HP CIFS Server and Kerberos
88
Windows XP SP1 client presents service ticket for \\atcux5\buffy to the HP CIFS Server (Samba).
Command: none.
The client presents the service ticket (acquired in the transaction with the KDC that is displayed on the
previous page) to the HP CIFS Server (Samba). The service ticket for \\ATCUX5\BUFFY (see the
Wireshark trace record 1606) is encrypted with DES-CBC-MD5.
The HP CIFS Server log entry is (grep crypt log.netbiosname):
ads_secrets_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type
ads_secrets_verify_ticket: enc type [17] failed to decrypt with error Bad encryption type
ads_secrets_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Bad encryption type
ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type
ads_secrets_verify_ticket: enc type [3] decrypted message !
Notice that the HP CIFS Server tried to decrypt the ticket using a number of different encryption types
before successfully using DES-CBC-MD5 [3]. Values are in decimal. Windows event log values are in
hex.
Windows 2003 Advanced Server Event Viewer: Client user Service Ticket Request for HP CIFS Server
share: