API tools faq
paste
Advertisement
agbrook

Untitled

agbrook
Sep 16th, 2016
170
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.95 KB | None | 0 0
raw download clone embed print report
  1. [root@ksysipadcp1 ~]# ipa service-show cifs/kbsdwebspd1
  2. ipa: ERROR: cifs/kbsdwebspd1@IPA.DOMAIN: service not found
  3. [root@ksysipadcp1 ~]# ipa service-show cifs/kbsdwebspd1.domain
  4. Principal: cifs/kbsdwebspd1.domain@IPA.DOMAIN
  5. PAC type: PAD, MS-PAC
  6. Keytab: True
  7. Managed by: kbsdwebspd1.domain
  8. [root@ksysipadcp1 ~]# ipa trust-show addom.domain
  9. Realm name: addom.domain
  10. Domain NetBIOS name: ADDOM
  11. Domain Security Identifier: S-1-5-21-2440348786-2961800785-2942754262
  12. Trust direction: Trusting forest
  13. Trust type: Active Directory domain
  14. [root@ksysipadcp1 ~]#
  15. ------------------------------------------------------------------------------------------
  16. [abrook@abrook-test ~]$ kinit abrook@addom.domain
  17. Password for abrook@addom.domain:
  18. Warning: Your password will expire in 27 hours on Sat Sep 17 11:51:20 2016
  19. [abrook@abrook-test ~]$ KRB5_TRACE=/dev/stderr smbclient -k //kbsdwebspd1.domain/spacetest
  20. [40559] 1474032849.744401: Getting credentials abrook@ADDOM.DOMAIN -> cifs/kbsdwebspd1.domain@IPA.DOMAIN using ccache FILE:/tmp/krb5cc_339797051
  21. [40559] 1474032849.744736: Retrieving abrook@ADDOM.DOMAIN -> cifs/kbsdwebspd1.domain@IPA.DOMAIN from FILE:/tmp/krb5cc_339797051 with result: -1765328243/Matching credential not found
  22. [40559] 1474032849.744805: Retrieving abrook@ADDOM.DOMAIN -> krbtgt/IPA.DOMAIN@ADDOM.DOMAIN from FILE:/tmp/krb5cc_339797051 with result: -1765328243/Matching credential not found
  23. [40559] 1474032849.744839: Retrieving abrook@ADDOM.DOMAIN -> krbtgt/ADDOM.DOMAIN@ADDOM.DOMAIN from FILE:/tmp/krb5cc_339797051 with result: 0/Success
  24. [40559] 1474032849.744846: Starting with TGT for client realm: abrook@ADDOM.DOMAIN -> krbtgt/ADDOM.DOMAIN@ADDOM.DOMAIN
  25. [40559] 1474032849.744884: Retrieving abrook@ADDOM.DOMAIN -> krbtgt/IPA.DOMAIN@ADDOM.DOMAIN from FILE:/tmp/krb5cc_339797051 with result: -1765328243/Matching credential not found
  26. [40559] 1474032849.744892: Requesting TGT krbtgt/IPA.DOMAIN@ADDOM.DOMAIN using TGT krbtgt/ADDOM.DOMAIN@ADDOM.DOMAIN
  27. [40559] 1474032849.744964: Generated subkey for TGS request: aes256-cts/17F5
  28. [40559] 1474032849.744974: etypes requested in TGS request: aes256-cts, aes128-cts, rc4-hmac
  29. [40559] 1474032849.745173: Sending request (1674 bytes) to ADDOM.DOMAIN
  30. [40559] 1474032849.749316: Resolving hostname gazala.addom.domain.
  31. [40559] 1474032849.751560: Resolving hostname stalingrad.addom.domain.
  32. [40559] 1474032849.753571: Resolving hostname charnwood.addom.domain.
  33. [40559] 1474032849.755595: Resolving hostname cherbourg.addom.domain.
  34. [40559] 1474032849.757736: Resolving hostname carentan.addom.domain.
  35. [40559] 1474032849.759594: Resolving hostname normandy.addom.domain.
  36. [40559] 1474032849.761764: Resolving hostname goodwood.addom.domain.
  37. [40559] 1474032849.763861: Resolving hostname gazala.addom.domain.
