closer to delegated credentials on samba4

Amin Azez azez at
Wed Dec 5 14:10:21 GMT 2007

* Andrew Bartlett wrote, On 24/09/07 22:54:
> On Mon, 2007-09-24 at 12:50 +0100, Amin Azez wrote:
>> I may have got confused over the direction in which delegation works.
> I think you want spoofing :-)
> Delegated credentials works when the client knows it's talking to
> machine1, but the files happen to be elsewhere, on a machine the client
> doesn't know about.
> However, don't despair.  There are ways to use MSDFS to make clients
> change which machine they are talking to.  Likewise, you could steal the
> target server's keytab.  Work on getting it working when the client is
> 'in the know', and I'll try to give you a hand with the subtle tricks
> later. 
Using the tips in your message of 22/09/07 01:23 I have delegated
credentials working nicely, so the proxying works when the client is "in
the know".

(I'm wondering why I need to set up a share-per-remote-share and will
work on a wild-card share so new remote shares just "work")

Please could I beg an MSDFS tip?


More information about the samba-technical mailing list