On 23/9/2011 12:41 πμ, Markus Moeller wrote:
A bit. Yor Kerberos setup seems not ro work as the client tries to use NTLM instead
Thanks Markus, I used Wireshark. I opened IE and requested site www.example.com: HTTP GET http://www.example.com/ HTTP/1.1 and saw that the browser, after: HTTP HTTP/1.0 407 Proxy Authentication Required (text/html) sends a query to the DNS Server: Standard query SRV _kerberos._tcp.dc._msdcs.EXAMPLE.COM and the DNS Server replies: DNS Standard query response, No such name and then we have three tries with : NBNS Name query NB EXAMPLE.COM<1c> and finally it obviously switches to NTLM/Negotiate: HTTP GET http://www.example.com/ HTTP/1.1 , NTLMSSP_NEGOTIATE So, the glitch seems to be the DNS query stage. How we handle this?
Which points do you miss, so I can update the wiki ?
I plan to document my setup, and I will send you details, when things finally work!
Thanks, Nick
<<attachment: smime.p7s>>
