Authentication through transitive trusts
Richard Sharpe
rsharpe at richardsharpe.com
Thu Jul 17 22:25:33 GMT 2003
On Thu, 17 Jul 2003, Richard Sharpe wrote:
> On Thu, 17 Jul 2003, Ken Cross wrote:
>
> > Here you go. Similar setup:
> >
> > 10.0.0.204 - "WIN1" - Windows 2000 (SP4) AD Server, domain WIN1DOM
> >
> > 10.0.0.189 - "KJCWINXP" - Windows XP Pro Client, a member of WIN1DOM
> >
> > It shows KJCWINXP connecting to the "Program Files" share on WIN1. It looks
> > like it negotiated "MS KRB5" protocol.
>
> OK, apart from the long-file name bit that I mentioned before, here is/are
> some further difference(s) between Samba and Win2K ...
>
> 1. Win2K offers an additional OID in the NegProt Response:
> 1.2.840.113554.2.2.3, which looks strange as it is a
> sub-oid of KRB5. Ethereal does not know of it ATM.
>
> 2. In the session setup&X, the MechType offers MS KRB5, KRB5, and
> NTLMSSP, in that order.
Clearly, however, the AD-enabled client must be making the decision based
solely on the NegProt response ...
I wonder what it is ... I don't have an AD-enabled client to test with,
and don't have the time to set one up, sigh.
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kjc1.cap
Type: application/octet-stream
Size: 59787 bytes
Desc:
Url : http://lists.samba.org/archive/samba-technical/attachments/20030717/afe118cd/kjc1.obj
More information about the samba-technical
mailing list