1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/source4/rpc_server/remote
Stefan Metzmacher 98d5872293 s4:rpc_server: make it possible to specify ncacn_np_secondary_endpoint
Even a connect to \\pipe\lsarpc should return a secondary_address
of '\\pipe\\lsass'. But that will be implemented in a following commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:41 +01:00
..
dcesrv_remote.c s4:rpc_server: make it possible to specify ncacn_np_secondary_endpoint 2019-01-12 03:13:41 +01:00
README

This is an RPC backend that implements all operations in terms of
remote RPC operations.  This may be useful in certain debugging
situations, where the traffic is encrypted, or you wish to validate
that IDL is correct before implementing full test clients, or with
windows clients.

There are two modes of operation: Password specified and delegated
credentials.

Password specified:
-------------------

This uses a static username/password in the config file, example:

[global]
	dcerpc endpoint servers = remote
	dcerpc_remote:binding = ncacn_np:win2003
	dcerpc_remote:username = administrator
	dcerpc_remote:password = PASSWORD
	dcerpc_remote:interfaces = samr, lsarpc, netlogon

Delegated credentials:
----------------------

If your incoming user is authenticated with Kerberos, and the machine
account for this Samba4 proxy server is 'trusted for delegation', then
the Samba4 proxy can forward the client's credentials to the target.

You must be joined to the domain (net join <domain> member).

To set 'trusted for delegation' with MMC, see the checkbox in the
Computer account property page under Users and Computers.

[global]
	dcerpc endpoint servers = remote
	dcerpc_remote:binding = ncacn_np:win2003
	dcerpc_remote:interfaces = samr, lsarpc, netlogon