Authentication through transitive trusts
Richard Sharpe
rsharpe at richardsharpe.com
Thu Jul 17 18:42:56 GMT 2003
On Thu, 17 Jul 2003, Ken Cross wrote:
> Steve:
>
> I think we're talking apples and oranges.
>
> The "AD-enabled client" doesn't connect to the AD server, it connects to
> Samba. And unless I'm badly mistaken (which I'd *love* to be), the client
> does not use Kerberos to connect to Samba, it uses NTLM. (NTLMSSP? SPNEGO?)
Hmmm, do you have a sniff of this?
I would have thought that an AD-enabled client would have authenticated
with the KDC and received a service ticket for the SMB server it wants to
contact, which it should wrap up in the SPNEGO stuff in the session
setup&X etc.
Hmmm, the details start to get difficult after that.
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
More information about the samba-technical
mailing list