Puakma: Under the hood

I'm Brendon Upson, jack-of-all-trades, master of one or two. I'm talking about life running a small ISV tackling business issues and leaping technology hurdles in a single bound.

webWise Network Consultants is based in Sydney, Australia and develops the groundbreaking Tornado Server technology.

Web Booster and Kerberos/NTLM: It's done!

Filed under: by Brendon Upson on 2006-02-16

Hot off the press the code is finished now. Exciting! We have spent this morning adding an online debugging method so you can see how Booster is configured. This is very useful, especially for debugging Windows SMB issues. Here's some sample output:

--------------- snip
Client authentication method is "WWW-Authenticate: Negotiate" (browsers will select Kerberos OR NTLM)
WARNING: Client credentials will NOT be verified against a Domain Controller
Users will be located in LDAP using their full name and domain (eg "NTDOMjsmith" or "jsmith@YOUR.COM")

Domain controllers for domain: WNC
192.168.0.153
NetBIOS name resolution took: 2ms

Load Balancing is ON. NTLM authentication will be performed against the DCs listed above.

--------------- snip
From this you can see what domain controllers are available for "WNC", whether there are any timeout issues to find the list of DCs, whether clients will will use Kerberos or NTLM etc.

I gotta say, this came out much better than I was hoping :-) IT ROCKS! I was unsure if we'd be able to do NTLM and Kerberos simultaneously and how convoluted the configuration would then become. The good news is all the existing NTLM setup parameters are supported, and we add about 4 more for enabling Kerberos. Now to update the documentation and send it out to the customers. And sleep.