How to find out if Active Directory is using Kerberos or NTLM
active-directorykerberosntlm
Is there a command line program you can use?
Best Answer
I think question should be twisted on its head. Active Directory supports both Kerberos and NTLM. Windows will first try Kerberos and if all requirements are not met it will fallback to NTLM.
I will give you example, accessing file share by name like \server1\share would invoke Kerberos and should succeed given proper permision. But accessing same file share using IP address would invoke Kerberos first and fail (as there is no SPN for IP Address) and then fail over to NTLM.
So determine how your program is trying to authenticate against AD and should tell you which protocol is being used.
I would be curious to know, what prompted to ask you this question.
Best Answer
I think question should be twisted on its head. Active Directory supports both Kerberos and NTLM. Windows will first try Kerberos and if all requirements are not met it will fallback to NTLM.
I will give you example, accessing file share by name like \server1\share would invoke Kerberos and should succeed given proper permision. But accessing same file share using IP address would invoke Kerberos first and fail (as there is no SPN for IP Address) and then fail over to NTLM.
So determine how your program is trying to authenticate against AD and should tell you which protocol is being used.
I would be curious to know, what prompted to ask you this question.