| 1 | This is an RPC backend that implements all operations in terms of
|
|---|
| 2 | remote RPC operations. This may be useful in certain debugging
|
|---|
| 3 | situations, where the traffic is encrypted, or you wish to validate
|
|---|
| 4 | that IDL is correct before implementing full test clients, or with
|
|---|
| 5 | windows clients.
|
|---|
| 6 |
|
|---|
| 7 | There are two modes of operation: Password specified and delegated
|
|---|
| 8 | credentials.
|
|---|
| 9 |
|
|---|
| 10 | Password specified:
|
|---|
| 11 | -------------------
|
|---|
| 12 |
|
|---|
| 13 | This uses a static username/password in the config file, example:
|
|---|
| 14 |
|
|---|
| 15 | [global]
|
|---|
| 16 | dcerpc endpoint servers = remote
|
|---|
| 17 | dcerpc_remote:binding = ncacn_np:win2003
|
|---|
| 18 | dcerpc_remote:username = administrator
|
|---|
| 19 | dcerpc_remote:password = PASSWORD
|
|---|
| 20 | dcerpc_remote:interfaces = samr, lsarpc, netlogon
|
|---|
| 21 |
|
|---|
| 22 | Delegated credentials:
|
|---|
| 23 | ----------------------
|
|---|
| 24 |
|
|---|
| 25 | If your incoming user is authenticated with Kerberos, and the machine
|
|---|
| 26 | account for this Samba4 proxy server is 'trusted for delegation', then
|
|---|
| 27 | the Samba4 proxy can forward the client's credentials to the target.
|
|---|
| 28 |
|
|---|
| 29 | You must be joined to the domain (net join <domain> member).
|
|---|
| 30 |
|
|---|
| 31 | To set 'trusted for delegation' with MMC, see the checkbox in the
|
|---|
| 32 | Computer account property page under Users and Computers.
|
|---|
| 33 |
|
|---|
| 34 | [global]
|
|---|
| 35 | dcerpc endpoint servers = remote
|
|---|
| 36 | dcerpc_remote:binding = ncacn_np:win2003
|
|---|
| 37 | dcerpc_remote:interfaces = samr, lsarpc, netlogon
|
|---|
| 38 |
|
|---|
