Just wonder if it is possible to decrypt the signed LDAP packets to and from a Windows server. I have disabled LDAP signing on the client and server, plus implemented various registry settings that are also meant to disable this however after binding the next packets are all listed as SASL GSS-API Privacy. The changes have allowed me to see the bind request and response however the next packets are a mystery.
I'm trying to see the information returned when using Outlook 2007 and the autodiscover process internally (i.e. domain machine on the domain). Supposedly Outlook should query AD for a list of SCP objects and return these and I suspect this information is contain in these signed packets.
The client is Windows XP SP3 and the server is Windows 2003 R2.
Anyhelp would be appreciated.
asked 01 May '12, 04:24
GSSS-API decryption should work with the KRB5 decryption of wireshark.
You'll need to change to protocol preference for KRB5 ("Try to decrypt Kerberos blobs") and you'll need a proper keytab file.
Did you try that?
answered 01 May '12, 11:51
Kurt Knochner ♦