Client in NT Domain can't get Kerberos tickets

[Oliver Schoett]

Our Single Sign-On (SSO) solution uses Kerberos tickets. Some partner
organisations have NT domains and shall be allowed to participate in SSO
with a ticket obtained via secondary logon from the application provider
Active Directory (Windows Server 2003). However, we find that clients
in NT domains never get a Kerberos ticket from the Active Directory.

For example, below is an Ethereal trace of a connection made in the
Explorer to the share \\edhof, which is our Active directory server.
Despite the client (193.102.181.187) being Windows XP and the server
(193.102.182.2) being Server 2003, the authentication appears to be
NTLM, and no Kerberos tickets are obtained by the client. The same
holds for other kinds of connections made from the client to the server;
for example, Terminal Server connections or "runas" with an account from
the server. There is no trust relationship between the domain and the
Active directory, as we want only authentication for our application.

What measures must be taken to allow clients in NT domains to obtain
Kerberos tickets?

Regards,

Oliver Schoett

No. Time Source Destination Protocol Info
49 2.017501 193.102.181.187 193.102.180.172 SMB Transaction2 Request QUERY_PATH_INFORMATION, Path: \DNSAPI.dll
50 2.017945 193.102.180.172 193.102.181.187 SMB Transaction2 Response QUERY_PATH_INFORMATION, Error: STATUS_OBJECT_NAME_NOT_FOUND
54 2.067309 193.102.181.187 193.102.182.2 TCP 1659 > microsoft-ds [SYN] Seq=2192321610 Ack=0 Win=64240 Len=0
55 2.067568 193.102.181.187 193.102.182.2 TCP 1660 > netbios-ssn [SYN] Seq=2192385338 Ack=0 Win=64240 Len=0
56 2.067626 193.102.182.2 193.102.181.187 TCP microsoft-ds > 1659 [SYN, ACK] Seq=3750101992 Ack=2192321611 Win=17520 Len=0
57 2.067680 193.102.181.187 193.102.182.2 TCP 1659 > microsoft-ds [ACK] Seq=2192321611 Ack=3750101993 Win=64240 Len=0
58 2.067788 193.102.182.2 193.102.181.187 TCP netbios-ssn > 1660 [SYN, ACK] Seq=2202418490 Ack=2192385339 Win=17520 Len=0
59 2.067807 193.102.181.187 193.102.182.2 TCP 1660 > netbios-ssn [RST] Seq=2192385339 Ack=2192385339 Win=0 Len=0
61 2.068032 193.102.181.187 193.102.182.2 SMB Negotiate Protocol Request
62 2.068591 193.102.182.2 193.102.181.187 SMB Negotiate Protocol Response
63 2.094458 193.102.181.187 193.102.180.36 NBNS Name query NB MUC<1c>
64 2.094799 193.102.180.36 193.102.181.187 NBNS Name query response NB 193.102.180.36
65 2.094861 193.102.181.187 193.102.183.255 NETLOGON SAM LOGON request from client
66 2.094969 193.102.181.187 193.102.180.36 NETLOGON SAM LOGON request from client
67 2.095051 193.102.181.187 213.68.171.41 NETLOGON SAM LOGON request from client
68 2.095133 193.102.181.187 193.96.171.211 NETLOGON SAM LOGON request from client
69 2.095204 193.102.180.36 193.102.181.187 NETLOGON SAM Response - user unknown
70 2.095240 193.102.180.37 193.102.181.187 NETLOGON SAM Response - user unknown
71 2.095276 193.102.181.187 193.102.180.37 NETLOGON SAM LOGON request from client
72 2.095470 193.102.181.187 193.96.170.42 NETLOGON SAM LOGON request from client
73 2.095555 193.102.181.187 195.126.138.25 NETLOGON SAM LOGON request from client
74 2.095637 193.102.181.187 213.69.239.32 NETLOGON SAM LOGON request from client
75 2.095717 193.102.181.187 192.168.0.27 NETLOGON SAM LOGON request from client
76 2.095798 193.102.181.187 193.96.168.7 NETLOGON SAM LOGON request from client
77 2.095879 193.102.181.187 193.96.168.79 NETLOGON SAM LOGON request from client
83 2.115251 193.96.170.42 193.102.181.187 NETLOGON SAM Response - user unknown
84 2.117934 213.68.171.41 193.102.181.187 NETLOGON SAM Response - user unknown
86 2.118865 193.96.171.211 193.102.181.187 NETLOGON SAM Response - user unknown
87 2.119056 213.69.239.32 193.102.181.187 NETLOGON SAM Response - user unknown
90 2.123025 195.126.138.25 193.102.181.187 NETLOGON SAM Response - user unknown
95 2.206727 193.102.181.187 193.102.182.2 TCP 1659 > microsoft-ds [ACK] Seq=2192321748 Ack=3750102168 Win=64065 Len=0
97 2.206821 193.102.181.187 193.102.180.172 TCP 1647 > netbios-ssn [ACK] Seq=2125097685 Ack=1499687403 Win=62955 Len=0
102 2.307500 193.96.168.7 193.102.181.187 NETLOGON SAM Response - user unknown
112 2.688035 193.102.181.187 193.102.182.2 SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE
113 2.688748 193.102.182.2 193.102.181.187 SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
114 2.689102 193.102.181.187 193.102.182.2 SMB Session Setup AndX Request, NTLMSSP_AUTH
115 2.692494 193.102.182.2 193.102.181.187 SMB Session Setup AndX Response
116 2.692825 193.102.181.187 193.102.182.2 SMB Tree Connect AndX Request, Path: \\EDHOF\IPC$
117 2.693209 193.102.182.2 193.102.181.187 SMB Tree Connect AndX Response
118 2.694832 193.102.181.187 193.102.182.2 SMB NT Create AndX Request, Path: \srvsvc
119 2.695335 193.102.182.2 193.102.181.187 SMB NT Create AndX Response, FID: 0x8001
120 2.695574 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: SRVSVC
121 2.695848 193.102.182.2 193.102.181.187 SMB Write AndX Response, FID: 0x8001, 72 bytes
122 2.695962 193.102.181.187 193.102.182.2 SMB Read AndX Request, FID: 0x8001, 1024 bytes at offset 0
123 2.696233 193.102.182.2 193.102.181.187 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
124 2.696364 193.102.181.187 193.102.182.2 SRVSVC NetrShareEnum request
125 2.697052 193.102.182.2 193.102.181.187 SRVSVC NetrShareEnum reply
126 2.697272 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8001
127 2.697529 193.102.182.2 193.102.181.187 SMB Close Response
130 2.706304 193.102.181.187 193.102.180.172 SMB Transaction2 Request QUERY_PATH_INFORMATION, Path: \browseui.dll
131 2.706969 193.102.180.172 193.102.181.187 SMB Transaction2 Response QUERY_PATH_INFORMATION, Error: STATUS_OBJECT_NAME_NOT_FOUND
132 2.710041 193.102.181.187 193.102.182.2 SMB NT Create AndX Request, Path: \spoolss
133 2.710727 193.102.182.2 193.102.181.187 SMB NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
134 2.740703 193.102.181.187 193.102.180.172 SMB Transaction2 Request QUERY_PATH_INFORMATION, Path: \browseui.dll
135 2.741274 193.102.180.172 193.102.181.187 SMB Transaction2 Response QUERY_PATH_INFORMATION, Error: STATUS_OBJECT_NAME_NOT_FOUND
138 2.789233 193.102.181.187 193.102.182.2 SMB NT Create AndX Request, Path: \wkssvc
139 2.789732 193.102.182.2 193.102.181.187 SMB NT Create AndX Response, FID: 0x8002
140 2.789970 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: WKSSVC
141 2.790243 193.102.182.2 193.102.181.187 SMB Write AndX Response, FID: 0x8002, 72 bytes
142 2.829044 193.102.181.187 193.102.182.2 SMB Read AndX Request, FID: 0x8002, 1024 bytes at offset 0
143 2.829331 193.102.182.2 193.102.181.187 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
144 2.849165 193.102.181.187 193.102.182.2 WKSSVC WKS_QUERY_INFO request
145 2.849694 193.102.182.2 193.102.181.187 WKSSVC WKS_QUERY_INFO reply
146 2.849921 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8002
147 2.850183 193.102.182.2 193.102.181.187 SMB Close Response
148 2.859046 193.102.181.187 193.102.182.2 SMB NT Create AndX Request, Path: \srvsvc
149 2.859487 193.102.182.2 193.102.181.187 SMB NT Create AndX Response, FID: 0x8004
150 2.859760 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: SRVSVC
151 2.860034 193.102.182.2 193.102.181.187 SMB Write AndX Response, FID: 0x8004, 72 bytes
