Network trace sample of web access by a web proxy client using kerberos authentication


For people who love to see network trace and would like to see network traffic when a web proxy client accesses internet through ISA server and uses Kerberos authentication

here is the sample. I will add more comments in it  whenever time permits me to give more readibility. This is like a reference what would you expect in network traffic for comparisons or for understanding of behaviour

***********************************************************************************************************************************************************************************************

Web access by web proxy client : Kerberos Authentication (Notice how many packets(only two) exchanged between ISA and client for authentication to compare it with NTLM authentication (to get internet access through ISA) which i will discuss in my next post) : which makes it a  good case to think about how much traffic is reduced by using kerberos authentication

TCP hand shake

2              03:46:14.5395660              21829.1705660   iexplore.exe      192.168.0.10       192.168.0.1         TCP        TCP:Flags=……S., SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=992582363, Ack=0, Win=65535 (  ) = 65535       {TCP:2, IPv4:1}

3              03:46:14.5395660              21829.1705660   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:Flags=…A..S., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=0, Seq=283664136, Ack=992582364, Win=16384 ( Scale factor not supported ) = 16384        {TCP:2, IPv4:1}

4              03:46:14.5395660              21829.1705660   iexplore.exe      192.168.0.10       192.168.0.1         TCP        TCP: [Bad CheckSum]Flags=…A…., SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=992582364, Ack=283664137, Win=65535 (scale factor 0x0) = 65535      {TCP:2, IPv4:1}

The Get request after tcp handshake

5              03:46:14.5395660              21829.1705660   iexplore.exe      192.168.0.10       192.168.0.1         HTTP      HTTP:Request, GET http://www.bing.com/                 {HTTP:3, TCP:2, IPv4:1}

Acknolegement of Frame 5

6              03:46:14.6801910              21829.3111910   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=0, Seq=283664137, Ack=992583031, Win=64868 (scale factor 0x0) = 64868 {TCP:2, IPv4:1}

Proxy authentication required message from the ISA server with status code 407

7              03:46:26.7270660              21841.3580660   iexplore.exe      192.168.0.1         192.168.0.10       HTTP      HTTP:Response, HTTP/1.1, Status: Proxy authentication required, URL: http://www.bing.com/ Using Multiple Authetication Methods, see frame details     {HTTP:3, TCP:2, IPv4:1}

Details of frame 7 as below for deeper insight ( we will see ISA server sends authentication methods it supports in the “ProxyAuthenticate” header to client)

Note : this happens if we have a internet access rule on ISA/TMG that allows access only to authenticated users.

*************************************************************************************

  Frame: Number = 7, Captured Frame Length = 1514, MediaType = ETHERNET

+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-15-5D-58-87-02],SourceAddress:[00-15-5D-58-87-03]

+ Ipv4: Src = 192.168.0.1, Dest = 192.168.0.10, Next Protocol = TCP, Packet ID = 1124, Total IP Length = 1500

+ Tcp: Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283664137 – 283665597, Ack=992583031, Win=64868 (scale factor 0x0) = 64868

– Http: Response, HTTP/1.1, Status: Proxy authentication required, URL: http://www.bing.com/ Using Multiple Authetication Methods, see frame details

    ProtocolVersion: HTTP/1.1

    StatusCode: 407, Proxy authentication required

    Reason: Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )

    Via:  1.1 ISA-NEW

  – ProxyAuthenticate: Negotiate

   – Authenticate:  Negotiate

      WhiteSpace: 

      AuthenticateData: Negotiate

  – ProxyAuthenticate: Kerberos

   – Authenticate:  Kerberos

      WhiteSpace: 

      AuthenticateData: Kerberos

  – ProxyAuthenticate: NTLM

   – Authenticate:  NTLM

      WhiteSpace: 

      AuthenticateData: NTLM

    Connection:  Keep-Alive

    ProxyConnection:  Keep-Alive

    Pragma:  no-cache

    Cache-Control:  no-cache

  – ContentType:  text/html

     MediaType:  text/html

    ContentLength:  4111 

    HeaderEnd: CRLF

  – payload: HttpContentType =  text/html

     HtmlElement: <!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN”>

     HtmlElement:

