KDC has no support for PADATA type (pre-authentication data) #2
Comments
|
Does Rubeus give you the same error? This would indicate that the CA setup of the domain is not complete and the Kerberos service does not (yet) accept PKI based preauthentication. |
|
Yes ,so how to resolve the issue, does this attack works? |
|
Hi. Try this "https://support.citrix.com/article/CTX218941". I got the same error and managed to solve it by removing an old certificate issued by a CA that no longer exists then issueing a new certificate using the new CA. |
|
I share this in case someone has the same issue ( |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
when I gettgt from a certificate ,I get error show below:
python3 gettgtpkinit.py -cert-pfx ../temp/PetitPotam/host1.pfx -dc-ip 10.0.0.0.1 domain/test$ test.ccache -v 1 ⨯
2021-07-30 04:59:22,388 minikerberos INFO Loading certificate and key from file
2021-07-30 04:59:22,507 minikerberos INFO Requesting TGT
Traceback (most recent call last):
File "/home/kali/PKINITtools/gettgtpkinit.py", line 349, in
main()
File "/home/kali/PKINITtools/gettgtpkinit.py", line 345, in main
amain(args)
File "/home/kali/PKINITtools/gettgtpkinit.py", line 315, in amain
res = sock.sendrecv(req)
File "/usr/local/lib/python3.9/dist-packages/minikerberos-0.2.14-py3.9.egg/minikerberos/network/clientsocket.py", line 87, in sendrecv
minikerberos.protocol.errors.KerberosError: Error Code: 16 Reason: KDC has no support for PADATA type (pre-authentication data)
The text was updated successfully, but these errors were encountered: