Keytab Extraction

From SambaWiki
Revision as of 08:53, 4 August 2010 by Kai (talk | contribs) (→‎Samba3: Fix keytab extraction instructions.)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

How to Extract a keytab containing your domain's passwords

The keytab, a standard format for the storage of Kerberos keys, is also the input required by Wireshark to decrypt encrypted traffic

There are two ways to obtain a keytab from a Windows domain, with Samba:

Samba4

To join the domain, run:

net vampire NETBIOS_DOMAIN_NAME --realm=REALM -Uadministrator

If everything is set up correctly, it should just work. If not, check /etc/krb5.conf in particular - ensure it can reach the KDC by setting:

[libdefaults]
dns_lookup_kdc = true

Then, to extract the keytab run

net export keytab PATH_TO_KEYAB

It will write out a keytab in the path specified, containing the current keys for every host.

Samba3

To dump a keytab, join the domain and then run:

net rpc vampire keytab /path/to/keytab/file

Note that the path to the keytab file needs to be an absolute path.