mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
ffb8b50e3c
This will allow the NETLOGON server in the AD DC to declare that it does not use handles, and so allow some more flexibility with association groups Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> |
||
|---|---|---|
| .. | ||
| dcesrv_remote.c | ||
| README | ||
This is an RPC backend that implements all operations in terms of remote RPC operations. This may be useful in certain debugging situations, where the traffic is encrypted, or you wish to validate that IDL is correct before implementing full test clients, or with windows clients. There are two modes of operation: Password specified and delegated credentials. Password specified: ------------------- This uses a static username/password in the config file, example: [global] dcerpc endpoint servers = remote dcerpc_remote:binding = ncacn_np:win2003 dcerpc_remote:username = administrator dcerpc_remote:password = PASSWORD dcerpc_remote:interfaces = samr, lsarpc, netlogon Delegated credentials: ---------------------- If your incoming user is authenticated with Kerberos, and the machine account for this Samba4 proxy server is 'trusted for delegation', then the Samba4 proxy can forward the client's credentials to the target. You must be joined to the domain (net join <domain> member). To set 'trusted for delegation' with MMC, see the checkbox in the Computer account property page under Users and Computers. [global] dcerpc endpoint servers = remote dcerpc_remote:binding = ncacn_np:win2003 dcerpc_remote:interfaces = samr, lsarpc, netlogon