Authentication through transitive trusts
rsharpe at richardsharpe.com
Thu Jul 17 18:42:56 GMT 2003
On Thu, 17 Jul 2003, Ken Cross wrote:
> I think we're talking apples and oranges.
> The "AD-enabled client" doesn't connect to the AD server, it connects to
> Samba. And unless I'm badly mistaken (which I'd *love* to be), the client
> does not use Kerberos to connect to Samba, it uses NTLM. (NTLMSSP? SPNEGO?)
Hmmm, do you have a sniff of this?
I would have thought that an AD-enabled client would have authenticated
with the KDC and received a service ticket for the SMB server it wants to
contact, which it should wrap up in the SPNEGO stuff in the session
Hmmm, the details start to get difficult after that.
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
More information about the samba-technical