> On the trust problem, by default, Windows clients rely on the > Active Directory to do the host-to-realm mappings. Do you have > a top-level-name forward configured on the two-way external > trust in AD? These are done automatically for Windows forest > trusts, but not always for external trusts. > > (Trust needs to be forest transitive) > Netdom trust AD.EXAMPLE2.COM /domain:EXAMPLE1.COM > /AddTLN:EXAMPLE1.COM
You can only do this operation with the top-level forest root and based on reading, we didn't think it would do anything. We went ahead and defined a two-way external trust for AD-ROOT.EXAMPLE2.COM <-> EXAMPLE1.COM and added this trust type and it didn't have any affect. Is there any additional documentation you're aware of that has configuration directives that my force a trust at non-forest-level domains? - Jason
smime.p7s
Description: S/MIME cryptographic signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos