Domain Join w/ SChannel GSS-API Kerberos for JCIFS

Michael B Allen mba2000 at ioplex.com
Tue Nov 16 00:03:04 GMT 2004


Andrew Bartlett said:
>> Or do I do SessionSetupAndX extended security with just the data in the
>> Kerberos ticket/blob/PAC?
>
> Correct.  This is one of the things that makes Kerberos such a useful
> system.  All you need is the service key.

Okay this is clearer now.

But back to my use-case -- once I get the ticket, with whom do I do
extended security negotiation to looking up a user's membership? The DC or
KDC?

Do I still want to do SamrLookupNamesInDomain et al or should I be doing
LDAP to Active Directory?

Mike


More information about the samba-technical mailing list