account > .... .... .... .... .... .... ..0. .... = MNS Logon Account: This account is NOT a mns_logon_account > .... .... .... .... .... .... ...1 .... = Normal Account: This account is a NORMAL_ACCOUNT > .... .... .... .... .... .... .... 0... = Temp Duplicate Account: This account is NOT a temp_duplicate_account > .... .... .... .... .... .... .... .0.. = Password Not Required: This account REQUIRES a password > .... .... .... .... .... .... .... ..0. = Home Directory Required: This account does NOT require_home_directory > .... .... .... .... .... .... .... ...0 = Account Disabled: This account is NOT disabled > Dummy4 Long: 0x00000000 > Dummy5 Long: 0x00000000 > Dummy6 Long: 0x00000000 > Dummy7 Long: 0x00000000 > Dummy8 Long: 0x00000000 > Dummy9 Long: 0x00000000 > Dummy10 Long: 0x00000000 > Num Extra SID: 1 > SID_AND_ATTRIBUTES_ARRAY: > Referent ID: 0x0002002c > SID_AND_ATTRIBUTES array: > Max Count: 1 > SID_AND_ATTRIBUTES: > SID pointer: > SID pointer > Referent ID: 0x00020030 > Count: 1 > Domain SID: S-1-18-2 (Service Asserted Identity) > Revision: 1 > Num Auth: 1 > Authority: 18 > Subauthorities: 2 > Attributes: 0x00000007 > ResourceGroupIDs > SID pointer: > NULL Pointer: SID pointer > ResourceGroup count: 0 > NULL Pointer: GroupIDs > Type: UPN DNS Info (12) > Size: 110 > Offset: 600 > UPN_DNS_INFO: 1c00180010003800030000000a0048001c00520000000000610064006d0069006e004000⦠> UPN Len: 28 > UPN Offset: 24 > DNS Len: 16 > DNS Offset: 56 > Flags: 0x00000003, UPN Name Constructed, SAM_NAME and SID Included > .... .... .... .... .... .... .... ...1 = UPN Name Constructed: UPN Name is Constructed > .... .... .... .... .... .... .... ..1. = SAM_NAME and SID Included: SAM_NAME and SID are included > sAMAccountName Len: 10 > sAMAccountName Offset: 72 > objectSid Len: 28 > objectSid Offset: 82 > UPN Name: admin@IPA.TEST > DNS Name: IPA.TEST > sAMAccountName: admin > objectSid: S-1-5-21-3929993546-4107452863-2576714887-500 (Domain SID-Administrator) > Revision: 1 > Num Auth: 5 > Authority: 5 > Subauthorities: 21-3929993546-4107452863-2576714887-500 > RID: 500 (Administrator) > Type: Attributes Info (17) > Size: 8 > Offset: 712 > PAC_ATTRIBUTES_INFO: 0200000001000000 > Flags Valid Length: 2 > Flags: 0x00000001, PAC Requested > .... .... .... .... .... .... .... ...1 = PAC Requested: PAC was requested > .... .... .... .... .... .... .... ..0. = PAC given Implicitly: PAC was NOT given implicitly > Type: Ticket Checksum (16) > Size: 28 > Offset: 720 > PAC_TICKET_CHECKSUM: 140000002de6f8af111227ca2a84ca4608aae34463682682af2daa6f > Type: 20 > Signature: 2de6f8af111227ca2a84ca4608aae34463682682af2daa6f > Type: S4U Delegation Info (11) > Size: 184 > Offset: 752 > PAC_S4U_DELEGATION_INFO: 01100800cccccccca8000000000000000000020032003400040002000100000008000200⦠> MES header > Version: 1 > DREP > Byte order: Little-endian (1) > HDR Length: 8 > Fill bytes: 0xcccccccc > Blob Length: 168 > PAC_S4U_DELEGATION_INFO: > Referent ID: 0x00020000 > S4U2proxyTarget: cifs/dc-xk57.ad-xk57.test > Length: 50 > Size: 52 > Character Array: cifs/dc-xk57.ad-xk57.test > Referent ID: 0x00020004 > Max Count: 26 > Offset: 0 > Actual Count: 25 > S4U2proxyTarget: cifs/dc-xk57.ad-xk57.test > TransitedListSize: 0x00000001 > S4UTransitedServices cifs/master.ipa.test@IPA.TEST > Referent ID: 0x00020008 > Max Count: 1 > Transited Service: cifs/master.ipa.test@IPA.TEST > Length: 58 > Size: 60 > Character Array: cifs/master.ipa.test@IPA.TEST > Referent ID: 0x0002000c > Max Count: 30 > Offset: 0 > Actual Count: 29 > Transited Service: cifs/master.ipa.test@IPA.TEST > Type: Client Info Type (10) > Size: 56 > Offset: 936 > PAC_CLIENT_INFO_TYPE: 004fcf4a68c1d9012e00610064006d0069006e0040004900500041002e00540045005300⦠> ClientID: Jul 28, 2023 17:29:26.000000000 CEST > Name Length: 46 > Name: admin@IPA.TEST@IPA.TEST > Type: Server Checksum (6) > Size: 16 > Offset: 992 > PAC_SERVER_CHECKSUM: 100000001379583a3e5f54c43d9c8427 > Type: 16 > Signature: 1379583a3e5f54c43d9c8427 > Type: Privsvr Checksum (7) > Size: 16 > Offset: 1008 > PAC_PRIVSVR_CHECKSUM: 10000000040cc0ce452e191fe19ff6b6 > Type: 16 > Signature: 040cc0ce452e191fe19ff6b6 > Provides learnt encTicketPart_key in frame 76 keytype 18 (id=76.1 same=0) (47230605...