Keytab Extraction

From SambaWiki
Revision as of 03:27, 26 February 2010 by Abartlet (talk | contribs) (new page to describe how to get a keytab with Samba)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

How to Extract a keytab containing your domain's passwords

The keytab, a standard format for the storage of Kerberos keys, is also the input required by Wireshark to decrypt encrypted traffic

There are two ways to obtain a keytab from a Windows domain, with Samba:

Samba4

To join the domain, run:

net vampire NETBIOS_DOMAIN_NAME --realm=REALM -Uadministrator

If everything is set up correctly, it should just work. If not, check /etc/krb5.conf in particular - ensure it can reach the KDC by setting:

[libdefaults]
dns_lookup_kdc = true

Then, to extract the keytab run

net export keytab PATH_TO_KEYAB

It will write out a keytab in the path specified, containing the current keys for every host.

Samba3

To dump a keytab, run:

net samdump keytab

(TODO: test and specify exact arguments)