152 2.875052 193.102.181.187 193.102.182.2 SMB Read AndX Request, FID: 0x8004, 1024 bytes at offset 0
153 2.875337 193.102.182.2 193.102.181.187 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
154 2.891839 193.102.181.187 193.102.182.2 SRVSVC NetrServerGetInfo request
155 2.892284 193.102.182.2 193.102.181.187 SRVSVC NetrServerGetInfo reply
156 2.892520 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8004
157 2.892776 193.102.182.2 193.102.181.187 SMB Close Response
158 2.893493 193.102.181.187 193.102.182.2 SMB NT Create AndX Request, Path: \wkssvc
159 2.893914 193.102.182.2 193.102.181.187 SMB NT Create AndX Response, FID: 0x8005
160 2.894164 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: WKSSVC
161 2.894434 193.102.182.2 193.102.181.187 SMB Write AndX Response, FID: 0x8005, 72 bytes
162 2.896844 193.102.181.187 193.102.182.2 SMB Read AndX Request, FID: 0x8005, 1024 bytes at offset 0
163 2.897119 193.102.182.2 193.102.181.187 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
164 2.907424 193.102.181.187 193.102.182.2 WKSSVC WKS_QUERY_INFO request
166 2.907736 193.102.181.187 193.102.180.172 TCP 1647 > netbios-ssn [ACK] Seq=2125097897 Ack=1499687481 Win=62877 Len=0
167 2.907907 193.102.182.2 193.102.181.187 WKSSVC WKS_QUERY_INFO reply
168 2.908211 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8005
169 2.908467 193.102.182.2 193.102.181.187 SMB Close Response
170 2.914795 193.102.181.187 193.102.183.255 BROWSER Get Backup List Request
171 2.914946 193.102.181.187 193.102.180.36 NBNS Name query NB MUC<1b>
172 2.915095 193.102.180.36 193.102.181.187 BROWSER Get Backup List Response
173 2.915222 193.102.180.36 193.102.181.187 NBNS Name query response NB 193.102.180.36
174 2.915259 193.102.181.187 193.102.180.36 BROWSER Get Backup List Request
175 2.915475 193.102.180.36 193.102.181.187 BROWSER Get Backup List Response
176 2.916260 193.102.181.187 193.102.182.2 SMB NT Create AndX Request, Path: \srvsvc
177 2.916690 193.102.182.2 193.102.181.187 SMB NT Create AndX Response, FID: 0x8006
178 2.921671 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: SRVSVC
179 2.921870 193.102.181.187 193.102.180.172 SMB Transaction2 Request QUERY_PATH_INFORMATION, Path: \NETRAP.dll
180 2.921935 193.102.182.2 193.102.181.187 SMB Write AndX Response, FID: 0x8006, 72 bytes
181 2.922438 193.102.180.172 193.102.181.187 SMB Transaction2 Response QUERY_PATH_INFORMATION, Error: STATUS_OBJECT_NAME_NOT_FOUND
182 2.928203 193.102.181.187 193.102.182.2 SMB Read AndX Request, FID: 0x8006, 1024 bytes at offset 0
183 2.928488 193.102.182.2 193.102.181.187 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
184 2.933125 193.102.181.187 193.102.182.2 SRVSVC NetrServerGetInfo request
185 2.933569 193.102.182.2 193.102.181.187 SRVSVC NetrServerGetInfo reply
186 2.933792 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8006
187 2.934049 193.102.182.2 193.102.181.187 SMB Close Response
188 2.936826 193.102.181.187 193.102.182.2 SMB NT Create AndX Request, Path: \winreg
189 2.937287 193.102.182.2 193.102.181.187 SMB NT Create AndX Response, FID: 0x8003
190 2.939955 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: WINREG
191 2.940237 193.102.182.2 193.102.181.187 SMB Write AndX Response, FID: 0x8003, 72 bytes
192 2.953371 193.102.181.187 193.102.180.36 NBNS Name query NB MUCDC1<20>
193 2.953580 193.102.180.36 193.102.181.187 NBNS Name query response NB 193.102.180.36
194 2.953627 193.102.181.187 193.102.180.36 TCP 1661 > netbios-ssn [SYN] Seq=2192669013 Ack=0 Win=64240 Len=0
195 2.953775 193.102.180.36 193.102.181.187 TCP netbios-ssn > 1661 [SYN, ACK] Seq=393532159 Ack=2192669014 Win=8760 Len=0
196 2.953804 193.102.181.187 193.102.180.36 NBSS Session request, to MUCDC1<20> from WIEBELBACH<00>
197 2.953969 193.102.180.36 193.102.181.187 NBSS Positive session response
198 2.957065 193.102.181.187 193.102.182.2 SMB Read AndX Request, FID: 0x8003, 1024 bytes at offset 0
199 2.957346 193.102.182.2 193.102.181.187 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
200 2.957422 193.102.181.187 193.102.180.36 SMB Negotiate Protocol Request
201 2.957614 193.102.180.36 193.102.181.187 SMB Negotiate Protocol Response
202 2.957648 193.102.181.187 193.102.182.2 WINREG OpenHKLM request
203 2.958227 193.102.182.2 193.102.181.187 WINREG OpenHKLM reply
204 2.958450 193.102.181.187 193.102.182.2 WINREG OpenEntry request
205 2.958989 193.102.182.2 193.102.181.187 WINREG OpenEntry reply
206 2.959144 193.102.181.187 193.102.182.2 WINREG Close request
207 2.959483 193.102.182.2 193.102.181.187 WINREG Close reply
208 2.959686 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8003
209 2.959937 193.102.182.2 193.102.181.187 SMB Close Response
210 2.963697 193.102.181.187 193.102.180.36 SMB Session Setup AndX Request, User: anonymous; Tree Connect AndX, Path: \\MUCDC1\IPC$
211 2.964027 193.102.180.36 193.102.181.187 SMB Session Setup AndX Response; Tree Connect AndX
212 2.964211 193.102.181.187 193.102.180.36 LANMAN NetServerEnum2 Request, Domain Enum
213 2.964885 193.102.180.36 193.102.181.187 LANMAN NetServerEnum2 Response
214 2.965057 193.102.181.187 193.102.180.36 SMB Logoff AndX Request
215 2.965232 193.102.180.36 193.102.181.187 SMB Logoff AndX Response
216 2.971378 193.102.181.187 193.102.180.36 SMB Tree Disconnect Request
217 2.971552 193.102.180.36 193.102.181.187 SMB Tree Disconnect Response
218 2.974564 193.102.181.187 193.102.180.36 TCP 1661 > netbios-ssn [FIN, ACK] Seq=2192669641 Ack=393532941 Win=63459 Len=0
219 2.974734 193.102.180.36 193.102.181.187 TCP netbios-ssn > 1661 [FIN, ACK] Seq=393532941 Ack=2192669642 Win=8133 Len=0
220 2.974753 193.102.181.187 193.102.180.36 TCP 1661 > netbios-ssn [ACK] Seq=2192669642 Ack=393532942 Win=63459 Len=0
223 2.994156 192.168.0.27 193.102.181.187 NETLOGON SAM Response - user unknown
224 3.001412 193.102.181.187 193.102.180.172 SMB Transaction2 Request QUERY_PATH_INFORMATION, Path: \browseui.dll
225 3.001923 193.102.180.172 193.102.181.187 SMB Transaction2 Response QUERY_PATH_INFORMATION, Error: STATUS_OBJECT_NAME_NOT_FOUND
248 3.102444 193.102.181.187 193.102.180.172 SMB Transaction2 Request QUERY_PATH_INFORMATION, Path: \cscdll.dll
249 3.102871 193.102.180.172 193.102.181.187 SMB Transaction2 Response QUERY_PATH_INFORMATION, Error: STATUS_OBJECT_NAME_NOT_FOUND
250 3.104103 193.102.181.187 193.102.183.255 BROWSER Get Backup List Request
251 3.104233 193.102.181.187 193.102.180.36 NBNS Name query NB UNBEKANNT<1b>
252 3.104530 193.102.180.36 193.102.181.187 NBNS Name query response
253 3.104554 193.102.181.187 193.102.180.37 NBNS Name query NB UNBEKANNT<1b>
254 3.104838 193.102.180.37 193.102.181.187 NBNS Name query response
255 3.108011 193.102.181.187 193.102.182.2 TCP 1659 > microsoft-ds [ACK] Seq=2192325876 Ack=3750106443 Win=62995 Len=0
256 3.108091 193.102.181.187 193.102.183.255 NBNS Name query NB UNBEKANNT<1b>
263 3.208206 193.102.181.187 193.102.180.172 TCP 1647 > netbios-ssn [ACK] Seq=2125098207 Ack=1499687598 Win=64240 Len=0
275 3.859115 193.102.181.187 193.102.183.255 NBNS Name query NB UNBEKANNT<1b>
314 4.610200 193.102.181.187 193.102.183.255 NBNS Name query NB UNBEKANNT<1b>
332 4.970787 193.102.181.187 213.69.241.38 NETLOGON SAM LOGON request from client
335 5.021656 213.69.241.38 193.102.181.187 NETLOGON SAM Response - user unknown

 

[Rafael de Campos]

Verify the Domain Policy.

Our Single Sign-On (SSO) solution uses Kerberos tickets. Some partner
organisations have NT domains and shall be allowed to participate in SSO
with a ticket obtained via secondary logon from the application provider
Active Directory (Windows Server 2003). However, we find that clients
in NT domains never get a Kerberos ticket from the Active Directory.

For example, below is an Ethereal trace of a connection made in the
Explorer to the share \\edhof, which is our Active directory server.
Despite the client (193.102.181.187) being Windows XP and the server
(193.102.182.2) being Server 2003, the authentication appears to be
NTLM, and no Kerberos tickets are obtained by the client. The same
holds for other kinds of connections made from the client to the server;
for example, Terminal Server connections or "runas" with an account from
the server. There is no trust relationship between the domain and the
Active directory, as we want only authentication for our application.

What measures must be taken to allow clients in NT domains to obtain
Kerberos tickets?

Regards,

Oliver Schoett

No. Time Source Destination Protocol Info
49 2.017501 193.102.181.187 193.102.180.172 SMB

Transaction2 Request QUERY_PATH_INFORMATION, Path: \DNSAPI.dll

50 2.017945 193.102.180.172 193.102.181.187 SMB

Transaction2 Response QUERY_PATH_INFORMATION, Error:
STATUS_OBJECT_NAME_NOT_FOUND

54 2.067309 193.102.181.187 193.102.182.2 TCP

1659 > microsoft-ds [SYN] Seq=2192321610 Ack=0 Win=64240 Len=0

55 2.067568 193.102.181.187 193.102.182.2 TCP

1660 > netbios-ssn [SYN] Seq=2192385338 Ack=0 Win=64240 Len=0

56 2.067626 193.102.182.2 193.102.181.187 TCP

microsoft-ds > 1659 [SYN, ACK] Seq=3750101992 Ack=2192321611 Win=17520 Len=0

57 2.067680 193.102.181.187 193.102.182.2 TCP

1659 > microsoft-ds [ACK] Seq=2192321611 Ack=3750101993 Win=64240 Len=0

58 2.067788 193.102.182.2 193.102.181.187 TCP

netbios-ssn > 1660 [SYN, ACK] Seq=2202418490 Ack=2192385339 Win=17520 Len=0

59 2.067807 193.102.181.187 193.102.182.2 TCP

1660 > netbios-ssn [RST] Seq=2192385339 Ack=2192385339 Win=0 Len=0

61 2.068032 193.102.181.187 193.102.182.2 SMB Negotiate Protocol Request
62 2.068591 193.102.182.2 193.102.181.187 SMB Negotiate Protocol Response
63 2.094458 193.102.181.187 193.102.180.36 NBNS

64 2.094799 193.102.180.36 193.102.181.187 NBNS

Name query response NB 193.102.180.36

65 2.094861 193.102.181.187 193.102.183.255 NETLOGON SAM LOGON request from client
66 2.094969 193.102.181.187 193.102.180.36 NETLOGON SAM LOGON request from client
67 2.095051 193.102.181.187 213.68.171.41 NETLOGON SAM LOGON request from client
68 2.095133 193.102.181.187 193.96.171.211 NETLOGON SAM LOGON request from client
69 2.095204 193.102.180.36 193.102.181.187 NETLOGON SAM Response - user unknown
70 2.095240 193.102.180.37 193.102.181.187 NETLOGON SAM Response - user unknown
71 2.095276 193.102.181.187 193.102.180.37 NETLOGON SAM LOGON request from client
72 2.095470 193.102.181.187 193.96.170.42 NETLOGON SAM LOGON request from client
73 2.095555 193.102.181.187 195.126.138.25 NETLOGON SAM LOGON request from client
74 2.095637 193.102.181.187 213.69.239.32 NETLOGON SAM LOGON request from client
75 2.095717 193.102.181.187 192.168.0.27 NETLOGON SAM LOGON request from client
76 2.095798 193.102.181.187 193.96.168.7 NETLOGON SAM LOGON request from client
77 2.095879 193.102.181.187 193.96.168.79 NETLOGON SAM LOGON request from client
83 2.115251 193.96.170.42 193.102.181.187 NETLOGON SAM Response - user unknown
84 2.117934 213.68.171.41 193.102.181.187 NETLOGON SAM Response - user unknown
86 2.118865 193.96.171.211 193.102.181.187 NETLOGON SAM Response - user unknown
87 2.119056 213.69.239.32 193.102.181.187 NETLOGON SAM Response - user unknown
90 2.123025 195.126.138.25 193.102.181.187 NETLOGON SAM Response - user unknown
95 2.206727 193.102.181.187 193.102.182.2 TCP

1659 > microsoft-ds [ACK] Seq=2192321748 Ack=3750102168 Win=64065 Len=0

97 2.206821 193.102.181.187 193.102.180.172 TCP

1647 > netbios-ssn [ACK] Seq=2125097685 Ack=1499687403 Win=62955 Len=0

102 2.307500 193.96.168.7 193.102.181.187 NETLOGON SAM Response - user unknown
112 2.688035 193.102.181.187 193.102.182.2 SMB

Session Setup AndX Request, NTLMSSP_NEGOTIATE

113 2.688748 193.102.182.2 193.102.181.187 SMB

Session Setup AndX Response, NTLMSSP_CHALLENGE, Error:
STATUS_MORE_PROCESSING_REQUIRED

114 2.689102 193.102.181.187 193.102.182.2 SMB

Session Setup AndX Request, NTLMSSP_AUTH

115 2.692494 193.102.182.2 193.102.181.187 SMB Session Setup AndX Response
116 2.692825 193.102.181.187 193.102.182.2 SMB

Tree Connect AndX Request, Path: \\EDHOF\IPC$

117 2.693209 193.102.182.2 193.102.181.187 SMB Tree Connect AndX Response
118 2.694832 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \srvsvc

119 2.695335 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, FID: 0x8001

120 2.695574 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: SRVSVC
121 2.695848 193.102.182.2 193.102.181.187 SMB

Write AndX Response, FID: 0x8001, 72 bytes

122 2.695962 193.102.181.187 193.102.182.2 SMB

Read AndX Request, FID: 0x8001, 1024 bytes at offset 0

123 2.696233 193.102.182.2 193.102.181.187 DCERPC

Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280

124 2.696364 193.102.181.187 193.102.182.2 SRVSVC NetrShareEnum request
125 2.697052 193.102.182.2 193.102.181.187 SRVSVC NetrShareEnum reply
126 2.697272 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8001
127 2.697529 193.102.182.2 193.102.181.187 SMB Close Response
130 2.706304 193.102.181.187 193.102.180.172 SMB

Transaction2 Request QUERY_PATH_INFORMATION, Path: \browseui.dll

131 2.706969 193.102.180.172 193.102.181.187 SMB

Transaction2 Response QUERY_PATH_INFORMATION, Error:
STATUS_OBJECT_NAME_NOT_FOUND

132 2.710041 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \spoolss

133 2.710727 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND

134 2.740703 193.102.181.187 193.102.180.172 SMB

Transaction2 Request QUERY_PATH_INFORMATION, Path: \browseui.dll

135 2.741274 193.102.180.172 193.102.181.187 SMB

Transaction2 Response QUERY_PATH_INFORMATION, Error:
STATUS_OBJECT_NAME_NOT_FOUND

138 2.789233 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \wkssvc

139 2.789732 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, FID: 0x8002

140 2.789970 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: WKSSVC
141 2.790243 193.102.182.2 193.102.181.187 SMB

Write AndX Response, FID: 0x8002, 72 bytes

142 2.829044 193.102.181.187 193.102.182.2 SMB

Read AndX Request, FID: 0x8002, 1024 bytes at offset 0

143 2.829331 193.102.182.2 193.102.181.187 DCERPC

Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280

144 2.849165 193.102.181.187 193.102.182.2 WKSSVC WKS_QUERY_INFO request
145 2.849694 193.102.182.2 193.102.181.187 WKSSVC WKS_QUERY_INFO reply
146 2.849921 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8002
147 2.850183 193.102.182.2 193.102.181.187 SMB Close Response
148 2.859046 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \srvsvc

149 2.859487 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, FID: 0x8004

150 2.859760 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: SRVSVC
151 2.860034 193.102.182.2 193.102.181.187 SMB

