Just to clarify you do not have a Cross Forest Trust in place but instead a down level trust between domains in the two separate forests? If a cross forest one way trust is in place then yes you should see a referral if it is a down level trust then no you will not see a referral but as you have observed in some cases Kerberos will work. If you did not choose to create a Cross Forest Trust in this scenario was there a specific reason?
Thanks, -Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hagberg Lars Sent: Sunday, November 06, 2005 5:47 PM To: [email protected] Subject: [ActiveDir] No Kerberos referral Hi all, I have a problem getting Kerberos authentication to work between two forests Should Kerberos referrals work between domains in different forests trusted by a one way trust? Client and user in intranet domain, resource in extranet forest Windows Server 2003 SP1 & Windows XP SP2 Extranet domain trusts intranet domain Trust is working for NTLM and Kerberos but I don't get a referral to the extranet domain when I expect it, I get one when specifically asks for a referral ticket but not when just asking for service ticket Have anyone else been able to get Kerberos referrals to work with a one way external trust? Any proposal what the problem could be if it should work with the one way trust? Regards Lars Hagberg _________________________________________________ Lars Hagberg Volvo Information Technology AB Dept 2560, VBBVN SE-405 08 Göteborg, Sweden Telephone: +46 31 32 21934 E-mail: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
