Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@ksysipadcp1 ~]# ipa service-show cifs/kbsdwebspd1
- ipa: ERROR: cifs/kbsdwebspd1@IPA.DOMAIN: service not found
- [root@ksysipadcp1 ~]# ipa service-show cifs/kbsdwebspd1.domain
- Principal: cifs/kbsdwebspd1.domain@IPA.DOMAIN
- PAC type: PAD, MS-PAC
- Keytab: True
- Managed by: kbsdwebspd1.domain
- [root@ksysipadcp1 ~]# ipa trust-show addom.domain
- Realm name: addom.domain
- Domain NetBIOS name: ADDOM
- Domain Security Identifier: S-1-5-21-2440348786-2961800785-2942754262
- Trust direction: Trusting forest
- Trust type: Active Directory domain
- [root@ksysipadcp1 ~]#
- ------------------------------------------------------------------------------------------
- [abrook@abrook-test ~]$ kinit abrook@addom.domain
- Password for abrook@addom.domain:
- Warning: Your password will expire in 27 hours on Sat Sep 17 11:51:20 2016
- [abrook@abrook-test ~]$ KRB5_TRACE=/dev/stderr smbclient -k //kbsdwebspd1.domain/spacetest
- [40559] 1474032849.744401: Getting credentials abrook@ADDOM.DOMAIN -> cifs/kbsdwebspd1.domain@IPA.DOMAIN using ccache FILE:/tmp/krb5cc_339797051
- [40559] 1474032849.744736: Retrieving abrook@ADDOM.DOMAIN -> cifs/kbsdwebspd1.domain@IPA.DOMAIN from FILE:/tmp/krb5cc_339797051 with result: -1765328243/Matching credential not found
- [40559] 1474032849.744805: Retrieving abrook@ADDOM.DOMAIN -> krbtgt/IPA.DOMAIN@ADDOM.DOMAIN from FILE:/tmp/krb5cc_339797051 with result: -1765328243/Matching credential not found
- [40559] 1474032849.744839: Retrieving abrook@ADDOM.DOMAIN -> krbtgt/ADDOM.DOMAIN@ADDOM.DOMAIN from FILE:/tmp/krb5cc_339797051 with result: 0/Success
- [40559] 1474032849.744846: Starting with TGT for client realm: abrook@ADDOM.DOMAIN -> krbtgt/ADDOM.DOMAIN@ADDOM.DOMAIN
- [40559] 1474032849.744884: Retrieving abrook@ADDOM.DOMAIN -> krbtgt/IPA.DOMAIN@ADDOM.DOMAIN from FILE:/tmp/krb5cc_339797051 with result: -1765328243/Matching credential not found
- [40559] 1474032849.744892: Requesting TGT krbtgt/IPA.DOMAIN@ADDOM.DOMAIN using TGT krbtgt/ADDOM.DOMAIN@ADDOM.DOMAIN
- [40559] 1474032849.744964: Generated subkey for TGS request: aes256-cts/17F5
- [40559] 1474032849.744974: etypes requested in TGS request: aes256-cts, aes128-cts, rc4-hmac
- [40559] 1474032849.745173: Sending request (1674 bytes) to ADDOM.DOMAIN
- [40559] 1474032849.749316: Resolving hostname gazala.addom.domain.
- [40559] 1474032849.751560: Resolving hostname stalingrad.addom.domain.
- [40559] 1474032849.753571: Resolving hostname charnwood.addom.domain.
- [40559] 1474032849.755595: Resolving hostname cherbourg.addom.domain.
- [40559] 1474032849.757736: Resolving hostname carentan.addom.domain.
- [40559] 1474032849.759594: Resolving hostname normandy.addom.domain.
- [40559] 1474032849.761764: Resolving hostname goodwood.addom.domain.
- [40559] 1474032849.763861: Resolving hostname gazala.addom.domain.
