KRB_AP_ERR_MODIFIED in session setup to trusted domain ?

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon Oct 24 03:48:00 GMT 2005

On Mon, Oct 24, 2005 at 06:56:39AM +1000, Andrew Bartlett wrote:
> Traditionally, it should send us back 'unknown', and stop us dead, but
> this is one of the areas where Microsoft changed behaviour.

Drop us dead? I know I could read the RFC's myself, but how is cross-realm
operation supposed to work?

> Before I broke Heimdal, as a client we would do a DNS lookup, and in
> theory then find the full DNS name of the target, and therefore talk to
> the right KDC.  But I didn't want to rely on DNS (given the name was a
> netbios name), have timeouts or the like, so we ended up here.

Where should I look to fix that? (I need it to make winbind work, and winbind3
does it right .... :-))

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list