Is it possible to do delegation in a cross forest scenario with only a one way trust? I have 2 domains which are in different forests, and there is a one way trust from the resourcedomain to the userdomain. The SPN's are registered properly on the resourcedomain, but when trying to connect with a userdomain to a server in resourcedomain the protocol falls back to NTLM.
Asked
Active
Viewed 650 times
1 Answers
0
Which version of windows server you are using? If its Win2000 only NTLM/External is supported to do cross forest authentication. If its win2003 and if you have created Cross-forest trust then you should be able to use kerberos. Incase if its External trust it will only do NTLM.
kalyan
- 185
- 2
- 7
-
It's win2003 with External Trust. I've been trying with Protocol Transition, but it seems that it requires 2 way trust between forests. – Nov 16 '10 at 13:02