Authentication through transitive trusts

Richard Sharpe rsharpe at
Sat Jul 19 03:16:43 GMT 2003

On Fri, 18 Jul 2003, Ken Cross wrote:

> Andrew et al:
> Keep in mind that the origin of this issue was the fact that transitive
> trusts weren't being followed.
> I speculated that it was because Kerberos authentication wasn't being
> performed.  I don't know that for a fact, but it seams reasonable.  

You are absolutely correct here. Samba responds in a way that forces the 
client to go straight to NTLMSSP rather than using the offered KRB5.
> If that is the cause, then wouldn't "fixing up the kerberos case" be the
> only solution?

Correct. However, we have to figure out what we are doing wrong in the 
NegProt response that causes the client to ignore the offered KRB5.

Richard Sharpe, rsharpe[at], rsharpe[at], 

More information about the samba-technical mailing list