<HTML>

     HtmlElement: <HEAD>

     HtmlElement: <TITLE>

     HtmlElement: Error Message</TITLE>

     HtmlElement:

<META http-equiv=Content-Type content=”text/html; charset=UTF-8″>

     HtmlElement:

<STYLE id=L_default_1>

     HtmlElement: A {

                FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #005a80; FONT-FAMILY: tahoma

}

A:hover {

                FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #0d3372; FONT-FAMILY: tahoma

}

TD {

                FONT-SIZE: 8pt; FONT-FAMILY: tahoma

}

TD.titleBorder {

                BORDER-RIG

 

*************************************************************************************

Continuation to Proxy authentication required frame # 7 and respective Acknowledgements.

8              03:46:26.7270660              21841.3580660   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #7]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283665597 – 283667057, Ack=992583031, Win=64868 (scale factor 0x0) = 64868     {TCP:2, IPv4:1}

9              03:46:26.7270660              21841.3580660   iexplore.exe      192.168.0.10       192.168.0.1         TCP        TCP: [Bad CheckSum]Flags=…A…., SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=992583031, Ack=283667057, Win=65535 (scale factor 0x0) = 65535      {TCP:2, IPv4:1}

10           03:46:26.7270660              21841.3580660   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #7]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283667057 – 283668517, Ack=992583031, Win=64868 (scale factor 0x0) = 64868     {TCP:2, IPv4:1}

11           03:46:26.7270660              21841.3580660   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #7]Flags=…AP…, SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=137, Seq=283668517 – 283668654, Ack=992583031, Win=64868 (scale factor 0x0) = 64868     {TCP:2, IPv4:1}

12           03:46:26.7270660              21841.3580660   iexplore.exe      192.168.0.10       192.168.0.1         TCP        TCP: [Bad CheckSum]Flags=…A…., SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=992583031, Ack=283668654, Win=65535 (scale factor 0x0) = 65535      {TCP:2, IPv4:1}

Authorization Response by the client.

13           03:46:26.7426910              21841.3736910   iexplore.exe      192.168.0.10       192.168.0.1         HTTP      HTTP:Request, GET http://www.bing.com/ , Using GSS-API Authorization   {HTTP:3, TCP:2, IPv4:1}

Details( client sends kerb  Ap Request  KRB_AP_REQ (14)  with kerberos token i.e.  – Ticket: Realm: CORPA.LOCAL, Sname: HTTP/isa-new.corpa.local

as shown below

*************************************************************************************

  Frame: Number = 13, Captured Frame Length = 2446, MediaType = ETHERNET

+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-15-5D-58-87-03],SourceAddress:[00-15-5D-58-87-02]

+ Ipv4: Src = 192.168.0.10, Dest = 192.168.0.1, Next Protocol = TCP, Packet ID = 15714, Total IP Length = 2432

+ Tcp:  [Bad CheckSum]Flags=…AP…, SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=2392, Seq=992583031 – 992585423, Ack=283668654, Win=65535 (scale factor 0x0) = 65535

– Http: Request, GET http://www.bing.com/ , Using GSS-API Authorization

    Command: GET

  + URI: http://www.bing.com/

    ProtocolVersion: HTTP/1.1

    Accept:  image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*

    Accept-Language:  en-us

    UserAgent:  Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

    Accept-Encoding:  gzip, deflate

    ProxyConnection:  Keep-Alive

  + Cookie:  MUID=B4E2B7A6025A4BCBB5AE84B1F4BC646D; SRCHD=MS=1367625&D=1055001&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20100102; _UR=OMW=1&OMF=1; SRCHUID=V=2&GUID=FF1CEFDA48FD47B495A1C2B71E5C5B3B

  – ProxyAuthorization: Negotiate

   – Authorization:  Negotiate YIIE8QYGKwYBBQUCoIIE5TCCBOGgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBLcEggSzYIIErwYJKoZIhvcSAQICAQBuggSeMIIEmqADAgEFoQMCAQ6iBwMFACAAAACjggO/YYIDuzCCA7egAwIBBaENGwtDT1JQQS5MT0NBTKImMCSgAwIBAqEdMBsbBEhUVFAbE2lzYS1uZXcuY29yc

      WhiteSpace: 