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 76 keytype 18 (id=76.1 same=0) (47230605...)] > [Provides learnt encTicketPart_key in frame 76 keytype 18 (id=76.1 same=0) (47230605...)] > [Severity level: Chat] > [Group: Security] > Provides learnt authenticator_subkey in frame 76 keytype 18 (id=76.2 same=0) (628e2875...) > [Expert Info (Chat/Security): Provides learnt authenticator_subkey in frame 76 keytype 18 (id=76.2 same=0) (628e2875...)] > [Provides learnt authenticator_subkey in frame 76 keytype 18 (id=76.2 same=0) (628e2875...)] > [Severity level: Chat] > [Group: Security] > Provides derived KrbFastReq_TGS_armorKey in frame 76 keytype 18 (id=76.3 same=0) (948c1c85...) > [Expert Info (Chat/Security): Provides derived KrbFastReq_TGS_armorKey in frame 76 keytype 18 (id=76.3 same=0) (948c1c85...)] > [Provides derived KrbFastReq_TGS_armorKey in frame 76 keytype 18 (id=76.3 same=0) (948c1c85...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 76 keytype 18 (id=76.2 same=0) (628e2875...)] > [SRC1 learnt authenticator_subkey in frame 76 keytype 18 (id=76.2 same=0) (628e2875...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=3) (47230605...)] > [SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=3) (47230605...)] > [Severity level: Chat] > [Group: Security] > Provides learnt encTicketPart_key in frame 76 keytype 18 (id=76.4 same=1) (e756396a...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 76 keytype 18 (id=76.4 same=1) (e756396a...)] > [Provides learnt encTicketPart_key in frame 76 keytype 18 (id=76.4 same=1) (e756396a...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 76 keytype 18 (id=76.5 same=0) (e756396a...)] > [Provides learnt encTicketPart_key in frame 76 keytype 18 (id=76.5 same=0) (e756396a...)] > [Severity level: Chat] > [Group: Security] > Provides learnt encTicketPart_key in frame 76 keytype 18 (id=76.5 same=0) (e756396a...) > [Expert Info (Chat/Security): Provides learnt encTicketPart_key in frame 76 keytype 18 (id=76.5 same=0) (e756396a...)] > [Provides learnt encTicketPart_key in frame 76 keytype 18 (id=76.5 same=0) (e756396a...)] > [Severity level: Chat] > [Group: Security] > Missing checksum 16 keytype 18 missing in frame 76 keytype 18 (id=missing.1 same=0) (00000000...) > [Expert Info (Warning/Decryption): Missing checksum 16 keytype 18 missing in frame 76 keytype 18 (id=missing.1 same=0) (00000000...)] > [Missing checksum 16 keytype 18 missing in frame 76 keytype 18 (id=missing.1 same=0) (00000000...)] > [Severity level: Warning] > [Group: Decryption] > Missing checksum 16 keytype 18 missing in frame 76 keytype 18 (id=missing.2 same=0) (00000000...) > [Expert Info (Warning/Decryption): Missing checksum 16 keytype 18 missing in frame 76 keytype 18 (id=missing.2 same=0) (00000000...)] > [Missing checksum 16 keytype 18 missing in frame 76 keytype 18 (id=missing.2 same=0) (00000000...)] > [Severity level: Warning] > [Group: Decryption] > Missing checksum 20 keytype -1 missing in frame 76 keytype -1 (id=missing.3 same=0) (00000000...) > [Expert Info (Warning/Decryption): Missing checksum 20 keytype -1 missing in frame 76 keytype -1 (id=missing.3 same=0) (00000000...)] > [Missing checksum 20 keytype -1 missing in frame 76 keytype -1 (id=missing.3 same=0) (00000000...)] > [Severity level: Warning] > [Group: Decryption] > Missing checksum 16 keytype 18 missing in frame 76 keytype 18 (id=missing.4 same=0) (00000000...) > [Expert Info (Warning/Decryption): Missing checksum 16 keytype 18 missing in frame 76 keytype 18 (id=missing.4 same=0) (00000000...)] > [Missing checksum 16 keytype 18 missing in frame 76 keytype 18 (id=missing.4 same=0) (00000000...)] > [Severity level: Warning] > [Group: Decryption] > Missing checksum 20 keytype -1 missing in frame 76 keytype -1 (id=missing.5 same=0) (00000000...) > [Expert Info (Warning/Decryption): Missing checksum 20 keytype -1 missing in frame 76 keytype -1 (id=missing.5 same=0) (00000000...)] > [Missing checksum 20 keytype -1 missing in frame 76 keytype -1 (id=missing.5 same=0) (00000000...)] > [Severity level: Warning] > [Group: Decryption] > Used keytab principal krbtgt/AD-XK57.TEST@IPA.TEST keytype 18 (id=keytab.90 same=0) (e15eec3b...) > [Expert Info (Chat/Security): Used keytab principal krbtgt/AD-XK57.TEST@IPA.TEST keytype 18 (id=keytab.90 same=0) (e15eec3b...)] > [Used keytab principal krbtgt/AD-XK57.TEST@IPA.TEST keytype 18 (id=keytab.90 same=0) (e15eec3b...)] > [Severity level: Chat] > [Group: Security] > Used learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=3) (47230605...) > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=3) (47230605...)] > [Used learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=3) (47230605...