- [40559] 1474032849.766152: Initiating TCP connection to stream 192.168.5.229:88
- [40559] 1474032849.767453: Sending TCP request to stream 192.168.5.229:88
- [40559] 1474032849.771759: Received answer from stream 192.168.5.229:88
- [40559] 1474032849.773712: Response was not from master KDC
- [40559] 1474032849.773826: TGS reply is for abrook@ADDOM.DOMAIN -> krbtgt/IPA.DOMAIN@ADDOM.DOMAIN with session key rc4-hmac/A85B
- [40559] 1474032849.773860: TGS request result: 0/Success
- [40559] 1474032849.773873: Removing abrook@ADDOM.DOMAIN -> krbtgt/IPA.DOMAIN@ADDOM.DOMAIN from FILE:/tmp/krb5cc_339797051
- [40559] 1474032849.773886: Storing abrook@ADDOM.DOMAIN -> krbtgt/IPA.DOMAIN@ADDOM.DOMAIN in FILE:/tmp/krb5cc_339797051
- [40559] 1474032849.773941: Received TGT for service realm: krbtgt/IPA.DOMAIN@ADDOM.DOMAIN
- [40559] 1474032849.773948: Requesting tickets for cifs/kbsdwebspd1.domain@IPA.DOMAIN, referrals on
- [40559] 1474032849.773965: Generated subkey for TGS request: rc4-hmac/0B2E
- [40559] 1474032849.773975: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac
- [40559] 1474032849.774049: Sending request (1656 bytes) to IPA.DOMAIN
- [40559] 1474032849.774132: Initiating TCP connection to stream 10.50.178.21:88
- [40559] 1474032849.775013: Sending TCP request to stream 10.50.178.21:88
- [40559] 1474032849.824307: Received answer from stream 10.50.178.21:88
- [40559] 1474032849.824446: Response was from master KDC
- [40559] 1474032849.824644: TGS reply is for abrook@ADDOM.DOMAIN -> cifs/kbsdwebspd1.domain@IPA.DOMAIN with session key aes256-cts/DBBC
- [40559] 1474032849.824680: TGS request result: 0/Success
- [40559] 1474032849.824685: Received creds for desired service cifs/kbsdwebspd1.domain@IPA.DOMAIN
- [40559] 1474032849.824694: Removing abrook@ADDOM.DOMAIN -> cifs/kbsdwebspd1.domain@IPA.DOMAIN from FILE:/tmp/krb5cc_339797051
- [40559] 1474032849.824700: Storing abrook@ADDOM.DOMAIN -> cifs/kbsdwebspd1.domain@IPA.DOMAIN in FILE:/tmp/krb5cc_339797051
- [40559] 1474032849.824846: Creating authenticator for abrook@ADDOM.DOMAIN -> cifs/kbsdwebspd1.domain@IPA.DOMAIN, seqnum 0, subkey aes256-cts/E2EC, session key aes256-cts/DBBC
- Domain=[IPA] OS=[Windows 6.1] Server=[Samba 4.2.10]
- smb: \>
- smb: \> ls
- . D 0 Thu Sep 8 10:26:55 2016
- .. D 0 Thu Sep 8 10:26:23 2016
- html D 0 Tue Jul 12 04:03:20 2016
- 61400 blocks of size 262144. 61271 blocks available
- smb: \> quit
- [abrook@abrook-test ~]$
- ------------------------------------------------------------------------------------------
- C:\Users\abrook.ADDOM>klist
- Current LogonId is 0:0x6ad281
- Cached Tickets: (3)
- #0> Client: abrook @ ADDOM.DOMAIN
- Server: krbtgt/ADDOM.DOMAIN @ ADDOM.DOMAIN
- KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
- Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent
- Start Time: 9/16/2016 8:32:36 (local)
- End Time: 9/16/2016 18:32:36 (local)
- Renew Time: 9/23/2016 8:32:36 (local)
- Session Key Type: AES-256-CTS-HMAC-SHA1-96
- #1> Client: abrook @ ADDOM.DOMAIN
- Server: ldap/CHARNWOOD.addom.domain/addom.domain @ ADDOM.DOMAIN
- KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
- Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
- ate
- Start Time: 9/16/2016 8:32:39 (local)
- End Time: 9/16/2016 18:32:36 (local)
- Renew Time: 9/23/2016 8:32:36 (local)
- Session Key Type: AES-256-CTS-HMAC-SHA1-96
- #2> Client: abrook @ ADDOM.DOMAIN
- Server: LDAP/GOODWOOD.addom.domain/addom.domain @ ADDOM.DOMAIN
- KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
- Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
- ate
- Start Time: 9/16/2016 8:32:38 (local)
- End Time: 9/16/2016 18:32:36 (local)
- Renew Time: 9/23/2016 8:32:36 (local)
- Session Key Type: AES-256-CTS-HMAC-SHA1-96
- ------------------------------------------------------------------------------------------
- [root@ksysipadcp1 log]# grep -i abrook@addom.domain krb5kdc.log | grep -i cifs
- Sep 09 13:49:08 ksysipadcp1.domain krb5kdc[1277](info): TGS_REQ (4 etypes {18 17 16 23}) 10.50.177.100: ISSUE: authtime 1473446833, etypes {rep=23 tkt=18 ses=18}, abrook@ADDOM.DOMAIN for cifs/kbsdwebspd1.domain@IPA.DOMAIN
- Sep 09 14:37:11 ksysipadcp1.domain krb5kdc[1277](info): TGS_REQ (4 etypes {18 17 16 23}) 10.50.177.100: ISSUE: authtime 1473449829, etypes {rep=23 tkt=18 ses=18}, abrook@ADDOM.DOMAIN for cifs/kbsdwebspd1.domain@IPA.DOMAIN
- ------------------------------------------------------------------------------------------
- [root@ksysipadcp2 log]# grep -i abrook@addom.domain krb5kdc.log | grep -i cifs
- Sep 13 11:28:10 ksysipadcp2.domain krb5kdc[22080](info): TGS_REQ (4 etypes {18 17 16 23}) 10.50.177.100: ISSUE: authtime 1473784074, etypes {rep=23 tkt=18 ses=18}, abrook@ADDOM.DOMAIN for cifs/kbsdwebspd1.domain@IPA.DOMAIN
- Sep 16 08:34:09 ksysipadcp2.domain krb5kdc[22081](info): TGS_REQ (4 etypes {18 17 16 23}) 10.50.177.100: ISSUE: authtime 1474032820, etypes {rep=23 tkt=18 ses=18}, abrook@ADDOM.DOMAIN for cifs/kbsdwebspd1.domain@IPA.DOMAIN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement