My goal was only to know which computer and/or user is failing to use each method of authentication. The network is too big, and among those thousands of messages I need to know first from where those failed are coming. Probably the user is being prompted with the auth window, but as he thinks it is normal, he don't claim our support to fix it. I wanna know so I can send support to fix or replace the computer.
On Thu, Oct 31, 2013 at 2:14 PM, Carlos Defoe <carlosde...@gmail.com> wrote: > Hi Amos, > > Seems that it don't work for kerberos tokens: > > NTLM Signature:`� � + > NTLM Message Type:2551 > BITMAP111111111111000000000000000000000000000000 > Unknown @12:0x 160 > ... > > For a NTLM token it shows the flags. > > On Thu, Oct 31, 2013 at 2:41 AM, Amos Jeffries <squ...@treenet.co.nz> wrote: >> On 31/10/2013 6:02 a.m., Carlos Defoe wrote: >>> >>> Hi, >>> >>> It is possible to decode those "negotiate_kerberos_auth" debug >>> messages? I tried "base64 -d", but it shows a lot of garbage and >>> almost nothing readable. >> >> >> It is a binary NTLMSSPI packet. I have put a simple decoder together for >> debugging purposes: >> http://treenet.co.nz/projects/squid/ntlm_token.php >> >> Amos
