Windows AD and MIT KDC Cross-Realm Trust
Jeffrey Altman
jaltman2 at nyc.rr.com
Thu Jul 22 11:37:07 EDT 2004
>
> Hallo
>
> This is mainly a question for Mr. Douglas E.Engert but if anyone else
> can help please feel free to do so.
> We have a similar organisation as the "opposite" and I can't figure out
> how to accomplish the following:
> We will users in the AD 2003 domain authenticate to Windows and then get
> a cross real ticket for services in the MIT realm.
>
> We manage to achieve that User with a mapped Principal can login on a
> client in the AD with the MIT Realm Principal and Password. He gets a
> tgt for the MIT realm and one for the AD 2003 Domain. But if the same
> user login on a client in the AD with the Principal and Password from
> the AD Domain he only gets a tgt for the AD domain. If he tries to use a
> service in the MIT realm he gets a Error from the AD 2003 Domain
> Controller "KDC_S_Principal_unknown".
> The Problem is that the User don't get a cross real ticket from the MIT
> Realm if he log in a User at AD2003 Domain.
>
> It would be great if anyone can give me a hint what to do next.
>
> Thanks Schikora
It sounds like you only setup a one way trust between the MIT and AD
realms.
--
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
More information about the Kerberos
mailing list