Our setup is as follows:
====
2 Windows 2003 functional-level forests, FOO.COM and BAR.COM, that mutually (two-way) trust each other.
FOO.COM <-- forest trust --> BAR.COM
Furthermore, there's a domain A.FOO.COM that belongs to the FOO.COM forest. There's another domain B.BAR.COM belonging to the BAR.COM forest. There's a one-way outgoing external trust from A.FOO.COM to B.BAR.COM.
A.FOO.COM -- external trust --> B.BAR.COM
====
The behavior we're seeing is when a user from B.BAR.COM attempts to access a website on A.FOO.COM, the user gets a basic auth challenge for their id/password. The user would enter the credentials they have from B.BAR.COM and they would get successfully authenticated. This seems to indicate the proper trust relationships are in place.
What we're trying to understand is why SPNEGO/Kerberos is not taking place. Can MAV (or rather VAS) handle AD referrals? Do we need to raise the trust level between our domains?
Any thoughts appreciated. Thanks.
P.S. The underlying VAS version we're using is: 3.3.1.101
====
2 Windows 2003 functional-level forests, FOO.COM and BAR.COM, that mutually (two-way) trust each other.
FOO.COM <-- forest trust --> BAR.COM
Furthermore, there's a domain A.FOO.COM that belongs to the FOO.COM forest. There's another domain B.BAR.COM belonging to the BAR.COM forest. There's a one-way outgoing external trust from A.FOO.COM to B.BAR.COM.
A.FOO.COM -- external trust --> B.BAR.COM
====
The behavior we're seeing is when a user from B.BAR.COM attempts to access a website on A.FOO.COM, the user gets a basic auth challenge for their id/password. The user would enter the credentials they have from B.BAR.COM and they would get successfully authenticated. This seems to indicate the proper trust relationships are in place.
What we're trying to understand is why SPNEGO/Kerberos is not taking place. Can MAV (or rather VAS) handle AD referrals? Do we need to raise the trust level between our domains?
Any thoughts appreciated. Thanks.
P.S. The underlying VAS version we're using is: 3.3.1.101