[cifs-protocol] [EXTERNAL] Re: [MS-ADTS] SID as DN alternative for querying groups by member - TrackingID#2209290040008412

Andrew Bartlett abartlet at samba.org
Tue Nov 15 19:44:21 UTC 2022

On Tue, 2022-11-15 at 18:50 +0000, Jeff McCashland (He/him) wrote:
> > 1.    Not using SASL/Kerberos
> > 2.    Not using signing and encryption
> > 3.    Attempting Simple Bind on cleart-text LDAP port rather than
> > using TLS
> Do all of these need to be set?
Following up on this, so given that Samba clients work hard to use
Kerberos with SASL encryption (and not TLS due to issues around channel
binding) that this feature won't work?

Is it the case that on Windows this is a simple forwarding of the
simple bind DN and cleartext password from one server to another, but
that advanced techniques like S4U2Proxy are not used?

Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20221116/d5580c84/attachment.htm>

More information about the cifs-protocol mailing list