Thomas Lubanski wrote:
> Hi, > > I've run into a problem with the cross realm trust and Windows Workstations. > The setup is as follows: > Windows Workstation stand-alone with XP. The department owning the > workstation is doing their own adminsitration. The > central department is running AD. > The Workstation should not be imported into AD, as the owning department > doesn't want that. > The standalone Workstation shall login to a Kerberos KDC. Works like a charm. > Cross Realm trusts between the Kerberos KDC and AD were established. If I use > a WS in the AD domain, I can logon to the > KDC and get the tickets for AD, so I can access everytrhing there. > If the standalone Workstation is trying to access a resource in the domain, > it is not asking for the domain ticket, > however. It is asking for a specific service ticket for the server hosting > the service. For example, if I want to map a > drive, the workstation is asking the KDC for a ticket for cifs/server. Sounds like the workstation Kerberos client code is expecting the KDC to return a referral for the cifs/server to point to the other realm. Whoses KDC are you running? Does it support referrals? > Now I know this is really working as designed, as the Windows workstation has > no clue about a domain or cross realm > trusts. > So my question is: Is it possible to make this work *without* putting the > Windows Workstation into the AD domain? > > Thanks > Thomas > > > Thomas Lubanski "The best laid LANs > Senior Architect often go foul." > Novell Consulting > Tel: +49-211-5631-3758 > email: [EMAIL PROTECTED] > Noerdlicher Zubringer 9 -11 > 40470 Duesseldorf > Novell, Software for the Open Enterprise > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
