Kerberos authentication failed across forest
- From: eltonchew@xxxxxxxxx
- Date: 23 Mar 2006 05:58:13 -0800
Hi community,
I have 2 domains each belonging to their respective forest and a one
way trust, as depicted below:
apple.one.com <- orange.two.com (orange trust apple)
Users from orange signon to their workstation using smartcard installed
with certificate using UPN of user@xxxxxxx (instead of
user@xxxxxxxxxxxxx).
When we try to acheive Kerberos pass-through authentication to
resources in orange.two.com domain, say a Terminal Server, using
netmon, we discover that a Kerberos ticket cannot be retrieved because
the UPN passed to orange.two.com was user@xxxxxxx and it reported that
the client object cannot be found.
However, when a user signon to their workstation using user id /
password /domain, and try to acheive Kerberos pass-through
authentication to resources in orange.two.com domain, the ticket can
now be retrieved.
I wish to check with the community if there is anyway, by not changing
the UPN of user's smartcard, to workaround the problem of not being
able to retrieve a Kerberos ticket?
Many Thanks!
.
- Prev by Date: Re: Intermittent traffic issue
- Next by Date: Kerberos authentication failed across forest
- Previous by thread: Is Windows 2003 firewall safe?
- Next by thread: Kerberos authentication failed across forest
- Index(es):
