Protocols

Kerberos

Protocol for authentication. Grants a TGT allowing to ask for TGS granting access to services.

Ports:

Protocol to manage directory services (CRUD).
In AD it'ss also used for authorization by querying permissions for an object.

Ports:

Used for speeding up cross-domain queries and enabling forest-wide searches:

LDAP and Kerberos work in conjunction in AD environments to guarantee users are authenticated and authorized to perform actions.

Here is the workflow for login into a workstation:

User enters credentials on a domain-joined machine.
Local LSASS forwards credentials to domain controller.
Domain controller's KDC receives the credentials.
KDC validates the credentials against the AD database NTDS.dit (instead of local SAM).
KDC issues a TGT allowing to request TGS.
LDAP pulls Group Policies to apply to the workstation, like firewall rules or software restrictions.

Kerberos and LDAP also run on top of other protocols. Example with file sharing with SMB:

Kerberos: The KDC authenticates the user for access to the shared drive by granting a TGS.
LDAP: The SMB server then queries AD via LDAP to obtain the user's group memberships to enforce permissions on different folders

Use for file and hardware (mostly printers) sharing

Port:

Older versions of SMB used to run via Netbios. It's here mostly for retro-compatibility.

Port:

Microsoft's implementation of the RPC standard. It can use TCP, Netbios or even HTTP.

Ports:

The HTTP protocol is used by various services in AD

Last updated 2 years ago