    – NegotiateAuthorization:

       Scheme: Negotiate

     GssAPI: 0x1

      – InitialContextToken:

       + ApplicationHeader:

       ThisMech: SpnegoToken (1.3.6.1.5.5.2)

        + MechType: SpnegoToken (1.3.6.1.5.5.2)

       – InnerContextToken: 0x1

        – SpnegoToken: 0x1

         + ChoiceTag:

         – NegTokenInit:

          + SequenceHeader:

          + Tag0:

          MechTypes: Prefer MsKerberosToken (1.2.840.48018.1.2.2)

           + SequenceHeader:

           + MechType: MsKerberosToken (1.2.840.48018.1.2.2)

           + MechType: KerberosToken (1.2.840.113554.1.2.2)

           + MechType: NLMP (1.3.6.1.4.1.311.2.2.10)

          + Tag2:

          + OctetStringHeader:

          – MechToken: 0x1

           – MsKerberosToken: 0x1

            – KerberosInitToken:

             + ApplicationHeader:

             ThisMech: KerberosToken (1.2.840.113554.1.2.2)

              + MechType: KerberosToken (1.2.840.113554.1.2.2)

             – InnerContextToken: 0x1

              – KerberosToken: 0x1

                 TokId: Krb5ApReq (0x100)

               – ApReq: KRB_AP_REQ (14)

                + ApplicationTag:

                + SequenceHeader:

                + Tag0:

                + PvNo: 5

                + Tag1:

                + MsgType: KRB_AP_REQ (14)

                + Tag2: 0x1

                + ApOptions:

                + Tag3:

                – Ticket: Realm: CORPA.LOCAL, Sname: HTTP/isa-new.corpa.local

                 + ApplicationTag:

                 + SequenceHeader:

                 + Tag0:

                 + TktVno: 5

                 + Tag1:

                 + Realm: CORPA.LOCAL

                 + Tag2: 0x1

                 Sname: HTTP/isa-new.corpa.local

                  + SequenceHeader:

                  + Tag0:

                  + NameType: NT-SRV-INST (2)

                  + Tag1:

                  + SequenceOfHeader:

                  + NameString: HTTP

                  + NameString: isa-new.corpa.local

                 + Tag3: 0x1

                 – EncPart:

                  + SequenceHeader:

                  + Tag0:

                  + EType: rc4-hmac (23)

                  + Tag1:

                  + KvNo: 5

                  + Tag2:

                  + Cipher: ð?LMÖ.5ð

 


 

 

R-%mg?ÖÛQT
¯Õ~?¸ÿs/S`¥Þh©1¾?ݯìøÖ±ÔÈgÏÒ?ì¼dÄ

 

 

 

¼)

                + Tag4:

                + Authenticator:

    Host:  www.bing.com

    HeaderEnd: CRLF

*************************************************************************************

Acknowledgement and then Status 200 OK in frame 29  which means that user has been authenticated and we got 200OK from server.

14           03:46:26.7426910              21841.3736910   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=0, Seq=283668654, Ack=992585423, Win=65535 (scale factor 0x0) = 65535 {TCP:2, IPv4:1}

29           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       HTTP      HTTP:Response, HTTP/1.1, Status: Ok, URL: http://www.bing.com/           {HTTP:3, TCP:2, IPv4:1}

***********************************************************************************

Data and corresponding acknowledgements

30           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #29]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283670114 – 283671574, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

31           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #29]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283671574 – 283673034, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

and after that data is downloaded/received by client as highlighted above and as shown below with payload of data sent by isa server after receiving from web server

32           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.10       192.168.0.1         TCP        TCP: [Bad CheckSum]Flags=…A…., SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=992585423, Ack=283673034, Win=65535 (scale factor 0x0) = 65535      {TCP:2, IPv4:1}

33           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #29]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283673034 – 283674494, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

34           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #29]Flags=…AP…, SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=813, Seq=283674494 – 283675307, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

35           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.10       192.168.0.1         TCP        TCP: [Bad CheckSum]Flags=…A…., SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=992585423, Ack=283675307, Win=65535 (scale factor 0x0) = 65535      {TCP:2, IPv4:1}

