Credentials Relay Prevention

Oren theoren28 at
Wed Sep 3 16:31:45 MDT 2014

Can Credentials Relay be prevented for Linux Samba Clients? 
Namely, is there some configuration parameter such that Linux Samba Client <-> Samba Server using correct domain credentials should work but  Linux Samba Client <-> TCP Proxy (MITM) <-> Samba Server should be rejected?
SMB Signing and/or forcing NTLMv2 does not seem to help here as no payload manipulations are made.

Related Microsoft/Attack posts.

More information about the samba-technical mailing list