[cifs-protocol] Please provide windows behaviour notes on MS-KILE's reference to Referrals-11 [REG:111020250601482]

[Tom Jebo]

Hi Andrew, 

Thanks for your question.  I've created case 111020250601482 and one of the Open Specifications team will contact you shortly.

Best regards,
Tom Jebo
Escalation Engineer
Microsoft Open Specifications Team

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Tuesday, February 01, 2011 7:26 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: Please provide windows behaviour notes on MS-KILE's reference to Referrals-11

I'm trying to understand Microsoft's behaviour around referrals to trusted domains, and referrals as generated between the NetBIOS and DNS names for a domain.

I think this is meant to be covered by
http://tools.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-11 referred to as Referrals-11 in MS-KILE.

However, what I really need is some detail on exactly how Microsoft implements it, as sadly I have little confidence that Windows 2003 follows exactly an RFC proposal last dated in 2008 :-)

Presumably these need to be addressed in Windows behaviour notes. 

In particular, I'm looking at the example archived here: 
http://permalink.gmane.org/gmane.network.samba.internals/53515

The issue in this case is that the user logs in with DOMAIN\user and Samba attempts to transform that into user at REALM, but the client does not appear to accept the cross-realm ticket (to ourselves) that we generate. 

Any assistance you can give would be most welcome. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.