For the Windows domain authentication option with service-selected IPs, please review how authentication occurs in these scenarios.
With this option the scanning engine will use NetBIOS to authenticate to hosts in a user-specified domain using credentials stored on this domain. If trust relationships exist and the account's permissions are properly propagated, it's possible for the scanning engine to authenticate to hosts which are not members of the same domain.
Example: CORP is a top-level domain. The account credentials are stored in domain CORP.
This option may be used when a proper trust exists between the domain, on which the account credentials reside, and a child domain on which the target hosts exist. The account permissions must be properly propagated to the hosts' domain as described in Windows Domain Account Setup.
Specify the format "domain\user" in the User Name field. Note: the format "user@domain" is not supported. Using the "domain\user" format makes it possible to create one Windows authentication record per trusted domain in the case where hosts to be scanned are members of one domain and authentication credentials are stored on another domain.
In the Domain Type drop-down, select "NetBIOS Service-Selected IPs". Enter the domain name identifying the hosts to be scanned. In the User Name field, enter the value "domain\user", where "domain" is the domain containing the authentication credentials, and "user" is the account name for these credentials stored on another domain. Save the authentication record. During an authenticated scan, the service uses the authentication credentials stored on the domain specified in the "domain" portion of the "domain\user" entry to authenticate to the hosts that are members of the domain specified in the Domain Name field.
Example: CORP is the top-level domain (forest root) where proper trust relationships exist. Account credentials for account "bsmith" are stored in the top-level domain "CORP". Target hosts are members of the child domain "SALES". Enter "CORP\bsmith" in the User Name field and "SALES" in the Domain Name field.
