|
Posted by eltonchew on March 23, 2006, 8:58 am
Please log in for more thread options
Hi community,
I have 2 domains each belonging to their respective forest and a one
way trust, as depicted below:
apple.one.com <- orange.two.com (orange trust apple)
Users from orange signon to their workstation using smartcard installed
with certificate using UPN of user@one.com (instead of
user@apple.one.com).
When we try to acheive Kerberos pass-through authentication to
resources in orange.two.com domain, say a Terminal Server, using
netmon, we discover that a Kerberos ticket cannot be retrieved because
the UPN passed to orange.two.com was user@one.com and it reported that
the client object cannot be found.
However, when a user signon to their workstation using user id /
password /domain, and try to acheive Kerberos pass-through
authentication to resources in orange.two.com domain, the ticket can
now be retrieved.
I wish to check with the community if there is anyway, by not changing
the UPN of user's smartcard, to workaround the problem of not being
able to retrieve a Kerberos ticket?
Many Thanks!
| 
XML Sitemap