Write AndX Response, FID: 0x8004, 72 bytes

152 2.875052 193.102.181.187 193.102.182.2 SMB

Read AndX Request, FID: 0x8004, 1024 bytes at offset 0

153 2.875337 193.102.182.2 193.102.181.187 DCERPC

Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280

154 2.891839 193.102.181.187 193.102.182.2 SRVSVC NetrServerGetInfo request
155 2.892284 193.102.182.2 193.102.181.187 SRVSVC NetrServerGetInfo reply
156 2.892520 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8004
157 2.892776 193.102.182.2 193.102.181.187 SMB Close Response
158 2.893493 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \wkssvc

159 2.893914 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, FID: 0x8005

160 2.894164 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: WKSSVC
161 2.894434 193.102.182.2 193.102.181.187 SMB

Write AndX Response, FID: 0x8005, 72 bytes

162 2.896844 193.102.181.187 193.102.182.2 SMB

Read AndX Request, FID: 0x8005, 1024 bytes at offset 0

163 2.897119 193.102.182.2 193.102.181.187 DCERPC

Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280

164 2.907424 193.102.181.187 193.102.182.2 WKSSVC WKS_QUERY_INFO request
166 2.907736 193.102.181.187 193.102.180.172 TCP

1647 > netbios-ssn [ACK] Seq=2125097897 Ack=1499687481 Win=62877 Len=0

167 2.907907 193.102.182.2 193.102.181.187 WKSSVC WKS_QUERY_INFO reply
168 2.908211 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8005
169 2.908467 193.102.182.2 193.102.181.187 SMB Close Response
170 2.914795 193.102.181.187 193.102.183.255 BROWSER Get Backup List Request
171 2.914946 193.102.181.187 193.102.180.36 NBNS

172 2.915095 193.102.180.36 193.102.181.187 BROWSER Get Backup List Response
173 2.915222 193.102.180.36 193.102.181.187 NBNS

Name query response NB 193.102.180.36

174 2.915259 193.102.181.187 193.102.180.36 BROWSER Get Backup List Request
175 2.915475 193.102.180.36 193.102.181.187 BROWSER Get Backup List Response
176 2.916260 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \srvsvc

177 2.916690 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, FID: 0x8006

178 2.921671 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: SRVSVC
179 2.921870 193.102.181.187 193.102.180.172 SMB

Transaction2 Request QUERY_PATH_INFORMATION, Path: \NETRAP.dll

180 2.921935 193.102.182.2 193.102.181.187 SMB

Write AndX Response, FID: 0x8006, 72 bytes

181 2.922438 193.102.180.172 193.102.181.187 SMB

Transaction2 Response QUERY_PATH_INFORMATION, Error:
STATUS_OBJECT_NAME_NOT_FOUND

182 2.928203 193.102.181.187 193.102.182.2 SMB

Read AndX Request, FID: 0x8006, 1024 bytes at offset 0

183 2.928488 193.102.182.2 193.102.181.187 DCERPC

Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280

184 2.933125 193.102.181.187 193.102.182.2 SRVSVC NetrServerGetInfo request
185 2.933569 193.102.182.2 193.102.181.187 SRVSVC NetrServerGetInfo reply
186 2.933792 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8006
187 2.934049 193.102.182.2 193.102.181.187 SMB Close Response
188 2.936826 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \winreg

189 2.937287 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, FID: 0x8003

190 2.939955 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: WINREG
191 2.940237 193.102.182.2 193.102.181.187 SMB

Write AndX Response, FID: 0x8003, 72 bytes

192 2.953371 193.102.181.187 193.102.180.36 NBNS

193 2.953580 193.102.180.36 193.102.181.187 NBNS

Name query response NB 193.102.180.36

194 2.953627 193.102.181.187 193.102.180.36 TCP

1661 > netbios-ssn [SYN] Seq=2192669013 Ack=0 Win=64240 Len=0

195 2.953775 193.102.180.36 193.102.181.187 TCP

netbios-ssn > 1661 [SYN, ACK] Seq=393532159 Ack=2192669014 Win=8760 Len=0

196 2.953804 193.102.181.187 193.102.180.36 NBSS

197 2.953969 193.102.180.36 193.102.181.187 NBSS Positive session response
198 2.957065 193.102.181.187 193.102.182.2 SMB

Read AndX Request, FID: 0x8003, 1024 bytes at offset 0

199 2.957346 193.102.182.2 193.102.181.187 DCERPC

Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280

200 2.957422 193.102.181.187 193.102.180.36 SMB Negotiate Protocol Request
201 2.957614 193.102.180.36 193.102.181.187 SMB Negotiate Protocol Response
202 2.957648 193.102.181.187 193.102.182.2 WINREG OpenHKLM request
203 2.958227 193.102.182.2 193.102.181.187 WINREG OpenHKLM reply
204 2.958450 193.102.181.187 193.102.182.2 WINREG OpenEntry request
205 2.958989 193.102.182.2 193.102.181.187 WINREG OpenEntry reply
206 2.959144 193.102.181.187 193.102.182.2 WINREG Close request
207 2.959483 193.102.182.2 193.102.181.187 WINREG Close reply
208 2.959686 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8003
209 2.959937 193.102.182.2 193.102.181.187 SMB Close Response
210 2.963697 193.102.181.187 193.102.180.36 SMB

Session Setup AndX Request, User: anonymous; Tree Connect AndX, Path:
\\MUCDC1\IPC$

211 2.964027 193.102.180.36 193.102.181.187 SMB

Session Setup AndX Response; Tree Connect AndX

212 2.964211 193.102.181.187 193.102.180.36 LANMAN

NetServerEnum2 Request, Domain Enum

213 2.964885 193.102.180.36 193.102.181.187 LANMAN NetServerEnum2 Response
214 2.965057 193.102.181.187 193.102.180.36 SMB Logoff AndX Request
215 2.965232 193.102.180.36 193.102.181.187 SMB Logoff AndX Response
216 2.971378 193.102.181.187 193.102.180.36 SMB Tree Disconnect Request
217 2.971552 193.102.180.36 193.102.181.187 SMB Tree Disconnect Response
218 2.974564 193.102.181.187 193.102.180.36 TCP

1661 > netbios-ssn [FIN, ACK] Seq=2192669641 Ack=393532941 Win=63459 Len=0

219 2.974734 193.102.180.36 193.102.181.187 TCP

netbios-ssn > 1661 [FIN, ACK] Seq=393532941 Ack=2192669642 Win=8133 Len=0

220 2.974753 193.102.181.187 193.102.180.36 TCP

1661 > netbios-ssn [ACK] Seq=2192669642 Ack=393532942 Win=63459 Len=0

223 2.994156 192.168.0.27 193.102.181.187 NETLOGON SAM Response - user unknown
224 3.001412 193.102.181.187 193.102.180.172 SMB