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used learnt encTGSRepPart_key in frame 58 keytype 18 (id=58.4 same=2) (47230605...)] > [Used learnt encTGSRepPart_key in frame 58 keytype 18 (id=58.4 same=2) (47230605...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 66 keytype 18 (id=66.1 same=1) (47230605...)] > [Used learnt encTicketPart_key in frame 66 keytype 18 (id=66.1 same=1) (47230605...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): Used learnt encTicketPart_key in frame 76 keytype 18 (id=76.1 same=0) (47230605...)] > [Used learnt encTicketPart_key in frame 76 keytype 18 (id=76.1 same=0) (47230605...)] > [Severity level: Chat] > [Group: Security] > Used derived KrbFastReq_TGS_armorKey in frame 76 keytype 18 (id=76.3 same=0) (948c1c85...) > [Expert Info (Chat/Security): Used derived KrbFastReq_TGS_armorKey in frame 76 keytype 18 (id=76.3 same=0) (948c1c85...)] > [Used derived KrbFastReq_TGS_armorKey in frame 76 keytype 18 (id=76.3 same=0) (948c1c85...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC1 learnt authenticator_subkey in frame 76 keytype 18 (id=76.2 same=0) (628e2875...)] > [SRC1 learnt authenticator_subkey in frame 76 keytype 18 (id=76.2 same=0) (628e2875...)] > [Severity level: Chat] > [Group: Security] > [Expert Info (Chat/Security): SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=3) (47230605...)] > [SRC2 learnt encTicketPart_key in frame 58 keytype 18 (id=58.2 same=3) (47230605...)] > [Severity level: Chat] > [Group: Security] > >Frame 77: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.112, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 47216, Seq: 1, Ack: 4783, Len: 0 > >Frame 78: 447 bytes on wire (3576 bits), 447 bytes captured (3576 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.112, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 47216, Seq: 1, Ack: 4783, Len: 387 >Kerberos > Record Mark: 383 bytes > 0... .... .... .... .... .... .... .... = Reserved: Not set > .000 0000 0000 0000 0000 0001 0111 1111 = Record Length: 383 > krb-error > pvno: 5 > msg-type: krb-error (30) > stime: Jul 28, 2023 17:29:44.000000000 CEST > susec: 705341 > error-code: eRR-BADOPTION (13) > realm: AD-XK57.TEST > sname > name-type: kRB5-NT-PRINCIPAL (1) > sname-string: 2 items > SNameString: cifs > SNameString: dc-xk57.ad-xk57.test > e-data: 3082010930820105a10402020088a281fc0481f9a081f63081f3a081f03081eda0030201⦠> BER Error: Wrong field in SEQUENCE: expected class:CONTEXT(2) tag:1 but found class:UNIVERSAL(0) tag:16 > [Expert Info (Warning/Malformed): BER Error: Wrong field in SEQUENCE: expected class:CONTEXT(2) tag:1 but found class:UNIVERSAL(0) tag:16] > [BER Error: Wrong field in SEQUENCE: expected class:CONTEXT(2) tag:1 but found class:UNIVERSAL(0) tag:16] > [Severity level: Warning] > [Group: Malformed] > >Frame 79: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.112 >Transmission Control Protocol, Src Port: 47216, Dst Port: 88, Seq: 4783, Ack: 388, Len: 0 > >Frame 80: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.91, Dst: 10.0.194.112 >Transmission Control Protocol, Src Port: 47216, Dst Port: 88, Seq: 4783, Ack: 388, Len: 0 > >Frame 81: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.112, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 47216, Seq: 388, Ack: 4784, Len: 0 > >Frame 82: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) >Linux cooked capture v2 >Internet Protocol Version 4, Src: 10.0.194.112, Dst: 10.0.194.91 >Transmission Control Protocol, Src Port: 88, Dst Port: 47216, Seq: 388, Ack: 4784, Len: 0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1980834">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 2060421
:
1980434
| 1980834