The PAC must be the first ad-element
Andrew Bartlett
abartlet at samba.org
Fri Jan 31 13:25:29 EST 2020
On Fri, 2020-01-31 at 13:46 +0100, Isaac Boukris wrote:
> Hi,
>
> When I recently confirmed that windows hosts have no problem with
> other ad-elements along side the PAC, I was lazy to test change of
> order. Today I tested it and found that Windows servers are not happy
> when the PAC is not the first ad-if-relevant element.
Also, the original Samba PAC handling code was the same way, it very
much assumed that the PAC was the first AD-IF-RELEVANT element.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the krbdev
mailing list