Share via

Kerberos Authenication Across Domain Trusts

Anonymous
2024-01-17T05:44:42+00:00

Is there a document that explains how to make this work?

I have setup domain trusts from DOMAIN A to DOMAIN B as Forest Type / Transitive.

When I try to connect to a file share on DOMAIN B from a PC on DOMAIN A it wants to use NTLM.

When NTLM is blocked via GPO it just fails to access the share.

It does work from a PC on DOMAIN B to Share on DOMAIN B and PC on DOMAIN A to Share on DOMAIN A

Windows for business | Windows Server | Directory services | Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-01-18T02:40:06+00:00

    Hi Peter,

    Yes, there is Microsoft documentation that explains how to configure Kerberos authentication across domain trusts. You can refer to the following articles for more information:

    https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-over-forest-trust-topologies https://learn.microsoft.com/en-au/troubleshoot/windows-server/windows-security/kerberos-authentication-troubleshooting-guidance https://learn.microsoft.com/windows-server/security/kerberos/kerberos-authentication-overview

    The article provides step-by-step instructions on how to configure Kerberos authentication across domain trusts, including troubleshooting tips for common issues. It is important to note that both domains must be configured to use Kerberos authentication and have the necessary trust relationships to work properly.

    Best regards

    Qiuyang

    0 comments
  2. Anonymous
    2024-01-22T05:27:56+00:00

    1st link does not work

    other's are of no real use

    4 people found this answer helpful.
    0 comments
  3. Anonymous
    2024-01-22T07:01:26+00:00

    Hi Peter,

    I apologize for the wrong link. Here is the correct link to the documentation on Kerberos authentication across domain trusts:

    https://docs.informatica.com/zh_cn/data-quality-and-governance/data-quality/10-5/_security-guide_data-quality_10-5_ditamap/GUID-1239AF64-F67F-489A-B36F-681CBEA3F6B2/GUID-10F49A8B-1AB7-4DA0-A1DF-F21C9BF2D191.html

    https://docs.aws.amazon.com/zh_cn/emr/latest/ManagementGuide/emr-kerberos-cross-realm.html

    They provide details on how to configure Kerberos authentication across domain trusts, including troubleshooting tips for common issues.

    Best regards

    Qiuyang

    0 comments
  4. Anonymous
    2024-10-16T23:59:01+00:00

    These documents are about creating trusts between a non-Windows Kerberos realm for AWS EMR or Informatica (whatever that is) and NOT about accessing SMB shares across a transitive Windows trust using Kerberos auth only.

    I get really tired of people that purport to work for MSFT giving "answers" that do not address the question at all.

    Also, while I'm not concerned about what language people use in general, if a question is asked and responded to in one language (English in this instance), it's only polite to provide links to info in the same language (unless there is literally no alternative). Both sites both provided an EN version, but unless you know what to look for, switching language is not immediately obvious.

    2 people found this answer helpful.
    0 comments