I have the following configuration: Windows domains DOMAINA and DOMAINB. A 2 way trust exists and I have an account in DOMAINA which is configured to be an admin in DOMAINB. This all works.
I have a linux box that uses kerberos to access DOMAINB using the account created in DOMAINA. This works perfectly fine if I configure /etc/krb5.conf to have:
DOMAINA.LOCAL = {
kdc = dc1.domaina.local
}
DOMAINB.LOCAL = {
kdc = dc1.domainb.local
}
But this needs both DOMAINA and DOMAINB DCs to be accessable to the linux box. In this situation, only the DC for DOMAINA is visible to the linux box. There are servers in DOMAINB that are visible to the linux box, but the DC for DOMAINB is NOT visible to the linux box.
The DCs from both domains can see each other
Can I configure kerberos on the linux box to only require access to the domain that has the account I want to use, and not to have to contact the DC in the domain where the account will be used?