[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Windows 2003 SP1, cross-domain trust
I'm trying to set up a cross-domain trust from a W2K3 SP1 AD domain
controller to a heimdal 0.7.2 KDC ("pass-thru authentication").
I can authenticate stand-alone workstations fine. kerbtray shows all of
the proper tickets showing up.
After setting up the trust on the DC, I get KDC_ERR_ETYPE_NOTSUPP on the
DC when I try to authenticate with credentials from the heimdal realm.
I am in the same position as this thread (same configuration elements, try
to do the same thing), which did not seem to ever get resolved:
I've read plenty of reports of people claiming to have working Win 2000
cross-realm trust relationships (generally with MIT), but haven't found
any that claim success with W2K3.
Can anybody confirm that they have a W2K3 SP1 domain controller that has
an outgoing trust to a heimdal KDC, and that pass-thru authentication
If you do have a working trust, did you have to do anything not mentioned
in the documentation on the windows side? Are you using rc4 or des
keytypes? What do your principles look like in the KDC?