samba pipe?

Andrew Bartlett abartlet at
Wed Feb 16 21:03:07 GMT 2005

On Thu, 2005-02-17 at 02:34 +1100, Andrew Tridgell wrote:
> Volker,
>  > Agreed. But doing the ntlm(2?) bind with the machine account is ok? IIRC this
>  > can't be done in the windows world, but I think samba could implement this
>  > without the need for kerberos I think.
> I'll leave it up to abartlet and you to work out - I'm just flagging
> that allowing anonymous access to this is not good.

I'm certainly not happy with an NTLM bind, mostly because we can't
handle the trusted domain case for:

Samba Server -> Windows Doamin (primary)
             -> Samba domain (trusted)

It also just does not match windows behaviour.

For our primary domain, then a schannel bind is appropriate.  For
trusted domains, this is harder to get right.

Andrew Bartlett  

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list