Difference between revisions of "Keytab Extraction"

(Samba3: Fix keytab extraction instructions.)
(Samba4: Mention samba-tool for recent s4.)
Line 8: Line 8:
  
 
  net vampire NETBIOS_DOMAIN_NAME --realm=REALM -Uadministrator
 
  net vampire NETBIOS_DOMAIN_NAME --realm=REALM -Uadministrator
 +
 +
Or, for a recent GIT checkout (later than 2010/10/23):
 +
 +
samba-tool vampire NETBIOS_DOMAIN_NAME --realm=REALM -Uadministrator
  
 
If everything is set up correctly, it should just work.  If not, check /etc/krb5.conf in particular - ensure it can reach the KDC by setting:
 
If everything is set up correctly, it should just work.  If not, check /etc/krb5.conf in particular - ensure it can reach the KDC by setting:
Line 17: Line 21:
  
 
  net export keytab PATH_TO_KEYAB
 
  net export keytab PATH_TO_KEYAB
 +
 +
or:
 +
 +
samba-tool export keytab PATH_TO_KEYAB
  
 
It will write out a keytab in the path specified, containing the current keys for every host.
 
It will write out a keytab in the path specified, containing the current keys for every host.

Revision as of 12:44, 29 October 2010

How to Extract a keytab containing your domain's passwords

The keytab, a standard format for the storage of Kerberos keys, is also the input required by Wireshark to decrypt encrypted traffic

There are two ways to obtain a keytab from a Windows domain, with Samba:

Samba4

To join the domain, run:

net vampire NETBIOS_DOMAIN_NAME --realm=REALM -Uadministrator

Or, for a recent GIT checkout (later than 2010/10/23):

samba-tool vampire NETBIOS_DOMAIN_NAME --realm=REALM -Uadministrator

If everything is set up correctly, it should just work. If not, check /etc/krb5.conf in particular - ensure it can reach the KDC by setting:

[libdefaults]
dns_lookup_kdc = true

Then, to extract the keytab run

net export keytab PATH_TO_KEYAB

or:

samba-tool export keytab PATH_TO_KEYAB

It will write out a keytab in the path specified, containing the current keys for every host.

Samba3

To dump a keytab, join the domain and then run:

net rpc vampire keytab /path/to/keytab/file

Note that the path to the keytab file needs to be an absolute path.