The easiest way is to look at the traffic in wireshark.
Markus
"Carlos Defoe" wrote in message
news:CAHsHsyvkKcZCf+6f1MQQRMmhGODxyn_BoeeqcVva3YH4ywLb7w@xxxxxxxxxxxxxx...
My goal was only to know which computer and/or user is failing to use
each method of authentication. The network is too big, and among those
thousands of messages I need to know first from where those failed are
coming. Probably the user is being prompted with the auth window, but
as he thinks it is normal, he don't claim our support to fix it. I
wanna know so I can send support to fix or replace the computer.
On Thu, Oct 31, 2013 at 2:14 PM, Carlos Defoe <carlosdefoe@xxxxxxxxx> wrote:
Hi Amos,
Seems that it don't work for kerberos tokens:
NTLM Signature:`� � +
NTLM Message Type:2551
BITMAP111111111111000000000000000000000000000000
Unknown @12:0x 160
...
For a NTLM token it shows the flags.
On Thu, Oct 31, 2013 at 2:41 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx>
wrote:
On 31/10/2013 6:02 a.m., Carlos Defoe wrote:
Hi,
It is possible to decode those "negotiate_kerberos_auth" debug
messages? I tried "base64 -d", but it shows a lot of garbage and
almost nothing readable.
It is a binary NTLMSSPI packet. I have put a simple decoder together for
debugging purposes:
http://treenet.co.nz/projects/squid/ntlm_token.php
Amos