[Samba] AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
Nathaniel W. Turner
nathanielwyliet at gmail.com
Tue Oct 29 17:50:03 UTC 2019
Thanks for the suggestions. What you propose makes sense for getting shares
exported in a way that works for typical use cases. As far as I can tell,
other than the "kerberos method" setting, none of these should impact how a
user is authenticated, just what they can do once they are.
Is there anyone on this list who is familiar with cross-forest operation,
and knows why authentication works when NTLMSSP is chosen, but not
otherwise (i.e. when Kerberos is used)?
More information about the samba