closer to delegated credentials on samba4
Amin Azez
azez at ufomechanic.net
Wed Dec 5 14:10:21 GMT 2007
* Andrew Bartlett wrote, On 24/09/07 22:54:
> On Mon, 2007-09-24 at 12:50 +0100, Amin Azez wrote:
>
>> I may have got confused over the direction in which delegation works.
>>
>
> I think you want spoofing :-)
>
> Delegated credentials works when the client knows it's talking to
> machine1, but the files happen to be elsewhere, on a machine the client
> doesn't know about.
>
> However, don't despair. There are ways to use MSDFS to make clients
> change which machine they are talking to. Likewise, you could steal the
> target server's keytab. Work on getting it working when the client is
> 'in the know', and I'll try to give you a hand with the subtle tricks
> later.
>
Using the tips in your message of 22/09/07 01:23 I have delegated
credentials working nicely, so the proxying works when the client is "in
the know".
(I'm wondering why I need to set up a share-per-remote-share and will
work on a wild-card share so new remote shares just "work")
Please could I beg an MSDFS tip?
Sam
More information about the samba-technical
mailing list