Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
NTLM cache does not work if authentication source uses comma separated DCs IP #3776
I was trying out ntlm cache and couldn't get it to work. Enabled debug and noticed secretsdump gets called this way:
/usr/local/pf/addons/AD/secretsdump.py 'packetfence':'firstname.lastname@example.org,192.168.0.76 -just-dc-ntlm -output /tmp/J54dtYqiAA -usersfile /usr/local/pf/var/cache/ntlm_cache_users/APRA.valid-users.txt
which running manually returns:
Impacket v0.9.15 - Copyright 2002-2016 Core Security Technologies
[-] RemoteOperations failed: [Errno Connection error (192.168.0.7,192.168.0.76:445)] [Errno -2] Name or service not known
I'm using 2 DCs in the authentication source:
The NTLM cache code was written without considering multiple IP addresses would be used in the host value of LDAP.
If you want a quick fix, use a DNS record for your LDAP host, I'll create a fix that picks the first LDAP server and put it in the maintenance when I have a moment.
Thanks for the really detailed troubleshooting