MS Client Referrals
Shawn Emery
shawn.emery at oracle.com
Thu May 9 03:11:56 EDT 2013
Folks,
I'm trying to configure server-side client referralsupport with no
success. I've configured two AD domains example.com and example1.com
with the following attributes:
example1.com:
OS: w2k8 R2
Two-way trust of example.com
Trust type: external
Transitivity: no
UPN suffix: example.com
Authentication: domain-wide
example.com:
OS: w2k3
Two-way trust of example1.com
Trust type: external
Transitivity: no
UPN suffix: example1.com
Authentication: domain-wide
RFC 6806 states that if the client can not be found in the global name
service then return principal unknown else return wrong realm if the
canonicalize KDC option is set. From network trace output I see that the
client is setting the canonicalize flag, but the principal unknown error
code is returned instead of wrong realm. Can someone please verify my
configuration above or provide input on how to diagnose this further?
Regards,
Shawn.
--
More information about the Kerberos
mailing list