[PATCH] Always use schannel when contacting our DC.

Andrew Bartlett abartlet at samba.org
Fri Jul 25 00:22:15 GMT 2003

On Fri, 2003-07-25 at 02:23, Ken Cross wrote:
> Andrew:
> I'm not sure I understand the implications of this.  If "we will always make
> an Netlogon connection to the DC" (as opposed to a Kerberos connection?),
> what happens if the DC is set up for Kerberos-only.  More and more
> organizations are going that way.
> Or am I totally off base?  Is this related to the transitive trust issue
> (which I guess is still unresolved)?

It's unrelated, except that silly solutions like 'use smbserver
authentication' won't solve the transitive trusts issue, as there are
now other reasons to contact the DC.

This is a solution to NT4 DCs that have RA=1, if you are running ADS
then we use LDAP anyway.  (This patch is about RPC connections)

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030725/95e7ab66/attachment.bin

More information about the samba-technical mailing list