[cifs-protocol] Please provide windows behaviour notes on MS-KILE's reference to Referrals-11 [REG:111020250601482]
tomjebo at microsoft.com
Wed Feb 2 07:09:32 MST 2011
Thanks for your question. I've created case 111020250601482 and one of the Open Specifications team will contact you shortly.
Microsoft Open Specifications Team
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, February 01, 2011 7:26 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: Please provide windows behaviour notes on MS-KILE's reference to Referrals-11
I'm trying to understand Microsoft's behaviour around referrals to trusted domains, and referrals as generated between the NetBIOS and DNS names for a domain.
I think this is meant to be covered by
http://tools.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-11 referred to as Referrals-11 in MS-KILE.
However, what I really need is some detail on exactly how Microsoft implements it, as sadly I have little confidence that Windows 2003 follows exactly an RFC proposal last dated in 2008 :-)
Presumably these need to be addressed in Windows behaviour notes.
In particular, I'm looking at the example archived here:
The issue in this case is that the user logs in with DOMAIN\user and Samba attempts to transform that into user at REALM, but the client does not appear to accept the cross-realm ticket (to ourselves) that we generate.
Any assistance you can give would be most welcome.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
More information about the cifs-protocol