[SOLVED] Are Domain Local Groups in the PAC?

Michael B Allen ioplex at gmail.com
Tue Nov 27 19:54:43 GMT 2007

On 11/27/07, Michael B Allen <ioplex at gmail.com> wrote:
> I think maybe AD is selectively leaving out Domain Local groups for
> HTTP service tickets. Maybe because authentication occurs with every
> single request they're tyring to speed things up.

Running IIS on the DC does provoke tickets with Domain Local groups.
At this point my guess is that the web server host must have a
Computer account that is joined to the domain to consider the DLGs in
scope for the service ticket. I was using a Computer account for a
Linux web server not joined to the domain.


Michael B Allen
PHP Active Directory SPNEGO SSO

More information about the samba-technical mailing list