Do you want to use domain-level authentication using NetBIOS and service-selected IPs? We recommend you review these sample scenarios to understand how our service performs host authentication.
Our security service will use NetBIOS to authenticate to hosts in a user-specified domain using credentials stored on this domain. If trust relationships exist and the account's permissions are properly propagated, it's possible for our service to authenticate to hosts which are not members of the same domain.
Example: CORP is a top-level domain. The account credentials are stored in domain CORP.
We also have a solution for the case where proper trust exists between the domain, on which the account credentials reside, and a child domain on which the target hosts exist.
Make these record settings:
For User Name specify the format "domain\user". Note: the format "user@domain" is not supported. Using the "domain\user" format makes it possible to create one Windows authentication record per trusted domain in the case where hosts to be scanned are members of one domain and authentication credentials are stored on another domain.
For Domain Type select "NetBIOS Service-Selected IPs". Enter the domain name identifying the hosts to be scanned. In the User Name field, enter "domain\user", where "domain" is the domain containing the authentication credentials and "user" is the account name for these credentials stored on another domain.
During an authenticated scan, our service uses the authentication credentials stored on the domain specified in the "domain" portion of the "domain\user" entry to authenticate to the hosts that are members of the domain specified in the Domain Name field.
Example: CORP is the top-level domain (forest root) where proper trust relationships exist. Account credentials for account "bsmith" are stored in the top-level domain "CORP". Target hosts are members of the child domain "SALES". Enter "CORP\bsmith" in the User Name field and "SALES" in the Domain Name field.