[PATCH] Always use schannel when contacting our DC.
abartlet at samba.org
Fri Jul 25 00:22:15 GMT 2003
On Fri, 2003-07-25 at 02:23, Ken Cross wrote:
> I'm not sure I understand the implications of this. If "we will always make
> an Netlogon connection to the DC" (as opposed to a Kerberos connection?),
> what happens if the DC is set up for Kerberos-only. More and more
> organizations are going that way.
> Or am I totally off base? Is this related to the transitive trust issue
> (which I guess is still unresolved)?
It's unrelated, except that silly solutions like 'use smbserver
authentication' won't solve the transitive trusts issue, as there are
now other reasons to contact the DC.
This is a solution to NT4 DCs that have RA=1, if you are running ADS
then we use LDAP anyway. (This patch is about RPC connections)
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030725/95e7ab66/attachment.bin
More information about the samba-technical