Credentials Relay Prevention
jra at samba.org
Mon Dec 22 16:34:30 MST 2014
On Wed, Sep 03, 2014 at 10:25:14PM +0000, Oren wrote:
> Can Credentials Relay be prevented for Linux Samba Clients?
> Namely, is there some configuration parameter such that Linux Samba Client <-> Samba Server using correct domain credentials should work but Linux Samba Client <-> TCP Proxy (MITM) <-> Samba Server should be rejected?
> SMB Signing and/or forcing NTLMv2 does not seem to help here as no payload manipulations are made.
I think SMB signing does fix this.
More information about the samba-technical