Transaction2 Request QUERY_PATH_INFORMATION, Path: \browseui.dll

225 3.001923 193.102.180.172 193.102.181.187 SMB

Transaction2 Response QUERY_PATH_INFORMATION, Error:
STATUS_OBJECT_NAME_NOT_FOUND

248 3.102444 193.102.181.187 193.102.180.172 SMB

Transaction2 Request QUERY_PATH_INFORMATION, Path: \cscdll.dll

249 3.102871 193.102.180.172 193.102.181.187 SMB

Transaction2 Response QUERY_PATH_INFORMATION, Error:
STATUS_OBJECT_NAME_NOT_FOUND

250 3.104103 193.102.181.187 193.102.183.255 BROWSER Get Backup List Request
251 3.104233 193.102.181.187 193.102.180.36 NBNS

252 3.104530 193.102.180.36 193.102.181.187 NBNS Name query response
253 3.104554 193.102.181.187 193.102.180.37 NBNS

254 3.104838 193.102.180.37 193.102.181.187 NBNS Name query response
255 3.108011 193.102.181.187 193.102.182.2 TCP

1659 > microsoft-ds [ACK] Seq=2192325876 Ack=3750106443 Win=62995 Len=0

256 3.108091 193.102.181.187 193.102.183.255 NBNS

263 3.208206 193.102.181.187 193.102.180.172 TCP

1647 > netbios-ssn [ACK] Seq=2125098207 Ack=1499687598 Win=64240 Len=0

275 3.859115 193.102.181.187 193.102.183.255 NBNS

 

[Katherine Coombs]

Hi Oliver,

I'm hapy to be wrong but AFAIK NT 4.0 is not Kerberos-aware and you can
therefore only use NTLM.

Cheers,
Katherine

Our Single Sign-On (SSO) solution uses Kerberos tickets. Some partner
organisations have NT domains and shall be allowed to participate in SSO
with a ticket obtained via secondary logon from the application provider
Active Directory (Windows Server 2003). However, we find that clients
in NT domains never get a Kerberos ticket from the Active Directory.

For example, below is an Ethereal trace of a connection made in the
Explorer to the share \\edhof, which is our Active directory server.
Despite the client (193.102.181.187) being Windows XP and the server
(193.102.182.2) being Server 2003, the authentication appears to be
NTLM, and no Kerberos tickets are obtained by the client. The same
holds for other kinds of connections made from the client to the server;
for example, Terminal Server connections or "runas" with an account from
the server. There is no trust relationship between the domain and the
Active directory, as we want only authentication for our application.

What measures must be taken to allow clients in NT domains to obtain
Kerberos tickets?

Regards,

Oliver Schoett

No. Time Source Destination Protocol Info
49 2.017501 193.102.181.187 193.102.180.172 SMB

Transaction2 Request QUERY_PATH_INFORMATION, Path: \DNSAPI.dll

50 2.017945 193.102.180.172 193.102.181.187 SMB

Transaction2 Response QUERY_PATH_INFORMATION, Error:
STATUS_OBJECT_NAME_NOT_FOUND

54 2.067309 193.102.181.187 193.102.182.2 TCP

1659 > microsoft-ds [SYN] Seq=2192321610 Ack=0 Win=64240 Len=0

55 2.067568 193.102.181.187 193.102.182.2 TCP

1660 > netbios-ssn [SYN] Seq=2192385338 Ack=0 Win=64240 Len=0

56 2.067626 193.102.182.2 193.102.181.187 TCP

microsoft-ds > 1659 [SYN, ACK] Seq=3750101992 Ack=2192321611 Win=17520 Len=0

57 2.067680 193.102.181.187 193.102.182.2 TCP

1659 > microsoft-ds [ACK] Seq=2192321611 Ack=3750101993 Win=64240 Len=0

58 2.067788 193.102.182.2 193.102.181.187 TCP

netbios-ssn > 1660 [SYN, ACK] Seq=2202418490 Ack=2192385339 Win=17520 Len=0

59 2.067807 193.102.181.187 193.102.182.2 TCP

1660 > netbios-ssn [RST] Seq=2192385339 Ack=2192385339 Win=0 Len=0

61 2.068032 193.102.181.187 193.102.182.2 SMB Negotiate Protocol Request
62 2.068591 193.102.182.2 193.102.181.187 SMB Negotiate Protocol Response
63 2.094458 193.102.181.187 193.102.180.36 NBNS

64 2.094799 193.102.180.36 193.102.181.187 NBNS

Name query response NB 193.102.180.36

65 2.094861 193.102.181.187 193.102.183.255 NETLOGON SAM LOGON request from client
66 2.094969 193.102.181.187 193.102.180.36 NETLOGON SAM LOGON request from client
67 2.095051 193.102.181.187 213.68.171.41 NETLOGON SAM LOGON request from client
68 2.095133 193.102.181.187 193.96.171.211 NETLOGON SAM LOGON request from client
69 2.095204 193.102.180.36 193.102.181.187 NETLOGON SAM Response - user unknown
70 2.095240 193.102.180.37 193.102.181.187 NETLOGON SAM Response - user unknown
71 2.095276 193.102.181.187 193.102.180.37 NETLOGON SAM LOGON request from client
72 2.095470 193.102.181.187 193.96.170.42 NETLOGON SAM LOGON request from client
73 2.095555 193.102.181.187 195.126.138.25 NETLOGON SAM LOGON request from client
74 2.095637 193.102.181.187 213.69.239.32 NETLOGON SAM LOGON request from client
75 2.095717 193.102.181.187 192.168.0.27 NETLOGON SAM LOGON request from client
76 2.095798 193.102.181.187 193.96.168.7 NETLOGON SAM LOGON request from client
77 2.095879 193.102.181.187 193.96.168.79 NETLOGON SAM LOGON request from client
83 2.115251 193.96.170.42 193.102.181.187 NETLOGON SAM Response - user unknown
84 2.117934 213.68.171.41 193.102.181.187 NETLOGON SAM Response - user unknown
86 2.118865 193.96.171.211 193.102.181.187 NETLOGON SAM Response - user unknown
87 2.119056 213.69.239.32 193.102.181.187 NETLOGON SAM Response - user unknown
90 2.123025 195.126.138.25 193.102.181.187 NETLOGON SAM Response - user unknown
95 2.206727 193.102.181.187 193.102.182.2 TCP

1659 > microsoft-ds [ACK] Seq=2192321748 Ack=3750102168 Win=64065 Len=0

97 2.206821 193.102.181.187 193.102.180.172 TCP

1647 > netbios-ssn [ACK] Seq=2125097685 Ack=1499687403 Win=62955 Len=0

102 2.307500 193.96.168.7 193.102.181.187 NETLOGON SAM Response - user unknown
112 2.688035 193.102.181.187 193.102.182.2 SMB

