Credentials Relay Prevention

Jeremy Allison jra at
Mon Dec 22 16:34:30 MST 2014

On Wed, Sep 03, 2014 at 10:25:14PM +0000, Oren wrote:
> Hi,
> Can Credentials Relay be prevented for Linux Samba Clients? 
> Namely, is there some configuration parameter such that Linux Samba Client <-> Samba Server using correct domain credentials should work but  Linux Samba Client <-> TCP Proxy (MITM) <-> Samba Server should be rejected?
> SMB Signing and/or forcing NTLMv2 does not seem to help here as no payload manipulations are made.

I think SMB signing does fix this.

More information about the samba-technical mailing list