Delegated credentials with netbios aliases
Amin Azez
azez at ufomechanic.net
Fri Jan 4 11:04:42 GMT 2008
The old cifs proxy works fine with delegated credentials, but if I
connect to/via the proxy using ip address
e.g.
\\10.0.0.5\test
instead of the real name, then I see the error:
PROXY backend: NO delegated credentials found: You must supply server,
user and password or the client must supply delegated credentials
make_connection: NTVFS make connection failed!
I have some questions on delegated credentials.
When I connect with the canonical name, is the client supplying
delegated credentials (the proxy machine account is checked "trust for
delegation on the AD server) or, is it that whatever delegation
mechanism is used, fails when the canonical name is not used - and so
the client must in those cases supply delegated credentials in order for
proxying to still work?
The problem I'm working on is whether or not a separate smbd instance
complete with config, listen-ip, machine account and delegated trust is
required for each server that is proxied, or if there is any innocent
way that the requested netbios name from the client to the proxied
session, or maybe the local ip address can be used as a clue for which
remote server to proxy for. (or use share-prefixes, ugh, would that ever
work with DFS?)
Sam
More information about the samba-technical
mailing list