libsmbclient: Browsing and a URI spec?
armand.welsh at sscims.com
Thu Jan 4 17:09:06 GMT 2001
authenticating against a server, instead of the domain, even though you
logged into the domain, you only need to specify the server name, as the
workgroup/domain. I have done this on my linux box, with smbclient, to log
into my NT Workstation as the local administrator. While I was logged in
the Workstation as my domain user account on another share.
-> -----Original Message-----
-> From: Michael B. Allen [mailto:mballen at erols.com]
-> Sent: Thursday, January 04, 2001 1:29 AM
-> To: Simo Sorce
-> Cc: Michael B. Allen; Steve Langasek; Allen, Michael B (RSCH); Samba
-> Subject: Re: libsmbclient: Browsing and a URI spec?
-> On Thu, Jan 04, 2001 at 09:12:15AM +0100, Simo Sorce wrote:
-> > ahaaa....
-> > I suspected a trust relationship!
-> <snip stuff by me>
-> > a piar should be set I think:
-> > client auth domain =
-> > client auth server =
-> > as with trust relationship who is actually authenticating
-> you is your
-> > right domain server, but it will use the "central" domain
-> account by the
-> > trust relationship.
-> Actually that's not how I interpreted how authentication is
-> working. I
-> know from working on jcifs and *many* hours in front of Ethereal/Net
-> Mon that authenticating a user accessing a share is simply to
-> send the authenticating domain in the PrimaryDomain field of the
-> SMB_COM_SESSION_SETUP_ANDX. I _ssume_ that the target server
-> will then
-> contact the authentication controller(domain controller?) on
-> behalf of the
-> client and accept or reject the session setup based on it's
-> response. I
-> do not believe an NT Work Station contacts a third party
-> however I must
-> admit I never tried an id that differed from the id currently logged
-> into the target server. So I don't recall seeing the *server* contact
-> a third party. Mmm, actually I think I have.
-> At least I know authentication will work without the third
-> party server
-> information so 'client auth server =' would not be necessary.
-> signature pending
More information about the samba-technical