libsmbclient: Browsing and a URI spec?

Welsh, Armand armand.welsh at sscims.com
Thu Jan 4 17:09:06 GMT 2001


authenticating against a server, instead of the domain, even though you
logged into the domain, you only need to specify the server name, as the
workgroup/domain.  I have done this on my linux box, with smbclient, to log
into my NT Workstation as the local administrator.  While I was logged in
the Workstation as my domain user account on another share.

-> -----Original Message-----
-> From: Michael B. Allen [mailto:mballen at erols.com]
-> Sent: Thursday, January 04, 2001 1:29 AM
-> To: Simo Sorce
-> Cc: Michael B. Allen; Steve Langasek; Allen, Michael B (RSCH); Samba
-> Technical
-> Subject: Re: libsmbclient: Browsing and a URI spec?
-> 
-> 
-> On Thu, Jan 04, 2001 at 09:12:15AM +0100, Simo Sorce wrote:
-> > ahaaa....
-> > I suspected a trust relationship!
-> > 
-> <snip stuff by me>
-> >
-> > a piar should be set I think:
-> > client auth domain =
-> > client auth server =
-> > 
-> > as with trust relationship who is actually authenticating 
-> you is your
-> > right domain server, but it will use the "central" domain 
-> account by the
-> > trust relationship.
-> 
-> Actually that's not how I interpreted how authentication is 
-> working. I
-> know from working on jcifs and *many* hours in front of Ethereal/Net
-> Mon that authenticating a user accessing a share is simply to
-> send the authenticating domain in the PrimaryDomain field of the
-> SMB_COM_SESSION_SETUP_ANDX. I _ssume_ that the target server 
-> will then
-> contact the authentication controller(domain controller?) on 
-> behalf of the
-> client and accept or reject the session setup based on it's 
-> response. I
-> do not believe an NT Work Station contacts a third party 
-> however I must
-> admit I never tried an id that differed from the id currently logged
-> into the target server. So I don't recall seeing the *server* contact
-> a third party. Mmm, actually I think I have.
-> 
-> At least I know authentication will work without the third 
-> party server
-> information so 'client auth server =' would not be necessary.
-> 
-> Mike
-> 
-> -- 
-> signature pending
-> 




More information about the samba-technical mailing list