Authentication through transitive trusts
Richard Sharpe
rsharpe at richardsharpe.com
Thu Jul 17 19:50:08 GMT 2003
On Thu, 17 Jul 2003, Ken Cross wrote:
> Attached is smb.conf and the sniff:
>
> 10.0.0.160 - "BORDEAUX" - a Samba 3.0 Beta 3 server running NetBSD
>
> 10.0.0.204 - "WIN1" - Windows 2000 (SP4) AD Server, domain WIN1DOM
>
> 10.0.0.189 - "KJCWINXP" - Windows XP Pro Client, a member of WIN1DOM,
> logged on as user "atest", a member of the WIN1DOM domain
OK, here is what is happening:
Samba responds in the NegProt response with a Blob with SPNEGO in it
saying that it handles KRB5, MS KRB5 (wrong OID), and NTLMSSP, in that
order.
The client select NTLMSSP, and forces Samba down that path.
I think that something is not quite correct about your client, or perhaps
we are not responding with enough bits somewhere to get Windows to do the
right thing.
What would be useful is to see an equivalent trace against a Win2K AD
server.
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: x2.cap
Type: application/octet-stream
Size: 25937 bytes
Desc:
Url : http://lists.samba.org/archive/samba-technical/attachments/20030717/46a5411b/x2.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smb.conf
Type: application/octet-stream
Size: 7487 bytes
Desc:
Url : http://lists.samba.org/archive/samba-technical/attachments/20030717/46a5411b/smb.obj
More information about the samba-technical
mailing list