libsmbclient: Browsing and a URI spec?

Thu Jan 4 17:16:12 GMT 2001

So in this case, the fact it's a member of DomainA is irrelevant then,
because you are telling it to authenticate against domainB, UNLESS you are
using this client as a host for resources.  Am I getting this correctly?

-> -----Original Message-----
-> From: Simo Sorce [mailto:simo.sorce at polimi.it]
-> Sent: Thursday, January 04, 2001 5:52 AM
-> To: Michael B. Allen
-> Cc: Steve Langasek; Allen, Michael B (RSCH); Samba Technical
-> Subject: Re: libsmbclient: Browsing and a URI spec?
-> 
-> 
-> On Thu, 4 Jan 2001, Michael B. Allen wrote:
-> 
-> > On Thu, Jan 04, 2001 at 09:12:15AM +0100, Simo Sorce wrote:
-> > > ahaaa....
-> > > I suspected a trust relationship!
-> > >
-> > <snip stuff by me>
-> > >
-> > > a piar should be set I think:
-> > > client auth domain =
-> > > client auth server =
-> > >
-> > > as with trust relationship who is actually 
-> authenticating you is your
-> > > right domain server, but it will use the "central" 
-> domain account by the
-> > > trust relationship.
-> >
-> > Actually that's not how I interpreted how authentication 
-> is working. I
-> > know from working on jcifs and *many* hours in front of 
-> Ethereal/Net
-> > Mon that authenticating a user accessing a share is simply to
-> > send the authenticating domain in the PrimaryDomain field of the
-> > SMB_COM_SESSION_SETUP_ANDX. I _ssume_ that the target 
-> server will then
-> > contact the authentication controller(domain controller?) 
-> on behalf of the
-> > client and accept or reject the session setup based on 
-> it's response. I
-> > do not believe an NT Work Station contacts a third party 
-> however I must
-> > admit I never tried an id that differed from the id 
-> currently logged
-> > into the target server. So I don't recall seeing the 
-> *server* contact
-> > a third party. Mmm, actually I think I have.
-> >
-> > At least I know authentication will work without the third 
-> party server
-> > information so 'client auth server =' would not be necessary.
-> >
-> > Mike
-> >
-> >
-> 
-> I explained badly probably.
-> For what I know authentication, in case of trust 
-> relationship, follow this
-> path:
-> 
-> clinet contact his domain controller (domain A)
-> and passess domain\username
-> if domain is another domain (B) and theres a trsat 
-> relationship beetween
-> between A and B then domain controller A will request domain 
-> controller B
-> to authenticate the user.
-> 
-> so what is needed as default is:
-> the default user domain (B) and the default authenticaticator
-> (A domain PDC/BDC.
-> 
-> 
-> -- 
-> Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico 
-> di Milano
-> E-mail: simo.sorce at polimi.it
-> Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451
-> -----------------------------------------------------------------
-> Be happy, use Linux!
-> 
-> 