> This may be the real problem. If there was a way to update the GC to go > to the default realm. Hey its LDAP. I asked around, and it looks like it > could be possible but no one knows how to do it.
assuming you're talking about the default realm being a non-Windows-AD; and if the client requests a ticket for a fully-qualified hostname in- stance (seems to depend on whether they manage to resolve the host by DNS or NetBIOS first); and if you're talking Windows 2003 AD servers and you do that netdom.exe /foresttransitive trust establishment stuff with the default realm; and everything is in the right phase; then you can netdom.exe /addtln:uk (as long as that doesn't conflict with anything more specific already added to the namesuffixes list[s]) along with all the other TLDs you care about, to that default-realm trustedDomain object. (yeah, i can't seem to wildcard the root, in my experimenting) see the tail end of http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/539c5381-db4f-445f-aac0-2df5448181c1.mspx for this particular netdom [ab]usage and, yes, i realize it's tedious and error-prone and maybe not at all the tree you're barking up ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos