[cifs-protocol] [EXTERNAL] Re: [MS-ADTS] SID as DN alternative for querying groups by member - TrackingID#2209290040008412
Andrew Bartlett
abartlet at samba.org
Tue Nov 15 19:44:21 UTC 2022
On Tue, 2022-11-15 at 18:50 +0000, Jeff McCashland (He/him) wrote:
> > 1. Not using SASL/Kerberos
> > 2. Not using signing and encryption
> > 3. Attempting Simple Bind on cleart-text LDAP port rather than
> > using TLS
>
>
> Do all of these need to be set?
Following up on this, so given that Samba clients work hard to use
Kerberos with SASL encryption (and not TLS due to issues around channel
binding) that this feature won't work?
Is it the case that on Windows this is a simple forwarding of the
simple bind DN and cleartext password from one server to another, but
that advanced techniques like S4U2Proxy are not used?
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20221116/d5580c84/attachment.htm>
More information about the cifs-protocol
mailing list