Session Setup AndX Request, NTLMSSP_NEGOTIATE

113 2.688748 193.102.182.2 193.102.181.187 SMB

Session Setup AndX Response, NTLMSSP_CHALLENGE, Error:
STATUS_MORE_PROCESSING_REQUIRED

114 2.689102 193.102.181.187 193.102.182.2 SMB

Session Setup AndX Request, NTLMSSP_AUTH

115 2.692494 193.102.182.2 193.102.181.187 SMB Session Setup AndX Response
116 2.692825 193.102.181.187 193.102.182.2 SMB

Tree Connect AndX Request, Path: \\EDHOF\IPC$

117 2.693209 193.102.182.2 193.102.181.187 SMB Tree Connect AndX Response
118 2.694832 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \srvsvc

119 2.695335 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, FID: 0x8001

120 2.695574 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: SRVSVC
121 2.695848 193.102.182.2 193.102.181.187 SMB

Write AndX Response, FID: 0x8001, 72 bytes

122 2.695962 193.102.181.187 193.102.182.2 SMB

Read AndX Request, FID: 0x8001, 1024 bytes at offset 0

123 2.696233 193.102.182.2 193.102.181.187 DCERPC

Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280

124 2.696364 193.102.181.187 193.102.182.2 SRVSVC NetrShareEnum request
125 2.697052 193.102.182.2 193.102.181.187 SRVSVC NetrShareEnum reply
126 2.697272 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8001
127 2.697529 193.102.182.2 193.102.181.187 SMB Close Response
130 2.706304 193.102.181.187 193.102.180.172 SMB

Transaction2 Request QUERY_PATH_INFORMATION, Path: \browseui.dll

131 2.706969 193.102.180.172 193.102.181.187 SMB

Transaction2 Response QUERY_PATH_INFORMATION, Error:
STATUS_OBJECT_NAME_NOT_FOUND

132 2.710041 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \spoolss

133 2.710727 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND

134 2.740703 193.102.181.187 193.102.180.172 SMB

Transaction2 Request QUERY_PATH_INFORMATION, Path: \browseui.dll

135 2.741274 193.102.180.172 193.102.181.187 SMB

Transaction2 Response QUERY_PATH_INFORMATION, Error:
STATUS_OBJECT_NAME_NOT_FOUND

138 2.789233 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \wkssvc

139 2.789732 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, FID: 0x8002

140 2.789970 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: WKSSVC
141 2.790243 193.102.182.2 193.102.181.187 SMB

Write AndX Response, FID: 0x8002, 72 bytes

142 2.829044 193.102.181.187 193.102.182.2 SMB

Read AndX Request, FID: 0x8002, 1024 bytes at offset 0

143 2.829331 193.102.182.2 193.102.181.187 DCERPC

Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280

144 2.849165 193.102.181.187 193.102.182.2 WKSSVC WKS_QUERY_INFO request
145 2.849694 193.102.182.2 193.102.181.187 WKSSVC WKS_QUERY_INFO reply
146 2.849921 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8002
147 2.850183 193.102.182.2 193.102.181.187 SMB Close Response
148 2.859046 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \srvsvc

149 2.859487 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, FID: 0x8004

150 2.859760 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: SRVSVC
151 2.860034 193.102.182.2 193.102.181.187 SMB

Write AndX Response, FID: 0x8004, 72 bytes

152 2.875052 193.102.181.187 193.102.182.2 SMB

Read AndX Request, FID: 0x8004, 1024 bytes at offset 0

153 2.875337 193.102.182.2 193.102.181.187 DCERPC

Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280

154 2.891839 193.102.181.187 193.102.182.2 SRVSVC NetrServerGetInfo request
155 2.892284 193.102.182.2 193.102.181.187 SRVSVC NetrServerGetInfo reply
156 2.892520 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8004
157 2.892776 193.102.182.2 193.102.181.187 SMB Close Response
158 2.893493 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \wkssvc

159 2.893914 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, FID: 0x8005

160 2.894164 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: WKSSVC
161 2.894434 193.102.182.2 193.102.181.187 SMB

Write AndX Response, FID: 0x8005, 72 bytes

162 2.896844 193.102.181.187 193.102.182.2 SMB

Read AndX Request, FID: 0x8005, 1024 bytes at offset 0

163 2.897119 193.102.182.2 193.102.181.187 DCERPC

Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280

164 2.907424 193.102.181.187 193.102.182.2 WKSSVC WKS_QUERY_INFO request
166 2.907736 193.102.181.187 193.102.180.172 TCP

1647 > netbios-ssn [ACK] Seq=2125097897 Ack=1499687481 Win=62877 Len=0

167 2.907907 193.102.182.2 193.102.181.187 WKSSVC WKS_QUERY_INFO reply
168 2.908211 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8005
169 2.908467 193.102.182.2 193.102.181.187 SMB Close Response
170 2.914795 193.102.181.187 193.102.183.255 BROWSER Get Backup List Request
171 2.914946 193.102.181.187 193.102.180.36 NBNS

172 2.915095 193.102.180.36 193.102.181.187 BROWSER Get Backup List Response
173 2.915222 193.102.180.36 193.102.181.187 NBNS

Name query response NB 193.102.180.36

174 2.915259 193.102.181.187 193.102.180.36 BROWSER Get Backup List Request
175 2.915475 193.102.180.36 193.102.181.187 BROWSER Get Backup List Response
176 2.916260 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \srvsvc

177 2.916690 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, FID: 0x8006

178 2.921671 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: SRVSVC
179 2.921870 193.102.181.187 193.102.180.172 SMB

Transaction2 Request QUERY_PATH_INFORMATION, Path: \NETRAP.dll

180 2.921935 193.102.182.2 193.102.181.187 SMB

Write AndX Response, FID: 0x8006, 72 bytes

181 2.922438 193.102.180.172 193.102.181.187 SMB

Transaction2 Response QUERY_PATH_INFORMATION, Error:
STATUS_OBJECT_NAME_NOT_FOUND

182 2.928203 193.102.181.187 193.102.182.2 SMB

Read AndX Request, FID: 0x8006, 1024 bytes at offset 0

183 2.928488 193.102.182.2 193.102.181.187 DCERPC

Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280

184 2.933125 193.102.181.187 193.102.182.2 SRVSVC NetrServerGetInfo request
185 2.933569 193.102.182.2 193.102.181.187 SRVSVC NetrServerGetInfo reply
186 2.933792 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8006
187 2.934049 193.102.182.2 193.102.181.187 SMB Close Response
188 2.936826 193.102.181.187 193.102.182.2 SMB

