On 23/9/2011 12:41 πμ, Markus Moeller wrote:
>
> A bit. Yor Kerberos setup seems not ro work as the client tries to use
> NTLM instead
>
Thanks Markus,
I used Wireshark. I opened IE and requested site www.example.com:
HTTP GET http://www.example.com/ HTTP/1.1
and saw that the browser, after:
HTTP HTTP/1.0 407 Proxy Authentication Required (text/html)
sends a query to the DNS Server:
Standard query SRV _kerberos._tcp.dc._msdcs.EXAMPLE.COM
and the DNS Server replies:
DNS Standard query response, No such name
and then we have three tries with :
NBNS Name query NB EXAMPLE.COM<1c>
and finally it obviously switches to NTLM/Negotiate:
HTTP GET http://www.example.com/ HTTP/1.1 , NTLMSSP_NEGOTIATE
So, the glitch seems to be the DNS query stage. How we handle this?
> Which points do you miss, so I can update the wiki ?
I plan to document my setup, and I will send you details, when things
finally work!
Thanks,
Nick
This archive was generated by hypermail 2.2.0 : Fri Sep 23 2011 - 12:00:02 MDT