36           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       HTTP      HTTP:HTTP Payload, URL: http://www.bing.com/       {HTTP:3, TCP:2, IPv4:1}

37           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #36]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283676767 – 283678227, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

38           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #36]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283678227 – 283679687, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

39           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #36]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283679687 – 283681147, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

40           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #36]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283681147 – 283682607, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

41           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #36]Flags=…AP…, SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=660, Seq=283682607 – 283683267, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

42           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.10       192.168.0.1         TCP        TCP: [Bad CheckSum]Flags=…A…., SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=992585423, Ack=283683267, Win=64875 (scale factor 0x0) = 64875      {TCP:2, IPv4:1}

43           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       HTTP      HTTP:HTTP Payload, URL: http://www.bing.com/       {HTTP:3, TCP:2, IPv4:1}

44           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #43]Flags=…AP…, SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=688, Seq=283684727 – 283685415, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

45           03:46:53.2114410              21867.8424410   iexplore.exe      192.168.0.10       192.168.0.1         TCP        TCP: [Bad CheckSum]Flags=…A…., SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=992585423, Ack=283685415, Win=62727 (scale factor 0x0) = 62727      {TCP:2, IPv4:1}

46           03:46:53.2270660              21867.8580660   iexplore.exe      192.168.0.10       192.168.0.1         TCP        TCP:[Dup Ack #45] [Bad CheckSum]Flags=…A…., SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=992585423, Ack=283685415, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

47           03:46:53.2270660              21867.8580660   iexplore.exe      192.168.0.1         192.168.0.10       HTTP      HTTP:HTTP Payload, URL: http://www.bing.com/       {HTTP:3, TCP:2, IPv4:1}

48           03:46:53.2270660              21867.8580660   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #47]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283686875 – 283688335, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

49           03:46:53.2270660              21867.8580660   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #47]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283688335 – 283689795, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

50           03:46:53.2270660              21867.8580660   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #47]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283689795 – 283691255, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

51           03:46:53.2270660              21867.8580660   iexplore.exe      192.168.0.10       192.168.0.1         TCP        TCP: [Bad CheckSum]Flags=…A…., SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=992585423, Ack=283691255, Win=64075 (scale factor 0x0) = 64075      {TCP:2, IPv4:1}

52           03:46:53.2270660              21867.8580660   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #47]Flags=…AP…, SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=204, Seq=283691255 – 283691459, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

53           03:46:53.2270660              21867.8580660   iexplore.exe      192.168.0.10       192.168.0.1         TCP        TCP: [Bad CheckSum]Flags=…A…., SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=992585423, Ack=283691459, Win=65535 (scale factor 0x0) = 65535      {TCP:2, IPv4:1}

54           03:46:53.2270660              21867.8580660   iexplore.exe      192.168.0.1         192.168.0.10       HTTP      HTTP:HTTP Payload, URL: http://www.bing.com/       {HTTP:3, TCP:2, IPv4:1}

55           03:46:53.2270660              21867.8580660   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #54]Flags=…A…., SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=1460, Seq=283692919 – 283694379, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

56           03:46:53.2270660              21867.8580660   iexplore.exe      192.168.0.1         192.168.0.10       TCP        TCP:[Continuation to #54]Flags=…AP…, SrcPort=HTTP Alternate(8080), DstPort=1243, PayloadLen=408, Seq=283694379 – 283694787, Ack=992585423, Win=65535 (scale factor 0x0) = 65535     {TCP:2, IPv4:1}

57           03:46:53.2270660              21867.8580660   iexplore.exe      192.168.0.10       192.168.0.1         TCP        TCP: [Bad CheckSum]Flags=…A…., SrcPort=1243, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=992585423, Ack=283694787, Win=65535 (scale factor 0x0) = 65535      {TCP:2, IPv4:1}

*************************************************************************************

Completion of Data flow and then this data is used by iexplore.exe   n to render on the IE window( data reception and rendering goes simultaneously)


Comments (2)

  1. Harish (Harry) says:

    Good One Suraj!!!!!…Was really looking for a blog on Kerberos authentication

  2. susaa says:

    Could you please tell me what should I check if I see TGS request for domain only? E.g. cifs/domain.com … I am seeing this type of issue and then system will try for NTLM instead.

Skip to main content