Hi, I would like to ask that how active directory domain referral works.
Concept "referral" comes from kerberos, refer to https://datatracker.ietf.org/doc/html/draft-ietf-krb-wg-kerberos-referrals-12#section-8
I built up a cross-realm trusts between Windows AD and MIT Kdc5.
In MIT Kdc, the way referral works is storing domain_realm mapping at KDC's krb5.conf. Refer to https://web.mit.edu/kerberos/krb5-1.12/doc/admin/realm_config.html
When client query a server in another domain, KDC will tell client which domain that server is in, if that server host name match domain_realm mapping at KDC's krb5.conf.
However, I don't know how that works at windows AD.
1> How referral works at Windows AD
2> How I can set domain realm mapping at windows AD.
Thanks for your help.