[cifs-protocol] How is a krb5 request to cifs/my.realm handled?
Richard Guthrie
rguthrie at microsoft.com
Tue Jul 14 08:24:57 MDT 2009
Andrew,
I noticed the attachment had not gone through on this previous mail so here it is. Please let me know if you have any further feedback. If I don't hear from you by Monday, July 14, 2009 I will go ahead and archive this issue.
Richard Guthrie
Support Escalation Engineer
Open Protocols Support Team
http://blogs.msdn.com/OpenSpecification
Tel: +1 (469) 775-7794
E-mail: rguthrie at microsoft.com
-----Original Message-----
From: Richard Guthrie
Sent: Tuesday, June 30, 2009 3:44 PM
To: 'Andrew Bartlett'
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: [cifs-protocol] RE: How is a krb5 request to cifs/my.realm handled?
Andrew,
Attached is the last email that I have regarding this subject. A new case, SRX090630600140, has been created for this issue to continue working. I believe this knowledge base article, http://support.microsoft.com/kb/842162, discusses some relevant details about the implementation of sysvol in its discussion of how to relocate the actual folder mapping.
It sounds like though, that you might still be having an issue on the KDC side of the house. This link on technet http://technet.microsoft.com/en-us/library/cc782417(WS.10).aspx (Section: How DFS Is Used During the Logon Process), I believe has the information you are looking for, and goes into great depth on how the client downloads policies from the domain using DFS which is the means to retrieve group policy.
Please let us know if you have further questions regarding this issue.
Richard Guthrie
Support Escalation Engineer
Open Protocols Support Team
http://blogs.msdn.com/OpenSpecification
Tel: +1 (469) 775-7794
E-mail: rguthrie at microsoft.com
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, June 30, 2009 5:08 AM
To: Richard Guthrie
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: Re: [cifs-protocol] RE: How is a krb5 request to cifs/my.realm handled?
On Sun, 2008-12-14 at 18:52 -0800, Richard Guthrie wrote:
> Andrew,
>
> Thanks for the question. I will create a case for this shortly and an engineer will get in touch with you to begin working this issue.
>
> Richard Guthrie
> Escalation Engineer
>
> ________________________________________
> From: Andrew Bartlett [abartlet at samba.org]
> Sent: Sunday, December 14, 2008 7:10 PM
> To: Interoperability Documentation Help
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: How is a krb5 request to cifs/my.realm handled?
>
> A number of our users are having trouble with group policy in Samba4,
> and it seems that their clients (WinXP, Vista) look for their group
> policy information in //my.realm/sysvol
>
> This name resolves in DNS, but we don't currently have a mapping for
> it in our KDC, because I don't know, if I were to create a mixed
> Microsoft/Samba4 domain what key this would resolve to.
>
> Given that it must be shared between all domain controllers, is this
> somehow mapped to krbtgt/my.realm? Is DNS/my.realm also handled this
> way?
>
> (In the meantime it would of course be trivial to add such a mapping,
> but I want to solve this properly)
Has there been any progress on this?
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
An embedded message was scrubbed...
From: Richard Guthrie <rguthrie at microsoft.com>
Subject: FW: capture of group policy attempt
Date: Tue, 30 Jun 2009 07:57:02 -0700
Size: 3741
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090714/e7020bcb/attachment.mht>
More information about the cifs-protocol
mailing list