Hi Kristian,
The lastest code changes in this area were released in the first servicing/security update for the mainstream version of Server 2025, so you'd need the first update.
Ok, thanks!
That said, I can't guarantee this update fixed the issue you were seeing without traces at the time of the error. This is my best guess with the network trace you provided and my own code research.
I re-run the tests and it all works now also for trusts.
As far as client-side fixes, if you're referring to this code change, it does not look like the client was modified. If you have any further questions, please let me know.
I'm just wondering why a Windows 2025 DC does not try ServerAuthenticateKerberos at all against trusted domains. I was just wondering why the server problem was detected and fixed when there's no software out in the wild triggering that code path. So I guessed that the client code in Windows has also changed. Can you find out why Windows doesn't even try it for trusted domains? Maybe there's a flag on the trustedDomain object to activate it? It would be good to know. Thanks! metze _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
