[Samba] Obtaining Login Session for Verification

ralph strebbing blackbirdralph at gmail.com
Thu May 19 12:54:11 UTC 2022

Hi All,

As mentioned in other threads, lately a bit project I've been working
on is the cutover to a new Palo Alto firewall, with this we've been
using User Authentication for content filtering and we're quite
restrictive. After many angles and attempts at different solutions
that don't involve outright using a windows domain controller, we've
resorted to using Palo Alto's XML API to manipulate who's logged in
when by having an authentication agent we made sit on each PC and
report back to a central server to make the API calls and track who's
logged in.
On this note, one thing we're trying to achieve now is locking this
application down a bit, so we're trying to figure out the best way to
go about obtaining the logged in user's Kerberos? ticket, and somehow
verifying that it's valid against the domain controller. If there is a
better approach, I'm open to suggestions, the biggest thing we need is
the ability to authenticate the user logged into the PC is actually a
valid domain user, because right now the agent simply sends the active
session username to the auth server, there is no validation that
exists right now.

Thanks in advance for any advice or suggestions into the matter.


More information about the samba mailing list