Authentication through transitive trusts

Jeremy Allison jra at
Thu Jul 17 18:46:26 GMT 2003

On Thu, Jul 17, 2003 at 02:29:04PM -0400, Ken Cross wrote:
> Steve:
> I think we're talking apples and oranges.
> The "AD-enabled client" doesn't connect to the AD server, it connects to
> Samba.  And unless I'm badly mistaken (which I'd *love* to be), the client
> does not use Kerberos to connect to Samba, it uses NTLM.  (NTLMSSP? SPNEGO?)

Hmmm. If Samba is added into a AD domain and is using kerberos auth
then user authentication is done via krb5 tickets. This should work.

Check out the function reply_spnego_kerberos() in smbd/sesssetup.c


More information about the samba-technical mailing list