msdfs and AD troubles
Jim McDonough
jmcd at samba.org
Fri Apr 13 17:49:27 GMT 2007
Jerry, here are two captures of what I mentioned earlier. Basically, when
kerberos authentication happens (I've connected to a server using its own
netbios name, the one that was used during join), the q_path_info (frame 73)
does not have the dfs bit on in flags2. When we fall back to ntlm (I
connect to the same server using a netbios alias which does not have an spn
in AD, so the TGS_REQ fails, not because the user's prinicpal is wrong, but
because the server's principal is unknown), the q_path_info (frame 71) has
the dfs bit on. My DC is 2k3, client is 2k pro.
What I'm wondering is do we have to have some other missing piece in for
AD.
--
-------------------
Jim McDonough
Samba Team
jmcd at samba dot org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dfs-krb.cap
Type: application/octet-stream
Size: 17894 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070413/62820620/dfs-krb.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dfs-ntlm.cap
Type: application/octet-stream
Size: 23047 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070413/62820620/dfs-ntlm.obj
More information about the samba-technical
mailing list