Authentication through transitive trusts
Richard Sharpe
rsharpe at richardsharpe.com
Sat Jul 19 03:16:43 GMT 2003
On Fri, 18 Jul 2003, Ken Cross wrote:
> Andrew et al:
>
> Keep in mind that the origin of this issue was the fact that transitive
> trusts weren't being followed.
>
> I speculated that it was because Kerberos authentication wasn't being
> performed. I don't know that for a fact, but it seams reasonable.
You are absolutely correct here. Samba responds in a way that forces the
client to go straight to NTLMSSP rather than using the offered KRB5.
> If that is the cause, then wouldn't "fixing up the kerberos case" be the
> only solution?
Correct. However, we have to figure out what we are doing wrong in the
NegProt response that causes the client to ignore the offered KRB5.
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
More information about the samba-technical
mailing list