I have an application that is required to send HTTP requests via a proxy supporting only NTLM authentication against the local domain controller. I am using a libcurl SSPI build to send requests which is working on Windows 7+ as Local System and Windows Server 2008 as a Domain user.
When I run the application as the Local System user on S2008 however, authentication with the proxy fails. Inspection of the NTLM handshake reveals that:
- The 'Negotiate Anonymous' flag is set by the S2008 client and
- No user details are being sent.
On Windows 7 + anonymous auth is not used, and the computer identity credentials are used instead. Some research indicates that use of computer credentials instead of anonymous NTLM authentication is a new feature in Windows 7+ (see technet) so, if this is the case, are there any ways I can enable anonymous auth on the domain controller or proxy to allow the anonymous authentication to succeed?
I am using a Squid 3.2.8 proxy with winbind and a Windows Server 2012 R2 domain controller.