NTLM V2 with Wingate user database (updated)
Jul 09 20 2:45 am
Hi, sorry to bug you, but I had posted this question over the past weekend and have not received any replies. Using NTLM configured as below and client sending domain WINGATE the log shows no Target Info block in the server challenge, which causes the client to abort the NTLM v2 handshake:
********** NTLM Start Server Challenge ************
NTLM Challenge (72 bytes) Hex: 4e 54 4c 4d 53 <SNIP>
[ 24] ChallengeData: 45 76 de 6d d4 8e a3 44
[ 40] Target Info: len: 0, offset: 0, value:
[ 48] Version: major 10, minor 0, build 18363, NTLM Revision 15
********** NTLM End Server Challenge ************
I've attached the NTLM handshake log.
Thanks for your help.
Previous post:
I’m running Wingate 9.4.1 (free license) on Windows 2012 R2 in an Active Directory domain. WWW Proxy auth is configured for NTLM Version 2 only (no second chance auth) using Wingate user database. The access rule re-authenticates all except authenticated users. For purposes of NTLM V2 handshake is the configured user associated with any Domain, e.g., Wingate or WINGATE?
********** NTLM Start Server Challenge ************
NTLM Challenge (72 bytes) Hex: 4e 54 4c 4d 53 <SNIP>
[ 24] ChallengeData: 45 76 de 6d d4 8e a3 44
[ 40] Target Info: len: 0, offset: 0, value:
[ 48] Version: major 10, minor 0, build 18363, NTLM Revision 15
********** NTLM End Server Challenge ************
I've attached the NTLM handshake log.
Thanks for your help.
Previous post:
I’m running Wingate 9.4.1 (free license) on Windows 2012 R2 in an Active Directory domain. WWW Proxy auth is configured for NTLM Version 2 only (no second chance auth) using Wingate user database. The access rule re-authenticates all except authenticated users. For purposes of NTLM V2 handshake is the configured user associated with any Domain, e.g., Wingate or WINGATE?
- Attachments
-
- NTLM v2 handshake
- Wingate NTLM v2 handshake.png (196.76 KiB) Viewed 2792 times
Re: NTLM V2 with Wingate user database (updated)
Jul 10 20 5:39 pm
With the WinGate user database, the accounts are managed and owned by WinGate.
If you want to use AD accounts, you would need to use the Active Directory user database.
BUT you can set up accounts in WinGate in the WinGate User Database, and if the username and password match the AD creds, then users will use integrated authentication due to the support for NTLM, so they shouldn't get password prompts in browsers etc.
Regards
Adrien de Croy
If you want to use AD accounts, you would need to use the Active Directory user database.
BUT you can set up accounts in WinGate in the WinGate User Database, and if the username and password match the AD creds, then users will use integrated authentication due to the support for NTLM, so they shouldn't get password prompts in browsers etc.
Regards
Adrien de Croy
Re: NTLM V2 with Wingate user database (updated)
Jul 11 20 7:53 am
Thanks for the clarification. I misunderstood that the Wingate user database entry by itself would be enough to authenticate the user with NTLM v2. Once I setup an AD user in that domain the auth worked perfectly.