closer to delegated credentials on samba4

Amin Azez azez at ufomechanic.net
Wed Dec 5 14:10:21 GMT 2007


* Andrew Bartlett wrote, On 24/09/07 22:54:
> On Mon, 2007-09-24 at 12:50 +0100, Amin Azez wrote:
>   
>> I may have got confused over the direction in which delegation works.
>>     
>
> I think you want spoofing :-)
>
> Delegated credentials works when the client knows it's talking to
> machine1, but the files happen to be elsewhere, on a machine the client
> doesn't know about.
>
> However, don't despair.  There are ways to use MSDFS to make clients
> change which machine they are talking to.  Likewise, you could steal the
> target server's keytab.  Work on getting it working when the client is
> 'in the know', and I'll try to give you a hand with the subtle tricks
> later. 
>   
Using the tips in your message of 22/09/07 01:23 I have delegated
credentials working nicely, so the proxying works when the client is "in
the know".

(I'm wondering why I need to set up a share-per-remote-share and will
work on a wild-card share so new remote shares just "work")

Please could I beg an MSDFS tip?

Sam




More information about the samba-technical mailing list