1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
samba-mirror/source4/rpc_server/remote
Andreas Schneider 4b2e7da37a s4:rpc_server: Use cli_credentials_init_server()
This also removes dcerpc_remote:domain option for the machine account case.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-09 10:46:28 +00:00
..
dcesrv_remote.c s4:rpc_server: Use cli_credentials_init_server() 2021-04-09 10:46:28 +00:00
README

This is an RPC backend that implements all operations in terms of
remote RPC operations.  This may be useful in certain debugging
situations, where the traffic is encrypted, or you wish to validate
that IDL is correct before implementing full test clients, or with
windows clients.

There are two modes of operation: Password specified and delegated
credentials.

Password specified:
-------------------

This uses a static username/password in the config file, example:

[global]
	dcerpc endpoint servers = remote
	dcerpc_remote:binding = ncacn_np:win2003
	dcerpc_remote:username = administrator
	dcerpc_remote:password = PASSWORD
	dcerpc_remote:interfaces = samr, lsarpc, netlogon

Delegated credentials:
----------------------

If your incoming user is authenticated with Kerberos, and the machine
account for this Samba4 proxy server is 'trusted for delegation', then
the Samba4 proxy can forward the client's credentials to the target.

You must be joined to the domain (net join <domain> member).

To set 'trusted for delegation' with MMC, see the checkbox in the
Computer account property page under Users and Computers.

[global]
	dcerpc endpoint servers = remote
	dcerpc_remote:binding = ncacn_np:win2003
	dcerpc_remote:interfaces = samr, lsarpc, netlogon