Samuel Wolf
2023-Jul-13 09:14 UTC
[Samba] ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023
Hello Fabio,> Have you tried disabling NLA on the windows 10 pc that is the RDP "server"?not yet.> I only know about local cache on the clients that allows to logon without the domain controller.Yes I guess it's working at the moment because of this cache, maybe I'm totally wrong with my theory. Samuel
Fabio Muzzi
2023-Jul-13 13:04 UTC
[Samba] ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023
On 13/07/2023 11.14, Samuel Wolf via samba wrote:>> I only know about local cache on the clients that allows to logon without the domain controller. > > Yes I guess it's working at the moment because of this cache, maybe > I'm totally wrong with my theory.I'd say that you are wrong, but I'm not sure at all. If that cache actually is involved, it should work even for non-domain RDP clients, because the auth process should happen between the RDP client and the RDP server (win10 pc) accessing its local cache. I have a test scenario that I cannot test now: get the RDP server on a network with the RDP client and make it so that the RDP server cannot reach the DC (basically you could just use a single cable between the two hosts). This way the cache is the only thing that it can use to authenticate. Does it work like this? Fabio