  38. [40559] 1474032849.766152: Initiating TCP connection to stream 192.168.5.229:88
  39. [40559] 1474032849.767453: Sending TCP request to stream 192.168.5.229:88
  40. [40559] 1474032849.771759: Received answer from stream 192.168.5.229:88
  41. [40559] 1474032849.773712: Response was not from master KDC
  42. [40559] 1474032849.773826: TGS reply is for abrook@ADDOM.DOMAIN -> krbtgt/IPA.DOMAIN@ADDOM.DOMAIN with session key rc4-hmac/A85B
  43. [40559] 1474032849.773860: TGS request result: 0/Success
  44. [40559] 1474032849.773873: Removing abrook@ADDOM.DOMAIN -> krbtgt/IPA.DOMAIN@ADDOM.DOMAIN from FILE:/tmp/krb5cc_339797051
  45. [40559] 1474032849.773886: Storing abrook@ADDOM.DOMAIN -> krbtgt/IPA.DOMAIN@ADDOM.DOMAIN in FILE:/tmp/krb5cc_339797051
  46. [40559] 1474032849.773941: Received TGT for service realm: krbtgt/IPA.DOMAIN@ADDOM.DOMAIN
  47. [40559] 1474032849.773948: Requesting tickets for cifs/kbsdwebspd1.domain@IPA.DOMAIN, referrals on
  48. [40559] 1474032849.773965: Generated subkey for TGS request: rc4-hmac/0B2E
  49. [40559] 1474032849.773975: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac
  50. [40559] 1474032849.774049: Sending request (1656 bytes) to IPA.DOMAIN
  51. [40559] 1474032849.774132: Initiating TCP connection to stream 10.50.178.21:88
  52. [40559] 1474032849.775013: Sending TCP request to stream 10.50.178.21:88
  53. [40559] 1474032849.824307: Received answer from stream 10.50.178.21:88
  54. [40559] 1474032849.824446: Response was from master KDC
  55. [40559] 1474032849.824644: TGS reply is for abrook@ADDOM.DOMAIN -> cifs/kbsdwebspd1.domain@IPA.DOMAIN with session key aes256-cts/DBBC
  56. [40559] 1474032849.824680: TGS request result: 0/Success
  57. [40559] 1474032849.824685: Received creds for desired service cifs/kbsdwebspd1.domain@IPA.DOMAIN
  58. [40559] 1474032849.824694: Removing abrook@ADDOM.DOMAIN -> cifs/kbsdwebspd1.domain@IPA.DOMAIN from FILE:/tmp/krb5cc_339797051
  59. [40559] 1474032849.824700: Storing abrook@ADDOM.DOMAIN -> cifs/kbsdwebspd1.domain@IPA.DOMAIN in FILE:/tmp/krb5cc_339797051
  60. [40559] 1474032849.824846: Creating authenticator for abrook@ADDOM.DOMAIN -> cifs/kbsdwebspd1.domain@IPA.DOMAIN, seqnum 0, subkey aes256-cts/E2EC, session key aes256-cts/DBBC
  61.  
  62. Domain=[IPA] OS=[Windows 6.1] Server=[Samba 4.2.10]
  63. smb: \>
  64. smb: \> ls
  65. . D 0 Thu Sep 8 10:26:55 2016
  66. .. D 0 Thu Sep 8 10:26:23 2016
  67. html D 0 Tue Jul 12 04:03:20 2016
  68.  
  69. 61400 blocks of size 262144. 61271 blocks available
  70. smb: \> quit
  71. [abrook@abrook-test ~]$
  72.  
  73. ------------------------------------------------------------------------------------------
  74. C:\Users\abrook.ADDOM>klist
  75.  
  76. Current LogonId is 0:0x6ad281
  77.  
  78. Cached Tickets: (3)
  79.  
  80. #0> Client: abrook @ ADDOM.DOMAIN
  81. Server: krbtgt/ADDOM.DOMAIN @ ADDOM.DOMAIN
  82. KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
  83. Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent
  84. Start Time: 9/16/2016 8:32:36 (local)
  85. End Time: 9/16/2016 18:32:36 (local)
  86. Renew Time: 9/23/2016 8:32:36 (local)
  87. Session Key Type: AES-256-CTS-HMAC-SHA1-96
  88.  
  89.  
  90. #1> Client: abrook @ ADDOM.DOMAIN
  91. Server: ldap/CHARNWOOD.addom.domain/addom.domain @ ADDOM.DOMAIN
  92. KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
  93. Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
  94. ate
  95. Start Time: 9/16/2016 8:32:39 (local)
  96. End Time: 9/16/2016 18:32:36 (local)
  97. Renew Time: 9/23/2016 8:32:36 (local)
  98. Session Key Type: AES-256-CTS-HMAC-SHA1-96
  99.  
  100.  
  101. #2> Client: abrook @ ADDOM.DOMAIN
  102. Server: LDAP/GOODWOOD.addom.domain/addom.domain @ ADDOM.DOMAIN
  103. KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
  104. Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
  105. ate
  106. Start Time: 9/16/2016 8:32:38 (local)
  107. End Time: 9/16/2016 18:32:36 (local)
  108. Renew Time: 9/23/2016 8:32:36 (local)
  109. Session Key Type: AES-256-CTS-HMAC-SHA1-96
  110. ------------------------------------------------------------------------------------------
  111. [root@ksysipadcp1 log]# grep -i abrook@addom.domain krb5kdc.log | grep -i cifs
  112. Sep 09 13:49:08 ksysipadcp1.domain krb5kdc[1277](info): TGS_REQ (4 etypes {18 17 16 23}) 10.50.177.100: ISSUE: authtime 1473446833, etypes {rep=23 tkt=18 ses=18}, abrook@ADDOM.DOMAIN for cifs/kbsdwebspd1.domain@IPA.DOMAIN
  113. Sep 09 14:37:11 ksysipadcp1.domain krb5kdc[1277](info): TGS_REQ (4 etypes {18 17 16 23}) 10.50.177.100: ISSUE: authtime 1473449829, etypes {rep=23 tkt=18 ses=18}, abrook@ADDOM.DOMAIN for cifs/kbsdwebspd1.domain@IPA.DOMAIN
  114. ------------------------------------------------------------------------------------------
  115. [root@ksysipadcp2 log]# grep -i abrook@addom.domain krb5kdc.log | grep -i cifs
  116. Sep 13 11:28:10 ksysipadcp2.domain krb5kdc[22080](info): TGS_REQ (4 etypes {18 17 16 23}) 10.50.177.100: ISSUE: authtime 1473784074, etypes {rep=23 tkt=18 ses=18}, abrook@ADDOM.DOMAIN for cifs/kbsdwebspd1.domain@IPA.DOMAIN
  117. Sep 16 08:34:09 ksysipadcp2.domain krb5kdc[22081](info): TGS_REQ (4 etypes {18 17 16 23}) 10.50.177.100: ISSUE: authtime 1474032820, etypes {rep=23 tkt=18 ses=18}, abrook@ADDOM.DOMAIN for cifs/kbsdwebspd1.domain@IPA.DOMAIN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!