> > Hallo > > This is mainly a question for Mr. Douglas E.Engert but if anyone else > can help please feel free to do so. > We have a similar organisation as the "opposite" and I can't figure out > how to accomplish the following: > We will users in the AD 2003 domain authenticate to Windows and then get > a cross real ticket for services in the MIT realm. > > We manage to achieve that User with a mapped Principal can login on a > client in the AD with the MIT Realm Principal and Password. He gets a > tgt for the MIT realm and one for the AD 2003 Domain. But if the same > user login on a client in the AD with the Principal and Password from > the AD Domain he only gets a tgt for the AD domain. If he tries to use a > service in the MIT realm he gets a Error from the AD 2003 Domain > Controller "KDC_S_Principal_unknown". > The Problem is that the User don't get a cross real ticket from the MIT > Realm if he log in a [EMAIL PROTECTED] Domain. > > It would be great if anyone can give me a hint what to do next. > > Thanks Schikora
It sounds like you only setup a one way trust between the MIT and AD realms. -- ----------------- This e-mail account is not read on a regular basis. Please send private responses to jaltman at mit dot edu ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
