"Faking" an AD Join.

simo idra at samba.org
Wed Dec 19 03:48:05 GMT 2007

On Tue, 2007-12-18 at 17:14 -0600, Christopher R. Hertel wrote:
> Okay, another one...
> Other than 'security=server', is there any way to perform authentication
> against an Active Directory Domain Controller if the admins won't allow me
> to join my machine to the domain?
> I'm thinking not, but I'd love to be proven wrong.
> If security=server is the only option, then I still need a mechanism for
> mapping IDs, possibly based on username alone (or the Domain/Username
> combo).  That mapping would need to be stored somewhere (OpenLDAP?) so that
> it is consistent across multiple servers.
> What insight can people provide?

So using MITM techniques is preferred than to let a machine join and
handle higher security levels ?



Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>

More information about the samba-technical mailing list