"Faking" an AD Join.
simo
idra at samba.org
Wed Dec 19 03:48:05 GMT 2007
On Tue, 2007-12-18 at 17:14 -0600, Christopher R. Hertel wrote:
> Okay, another one...
>
> Other than 'security=server', is there any way to perform authentication
> against an Active Directory Domain Controller if the admins won't allow me
> to join my machine to the domain?
>
> I'm thinking not, but I'd love to be proven wrong.
>
> If security=server is the only option, then I still need a mechanism for
> mapping IDs, possibly based on username alone (or the Domain/Username
> combo). That mapping would need to be stored somewhere (OpenLDAP?) so that
> it is consistent across multiple servers.
>
> What insight can people provide?
So using MITM techniques is preferred than to let a machine join and
handle higher security levels ?
Curious.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>
More information about the samba-technical
mailing list