Reputation: 632
Is there a way to verify that Kerberos is used?
I am using System.DirectoryServices namespace for communicating with an ADAM instance. Part of the network within our organization Kerberos, while another defaults to NTLM. We also have conflicting domains (aliased the same ABC), that have different fully resolved names, of course. Kerberos requires usage of fully resolved names, as far as I understand. My ADAM instances (multiple, replicated) are pointed to by WideIP, which resolves to different IPs for different regions. One of those WideIPs is serving "me" an alias instead of FQDN, which makes my ADAM go to the wrong domain. The questions are: - is there a way to verify that kerberos is used in communication with that ADAM? and - is there a way to force kerberos (which could be used to error out early) Thank you for looking at it.
Upvotes: 1
Views: 270
Answers (1)
Reputation: 632
A colleague of mine showed me a couple of good tools that did the job:
WireShark makes tracing communications protocols a snap. Great tool. It traces net packets. You will see exactly where Kerberos digresses to NTLM.
KerbTray is somewhat useful too.
Hope it will help someone.
Upvotes: 1
Related Questions
- Determine / discover Kerberos realm, KDC host and KDC port on Windows 7
- How do I check (in shell) whether I have a valid Kerberos ticket for a specific service?
- How to test if a kinit is needed?
- MacOS Sierra & Kerberos
- python: validate kerberos ticket
- How to verify kerberos token?
- How can I tell what type of authentication a server is using?
- Checking if Kerberos tickets exist in cache
- Verifying if the delegated kerberos credential is proper
- Testing that a website is using Kerberos authentication