HP CIFS Server and Kerberos
53
Windows XP SP1 client presents service ticket for \\atcux5\buffy to the HP CIFS Server (Samba).
Command: none.
The client presents the service ticket (acquired in the transaction with the KDC that is displayed on the
previous page) to the HP CIFS Server (Samba). The service ticket for \\ATCUX5\BUFFY (see the
Wireshark trace record 1944) is encrypted with DES-CBC-MD5.
The HP CIFS Server log entry is (grep crypt log.netbiosname):
ads_secrets_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type
ads_secrets_verify_ticket: enc type [17] failed to decrypt with error Bad encryption type
ads_secrets_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Bad encryption type
ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type
ads_secrets_verify_ticket: enc type [3] decrypted message !
Notice that the HP CIFS Server tried to decrypt the ticket using a number of different encryption types
before successfully using DES-CBC-MD5 [3]. Values are in decimal. Windows event log values are in
hex.
RC4 Summary:
HP-UX 11i