incorrect server principal in TGS-REQ

Love Hörnquist Åstrand lha at
Thu Nov 23 16:00:12 GMT 2006

>> Windows seems have this habit of sending the first tgs-req to the
>> local realm
>> and trust referrals to redirect the client to the right place.
> Not sure about Heimdal Kerberos, but MIT Kerberos ignores the  
> Windows ticket referrals.  Double check krb5.conf to make sure it  
> is configured properly.  If you have an AD forest with multiple  
> roots, you will need to manually construct a [capaths] section to  
> let the library know how to follow the path of trust.

I don't think the referral matter in the case because its ever sent.  
Heimdal KDC will both issue
and the client will follow referrals.


More information about the samba-technical mailing list