"Henrik Nordström" <henrik@xxxxxxxxxxxxxxxxxxx> wrote in message
news:1270839045.2636.1.camel@xxxxxxxxxxxxxxxxxxxxxxxx
fre 2010-04-09 klockan 12:12 +0100 skrev Markus Moeller:
Regarding your second point about workgroups the answer is that
Kerberos
can work too (with popup). But to make it work your DHCP server has to
privode WINS servers (or it has to be hardcoded on the client). When a
client gets the Negotiate request the client will try to find out where
the
domain server is for that domain (using the username details e.g.
@DOMAIN)
via Netbios name resolution using the configured WINS servers. Once
they
are determined the client will send AS and TGS requests to the domain
server
and can then authenticate to the proxy.
Are you sure it relies on WINS in this case? DNS SRV records is the
normal mechanism for discovery of KDC servers..
I wasn't sure but I tested and that was my observation.
Regards
Henrik
