Help interpreting wireshark traces

[Lars Hanke]

Hi Rick,

 > Disclaiming any experience with AD; but this sounds like the domain join
> might have replaced the keytab that held the old service ticket, or perhaps
> it is now unreachable because AD has renamed the realm.

Well, sometimes strange things happen, but I can do exactly the same 
(intended) access using a ldapsearch, which essentially draws on the 
same SASL library. So I suspect that python-ldap is doing something else 
- but I have no idea what.

Messing up the default keytabs would also silence my speakers 
immediately, since the music is served by kerberized NFS4.

> SASL traces should be visible, at least if you’re not running inside TLS, which
> is not necessary for GSS-API (but it is for data privacy since SASL apps usually
> don’t use the C_Wrap() facilities).

My SASL GSSAPI even prohibits running TLS for some reason.

And, yes I see SASL bind requests and a success response. I just don't 
know which principal was used. Since if it was the one I thought it 
should be, the query should succeed.

My question was about extracting the principal used for authentication 
from the SASL trace. This hopefully is not AD specific.

Thanks,
  - lars.