I'm trying to understand Microsoft's behaviour around referrals to trusted domains, and referrals as generated between the NetBIOS and DNS names for a domain.
I think this is meant to be covered by http://tools.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-11 referred to as Referrals-11 in MS-KILE. However, what I really need is some detail on exactly how Microsoft implements it, as sadly I have little confidence that Windows 2003 follows exactly an RFC proposal last dated in 2008 :-) Presumably these need to be addressed in Windows behaviour notes. In particular, I'm looking at the example archived here: http://permalink.gmane.org/gmane.network.samba.internals/53515 The issue in this case is that the user logs in with DOMAIN\user and Samba attempts to transform that into user@REALM, but the client does not appear to accept the cross-realm ticket (to ourselves) that we generate. Any assistance you can give would be most welcome. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
