Andrew, from the capture you have provided us (no-canon.enterprise.lc-realm.uc-user.krb5-realm.win2k.upn.pcap),
Client sent Cname = [email protected] and the actual submitted Realm from the network capture is WIN2012R2.ABARTLET.WGTN.CAT-IT.CO.NZ. (It is not w2k12.abartlet.wgtn.cat-it.co.nz) The client did not ask for canonicalization. The KDC returned Cname [email protected] which is exactly what is sent The KDC returned Crealm WIN2012R2.ABARTLET.WGTN.CAT-IT.CO.NZ as expected. The realm is always normalized per RFC. It's just that if windows AD receives a mixed case realm name, then it will do a case insensitive comparision per MS-KILE 3.1.5.7 Internationalization and Case Sensitivity. I do not see short-form domain being changed to a DNS-based realm. Please let me know if I am missing something. Regards, Sreekanth Nadendla Microsoft Windows Open Specifications -----Original Message----- From: Andrew Bartlett [mailto:[email protected]] Sent: Monday, February 16, 2015 11:11 PM To: Sreekanth Nadendla Cc: MSSolve Case Email; [email protected] Subject: Re: [cifs-protocol] 114121712176508 MS-KILE Behaviour for client principal name in service tickets On Tue, 2015-02-17 at 03:44 +0000, Sreekanth Nadendla wrote: > Hello Andrew, MS-KILE section “3.1.5.7 Internationalization and Case > Sensitivity” in mentions that Name comparisons, whether for users or domains > MUST NOT be case sensitive in MS-KILE. So a separate WBN is NOT needed. I still don't see where that allows a short-form domain to be changed into a DNS-based realm, nor a implies that the case of that MUST be transformed to upper case. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
