[Samba] ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023
liste at kurgan.org
Thu Jul 13 13:04:50 UTC 2023
On 13/07/2023 11.14, Samuel Wolf via samba wrote:
>> I only know about local cache on the clients that allows to logon without the domain controller.
> Yes I guess it's working at the moment because of this cache, maybe
> I'm totally wrong with my theory.
I'd say that you are wrong, but I'm not sure at all.
If that cache actually is involved, it should work even for non-domain RDP clients, because the auth process should happen between the RDP client and the RDP server (win10 pc) accessing its local cache.
I have a test scenario that I cannot test now: get the RDP server on a network with the RDP client and make it so that the RDP server cannot reach the DC (basically you could just use a single cable between the two hosts). This way the cache is the only thing that it can use to authenticate. Does it work like this?
More information about the samba