Delegetion, Kerbeous problem
OSA
I am developing the distributed applications. Server is executable
module and it's running on remote computer. The server should open a
file in shared folder on other server. So I need to delegate network
credentials from a client to the server. I created virtual network.
There are 3 computers there: the server is domain controller on
Windows 2008 Server and 2 computers. One - Windows XP and second -
Windows 7. My client on Windows 7 tries to connect to server on
Windows XP. Here is code
[code]
COAUTHINFO ai;
COSERVERINFO si;
::memset(&si,0,sizeof(si));
si.pwszName = L"SERVER_1";
::memset(&ai,0,sizeof(ai));
si.pAuthInfo = &ai;
ai.dwAuthnSvc = RPC_C_AUTHN_DEFAULT;
ai.dwAuthzSvc = RPC_C_AUTHZ_DEFAULT;
ai.dwAuthnLevel = RPC_C_AUTHN_LEVEL_DEFAULT;
ai.dwImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE;
ai.dwCapabilities = EOAC_NONE;
::CoCreateInstanceEx(CLSID_Server, NULL, CLSCTX_REMOTE_SERVER, &si, 1,
qi);
[/code]
This is work correctly. The connection to remote server is set
successfully. After that I am calling the CoSetProxyBlanket method to
set settings for server proxy
[code]
::CoSetProxyBlanket(pServerProxy,[b]RPC_C_AUTHN_GSS_KERBEROS[/b],
RPC_C_AUTHZ_NONE, L"DOMAIN_NAME\USER_NAME", RPC_C_AUTHN_LEVEL_DEFAULT,
[b]RPC_C_IMP_LEVEL_DELEGATE[/b], nullptr,[b]EOAC_DYNAMIC_CLOAKING[/
b]);
[/code]
So, I am trying to use the Kerberous protocol because it supports a
delegation and dynamic cloaking. This call is successful too. Now it's
time to call the method of my server
[code]
pServerProxy->RunOperation();
[/code]
and I get error 0x800706d3 (The authentication service is unknown). Is
it mean Kerberous protocol is not setup? But this protocol is used by
default in domain networks? If I am using RPC_C_AUTHN_DEFAULT instead
of RPC_C_AUTHN_GSS_KERBEROS, then call of pServerProxy-
>RunOperation() is successful but delegation is not used because the
NTLM protocol is using and my server get Access Denied when it tries
to access file on shared folder. What is wrong in this scenario?