SSPI always picks up NTLM

Question

SSPI always picks up NTLM

I have a windows7 connected to a windows2008-r2 domain.

Each time I try a SSPI "Negociate" (C++), I fall back to NTLM.

I do not understand why... DNS on DC are ok.

Something to do I don't ??

If I run a klist I can see all the right, everything seems to be ok (I guess)

Update

Ok now I'm just beginning to understand (at least).

I used to give the SPN "" to InitializeSecurityContext which, in that case falls back directly to NTLM.

Now i tried, always on my client, this:

    wchar_t szSPN[256]={0};
    ULONG cchSPN = sizeof szSPN / sizeof *szSPN;
    GetUserNameEx(NameDnsDomain, szSPN, &cchSPN);
    ...
    InitializeSecurityContext( hCred, NULL, szPSN, ...)

which gives me back error 0x8009030c

Other weird stuff : If I set szSPN with "Administrator", now it works with kerberos !!! But If I set szSPN with JOE, it fails... (Assuming I created on DC, a new user JOE).

Wawww, I don't understand what's going on... !?

windows

active-directory

kerberos

ntlm

sspi

asked on Stack Overflow Oct 9, 2014 by

Stef • edited Oct 9, 2014 by

Stef

1 Answer

What is the resource you are trying to access? It must be a server/service that is properly configured for Kerberos.

answered on Stack Overflow Oct 9, 2014 by

markgamache

User contributions licensed under CC BY-SA 3.0