NT Create AndX Request, Path: \winreg

189 2.937287 193.102.182.2 193.102.181.187 SMB

NT Create AndX Response, FID: 0x8003

190 2.939955 193.102.181.187 193.102.182.2 DCERPC Bind: call_id: 1 UUID: WINREG
191 2.940237 193.102.182.2 193.102.181.187 SMB

Write AndX Response, FID: 0x8003, 72 bytes

192 2.953371 193.102.181.187 193.102.180.36 NBNS

193 2.953580 193.102.180.36 193.102.181.187 NBNS

Name query response NB 193.102.180.36

194 2.953627 193.102.181.187 193.102.180.36 TCP

1661 > netbios-ssn [SYN] Seq=2192669013 Ack=0 Win=64240 Len=0

195 2.953775 193.102.180.36 193.102.181.187 TCP

netbios-ssn > 1661 [SYN, ACK] Seq=393532159 Ack=2192669014 Win=8760 Len=0

196 2.953804 193.102.181.187 193.102.180.36 NBSS

197 2.953969 193.102.180.36 193.102.181.187 NBSS Positive session response
198 2.957065 193.102.181.187 193.102.182.2 SMB

Read AndX Request, FID: 0x8003, 1024 bytes at offset 0

199 2.957346 193.102.182.2 193.102.181.187 DCERPC

Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280

200 2.957422 193.102.181.187 193.102.180.36 SMB Negotiate Protocol Request
201 2.957614 193.102.180.36 193.102.181.187 SMB Negotiate Protocol Response
202 2.957648 193.102.181.187 193.102.182.2 WINREG OpenHKLM request
203 2.958227 193.102.182.2 193.102.181.187 WINREG OpenHKLM reply
204 2.958450 193.102.181.187 193.102.182.2 WINREG OpenEntry request
205 2.958989 193.102.182.2 193.102.181.187 WINREG OpenEntry reply
206 2.959144 193.102.181.187 193.102.182.2 WINREG Close request
207 2.959483 193.102.182.2 193.102.181.187 WINREG Close reply
208 2.959686 193.102.181.187 193.102.182.2 SMB Close Request, FID: 0x8003
209 2.959937 193.102.182.2 193.102.181.187 SMB Close Response
210 2.963697 193.102.181.187 193.102.180.36 SMB

Session Setup AndX Request, User: anonymous; Tree Connect AndX, Path:
\\MUCDC1\IPC$

211 2.964027 193.102.180.36 193.102.181.187 SMB

Session Setup AndX Response; Tree Connect AndX

212 2.964211 193.102.181.187 193.102.180.36 LANMAN

NetServerEnum2 Request, Domain Enum

213 2.964885 193.102.180.36 193.102.181.187 LANMAN NetServerEnum2 Response
214 2.965057 193.102.181.187 193.102.180.36 SMB Logoff AndX Request
215 2.965232 193.102.180.36 193.102.181.187 SMB Logoff AndX Response
216 2.971378 193.102.181.187 193.102.180.36 SMB Tree Disconnect Request
217 2.971552 193.102.180.36 193.102.181.187 SMB Tree Disconnect Response
218 2.974564 193.102.181.187 193.102.180.36 TCP

1661 > netbios-ssn [FIN, ACK] Seq=2192669641 Ack=393532941 Win=63459 Len=0

219 2.974734 193.102.180.36 193.102.181.187 TCP

netbios-ssn > 1661 [FIN, ACK] Seq=393532941 Ack=2192669642 Win=8133 Len=0

220 2.974753 193.102.181.187 193.102.180.36 TCP

1661 > netbios-ssn [ACK] Seq=2192669642 Ack=393532942 Win=63459 Len=0

223 2.994156 192.168.0.27 193.102.181.187 NETLOGON SAM Response - user unknown
224 3.001412 193.102.181.187 193.102.180.172 SMB

Transaction2 Request QUERY_PATH_INFORMATION, Path: \browseui.dll

225 3.001923 193.102.180.172 193.102.181.187 SMB

Transaction2 Response QUERY_PATH_INFORMATION, Error:
STATUS_OBJECT_NAME_NOT_FOUND

248 3.102444 193.102.181.187 193.102.180.172 SMB

Transaction2 Request QUERY_PATH_INFORMATION, Path: \cscdll.dll

249 3.102871 193.102.180.172 193.102.181.187 SMB

Transaction2 Response QUERY_PATH_INFORMATION, Error:
STATUS_OBJECT_NAME_NOT_FOUND

250 3.104103 193.102.181.187 193.102.183.255 BROWSER Get Backup List Request
251 3.104233 193.102.181.187 193.102.180.36 NBNS

252 3.104530 193.102.180.36 193.102.181.187 NBNS Name query response
253 3.104554 193.102.181.187 193.102.180.37 NBNS

254 3.104838 193.102.180.37 193.102.181.187 NBNS Name query response
255 3.108011 193.102.181.187 193.102.182.2 TCP

1659 > microsoft-ds [ACK] Seq=2192325876 Ack=3750106443 Win=62995 Len=0

256 3.108091 193.102.181.187 193.102.183.255 NBNS

263 3.208206 193.102.181.187 193.102.180.172 TCP

1647 > netbios-ssn [ACK] Seq=2125098207 Ack=1499687598 Win=64240 Len=0

275 3.859115 193.102.181.187 193.102.183.255 NBNS

 

[Oliver Schoett]

Katherine Coombs wrote on 2003-10-21 01:17:

I'm hapy to be wrong but AFAIK NT 4.0 is not Kerberos-aware and you can
therefore only use NTLM.

Of course, but this is an XP client talking to a Windows 2003 Server.
Both can talk Kerberos, so I think they should. (The client is in an NT
domain, but it is talking to the Windows 2003 Active Directory server of
*another* domain.)

Rafael de Campos wrote on 2003-10-20 15:38:

Verify the Domain Policy.

Which domain? The NT domain of which the client is a member, or the
Active Directory domain served by the Windows 2003 server? Which
setting would help? (I have checked the Active Directory 2003 domain
and not found a setting that appears suitable.)

Regards,

Oliver Schoett

 

[Rafael de Campos]

Sorry but, are u working using Mixed mode, native mode win2k or native mode
win2k3?

 

[Oliver Schoett]

Rafael de Campos wrote on 2003-10-21 15:23:

Sorry but, are u working using Mixed mode, native mode win2k or native mode
win2k3?

Current domain functional level is "Windows 2000 native".

Current forest functional level is "Windows 2000".

Would raising the level help with this problem, or is a trust
relationship needed between the NT domain containig the client and the
Active Directory domain (there currently is none, and I would prefer it
that way, as it is more suitable for partner organizations of our client).

Regards,

Oliver Schoett