[Samba] AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"

Nathaniel W. Turner nathanielwyliet at gmail.com
Tue Oct 29 17:50:03 UTC 2019

Thanks for the suggestions. What you propose makes sense for getting shares
exported in a way that works for typical use cases. As far as I can tell,
other than the "kerberos method" setting, none of these should impact how a
user is authenticated, just what they can do once they are.

Is there anyone on this list who is familiar with cross-forest operation,
and knows why authentication works when NTLMSSP is chosen, but not
otherwise (i.e. when Kerberos is used)?

More information about the samba mailing list