Internet Explorer is using NTLM insted of Kerberos
Eitan
noyasoft at netvision.net.il
Thu Sep 15 19:49:16 EDT 2005
Hi,
Not sure if this is the correct place to post this question so I'm
sorry if it's not.
I've created in a test environment the following configuration:
- PC A: Running Windows 2003 as active directory domain controller.
- PC B: Windows XP Pro (that was added to the AD) logged on to the AD.
- PC C: Simply running a sniffer.
Now..
Having read this :
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/6291dce1-4ea8-4b4f-a9c1-23926ab6e8dd.mspx
I fixed what was stated in this article (added the AD server to the
correct zone on the XP client, and made sure that the Integrated logon
was checked)
After this setup I was ready to start the browser and post a request
for a simple "Hello world" page on the AD server (and yes , the URL was
constructed with the FQDN of the Ad and not it's IP)
When the TCP stream was decoded by the sniffer I found that the server
sent a single "Authorization" header to the client stating "Negotiate"
and the client sent an NTLM keys (decoded into "NTLMSSP" string)
no mater what I tried I keep getting those NTLM sessions and no
Kerberos.
Eitan.
More information about the Kerberos
mailing list