Fix TGS req realm from user realm to server realm #46
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When trying to perform authentication I had the following error:
I was trying to perform crossrealm authentication from a user named
TREE2.LAB\johnny
to the serviceldap/dc1.outsider.lab
. There was an inter forest trust between TREE2.LAB to BLOODY.CORP and a forest trust from BLOODY.CORP to OUTSIDER.LAB.TREE2.LAB\johnny
was able to query a referral ticketkrbtgt/[email protected]
todctree1.tree2.lab
but then the error happened when trying to request a referral ticket for OUTSIDER.LAB to main.bloody.corp because it was requestingkrbtgt/[email protected]
instead ofkrbtgt/[email protected]
.Indeed you can see in get_TGS that the TGS Req realm is set to the user domain (so TREE2.LAB in our case as we are using
TREE2.LAB\johnny
) instead of the server one BLOODY.CORP.To remediate this I took the domain REALM from the server from the TGT retrieved before.