Authentication through transitive trusts
Jeremy Allison
jra at samba.org
Thu Jul 17 18:46:26 GMT 2003
On Thu, Jul 17, 2003 at 02:29:04PM -0400, Ken Cross wrote:
> Steve:
>
> I think we're talking apples and oranges.
>
> The "AD-enabled client" doesn't connect to the AD server, it connects to
> Samba. And unless I'm badly mistaken (which I'd *love* to be), the client
> does not use Kerberos to connect to Samba, it uses NTLM. (NTLMSSP? SPNEGO?)
Hmmm. If Samba is added into a AD domain and is using kerberos auth
then user authentication is done via krb5 tickets. This should work.
Check out the function reply_spnego_kerberos() in smbd/sesssetup.c
Jeremy.
More information about the samba-technical
mailing list