[cifs-protocol] [EXTERNAL] ServerAuthenticateKerberos() not usable for - TrackingID#2501080040012093
Kristian Smith
Kristian.Smith at microsoft.com
Thu Feb 6 17:30:07 UTC 2025
Hi Metze,
In working with the developers of these Netlogon functions, it appears the use of ServerAuthenticate3() versus ServerAuthenticateKerberos() in trust creation is likely a bug in Server 2025. They are currently investigating and I'll let you know once this is confirmed.
It appears to me that, since MS-NRPC leaves the choice of which authentication function up to the implementer, there aren't any changes needed to the doc in this case. Please let me know if you disagree.
Regards,
Kristian Smith
Support Escalation Engineer | Microsoft® Corporation
Email: kristian.smith at microsoft.com
-----Original Message-----
From: Stefan Metzmacher <metze at samba.org>
Sent: Monday, January 27, 2025 10:49 AM
To: Kristian Smith <Kristian.Smith at microsoft.com>
Cc: cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
Subject: Re: [EXTERNAL] ServerAuthenticateKerberos() not usable for - TrackingID#2501080040012093
Hi Kristian,
> Just a quick update on the question about ServerAuthenticateKerberos() between trusted domains. I was able to create a Server 2025 to Server 2025 2-way forest trust and confirmed that it's authenticating with NetrServerAuthenticate3() rather than ServerAuthenticateKerberos(). I'm still, however, discussing this with the PG and I'll continue to send periodic updates until I have a concrete answer as to what doc changes need to be made.
Thanks!
metze
More information about the cifs-protocol
mailing list