[Samba] ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023
Fabio Muzzi
liste at kurgan.org
Thu Jul 13 13:04:50 UTC 2023
On 13/07/2023 11.14, Samuel Wolf via samba wrote:
>> I only know about local cache on the clients that allows to logon without the domain controller.
>
> Yes I guess it's working at the moment because of this cache, maybe
> I'm totally wrong with my theory.
I'd say that you are wrong, but I'm not sure at all.
If that cache actually is involved, it should work even for non-domain RDP clients, because the auth process should happen between the RDP client and the RDP server (win10 pc) accessing its local cache.
I have a test scenario that I cannot test now: get the RDP server on a network with the RDP client and make it so that the RDP server cannot reach the DC (basically you could just use a single cable between the two hosts). This way the cache is the only thing that it can use to authenticate. Does it work like this?
Fabio
More information about the samba
mailing list