1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00
Andrew Bartlett 541809b006 r13265: Clarify how delegation works with the remote RPC backend.
Andrew Bartlett
(This used to be commit 75489ac8bced0f9e7ab28739fd6b26ab12cfa585)
2007-10-10 13:51:40 -05:00

39 lines
1.2 KiB
Plaintext

This is an RPC backend that implements all operations in terms of
remote RPC operations. This may be useful in certain debugging
situations, where the traffic is encrypted, or you wish to validate
that IDL is correct before implementing full test clients, or with
windows clients.
There are two modes of operation: Password specified and delegated
credentials.
Password specified:
-------------------
This uses a static username/password in the config file, example:
[global]
dcerpc endpoint servers = remote
dcerpc_remote:binding = ncacn_np:win2003
dcerpc_remote:username = administrator
dcerpc_remote:password = PASSWORD
dcerpc_remote:interfaces = samr, lsarpc, netlogon
Delegated credentials:
----------------------
If your incoming user is authenticated with Kerberos, and the machine
account for this Samba4 proxy server is 'trusted for delegation', then
the Samba4 proxy can forward the client's credentials to the target.
You must be joined to the domain (net join <domain> member).
To set 'trusted for delegation' with MMC, see the checkbox in the
Computer account property page under Users and Computers.
[global]
dcerpc endpoint servers = remote
dcerpc_remote:binding = ncacn_np:win2003
dcerpc_remote:interfaces = samr, lsarpc, netlogon