Hello dochelp, This is a followup question to: https://lists.samba.org/archive/cifs-protocol/2020-January/003368.html
Per my testing using updated Windows 2019, the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION trust attribute is not required when both domains are in the same forest, and even if not set Windows KDC still set ok-as-delegate flag. Could you please clarify in MS-KILE 3.3.5.7.5 how the KDC makes the decision not to require ENABLE_TGT attribute when in the same forest, and whether the NO_TGT attribute applies in that case or not. Thanks! _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
