Cross Realm Trust with stand alone Windows Workstation

Thomas Lubanski tlubanski at novell.com
Tue Apr 25 10:36:03 EDT 2006


Hi,

I've run into a problem with the cross realm trust and Windows Workstations.
The setup is as follows:
Windows Workstation stand-alone with XP. The department owning the workstation is doing their own adminsitration. The
central department is running AD.
The Workstation should not be imported into AD, as the owning department doesn't want that.
The standalone Workstation shall login to a Kerberos KDC. Works like a charm. 
Cross Realm trusts between the Kerberos KDC and AD were established. If I use a WS in the AD domain, I can logon to the
KDC and get the tickets for AD, so I can access everytrhing there.
If the standalone Workstation is trying to access a resource in the domain, it is not asking for the domain ticket,
however. It is asking for a specific service ticket for the server hosting the service. For example, if I want to map a
drive, the workstation is asking the KDC for a ticket for cifs/server.
Now I know this is really working as designed, as the Windows workstation has no clue about a domain or cross realm
trusts. 
So my question is: Is it possible to make this work *without* putting the Windows Workstation into the AD domain?

Thanks
Thomas


Thomas Lubanski     "The best laid LANs
Senior Architect         often go foul."
Novell Consulting 
Tel: +49-211-5631-3758
email: tlubanski at novell.com
Noerdlicher Zubringer 9 -11
40470 Duesseldorf
Novell, Software for the Open Enterprise



More information about the Kerberos mailing list