[cifs-protocol] RE: How is a krb5 request to cifs/my.realm handled?

Richard Guthrie rguthrie at microsoft.com
Tue Jun 30 20:44:12 GMT 2009


Attached is the last email that I have regarding this subject.  A new case, SRX090630600140, has been created for this issue to continue working.  I believe this knowledge base article, http://support.microsoft.com/kb/842162, discusses some relevant details about the implementation of sysvol in its discussion of how to relocate the actual folder mapping.  

It sounds like though, that you might still be having an issue on the KDC side of the house.  This link on technet http://technet.microsoft.com/en-us/library/cc782417(WS.10).aspx (Section: How DFS Is Used During the Logon Process), I believe has the information you are looking for, and goes into great depth on how the client downloads policies from the domain using DFS which is the means to retrieve group policy.  

Please let us know if you have further questions regarding this issue.

Richard Guthrie
Support Escalation Engineer 
Open Protocols Support Team
Tel: +1 (469) 775-7794
E-mail: rguthrie at microsoft.com 

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Tuesday, June 30, 2009 5:08 AM
To: Richard Guthrie
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: Re: [cifs-protocol] RE: How is a krb5 request to cifs/my.realm handled?

On Sun, 2008-12-14 at 18:52 -0800, Richard Guthrie wrote:
> Andrew,
> Thanks for the question. I will create a case for this shortly and an engineer will get in touch with you to begin working this issue.
> Richard Guthrie
> Escalation Engineer
> ________________________________________
> From: Andrew Bartlett [abartlet at samba.org]
> Sent: Sunday, December 14, 2008 7:10 PM
> To: Interoperability Documentation Help
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: How is a krb5 request to cifs/my.realm handled?
> A number of our users are having trouble with group policy in Samba4, 
> and it seems that their clients (WinXP, Vista) look for their group 
> policy information in //my.realm/sysvol
> This name resolves in DNS, but we don't currently have a mapping for 
> it in our KDC, because I don't know, if I were to create a mixed
> Microsoft/Samba4 domain what key this would resolve to.
> Given that it must be shared between all domain controllers, is this 
> somehow mapped to krbtgt/my.realm?  Is DNS/my.realm also handled this 
> way?
> (In the meantime it would of course be trivial to add such a mapping, 
> but I want to solve this properly)

Has there been any progress on this?

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

More information about the cifs-protocol mailing list