Re: Website monitoring : user format for domain us...

Esky73 · ‎07-02-2025

what is the correct format for domain users please?

if i curl from a HF i get get the desired 200 response using :

curl -v http://mywebsite.com --ntlm -u username@mydomain.ad.ltd.com.au

If i use this format in the TA i see the error message in the logs asking for format in domain\\username

I have tried several connotations of mydomain\\username but have not been successful

what should be the format for this domain?

Or is the issue with --ntlm ? as if we use the --negotiate flag or remove --ntlm we get 401 ?

cheers

Esky73 · ‎07-02-2025

Retried with curl and the domain\\username format and got curl to work - but the repsponse is initially a 401 and then retries and is successful - the request goes through a load balancer 1st enroute to the webserver.

> curl http://mywebsite/healthcheck.aspx -v --ntlm -u DOMAIN\\username
Enter host password for user 'DOMAIN\username':
* Trying 1.1.1.1 ...
* TCP_NODELAY set
* Connected to myhost (1.1.1.1) port 80 (#0)
* Server auth using NTLM with user 'DOMAIN\username'
> GET /healthcheck.aspx HTTP/1.1
> Host: myhost
> Authorization: NTLM XXX
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< WWW-Authenticate: NTLM XXX
< Date: Thu, 03 Jul 2025 01:07:05 GMT
< Content-Length: 341
<
* Ignoring the response-body
* Connection #0 to host myhost left intact
* Issue another request to this URL: 'http://myhost/healthcheck.aspx'
* Found bundle for host myhost: 0x55a8787a6a60 [can pipeline]
* Re-using existing connection! (#0) with host myhost
* Connected to myhost (1.1.1.1) port 80 (#0)
* Server auth using NTLM with user 'DOMAIN\username'
> GET /healthcheck.aspx HTTP/1.1
> Host: myhost
> Authorization: NTLM XXX
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: private
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/10.0
< X-AspNet-Version: 4.0.30319
< Persistent-Auth: true
< X-Powered-By: ASP.NET
< Date: Thu, 03 Jul 2025 01:07:05 GMT
< Content-Length: 557
<

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<title>Health Check</title>
</head>

livehybrid · ‎07-02-2025

Hi @Esky73

The app uses the HttpNtlmAuth/requests-ntlm library which as you've found does require the Username in 'domain\\username' format. There doesnt look to be a way around this.

It should be possible to authenticate using the domain\\username but the domain isnt always the first bit after the @ symbol in the full domain, e.g. it could by "mydomain", "mydomain.ad" or something completely different. Are you able to check with your AD team to see what this value should be?

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Website monitoring : user format for domain users

configuration

troubleshooting

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?