2.1.2 Client
The client SHOULD<3> use RPC over SMB, ncacn_np (as specified in [MS-RPCE] section 2.1.1.2) as the RPC protocol sequence to communicate with the server. The client MUST specify either "Simple and Protected GSS-API Negotiation Mechanism" (0x9) or "NTLM" (0xA), as specified in [MS-RPCE] section 3.2.1.5.1, as the Authentication Service. When using the "Simple and Protected GSS-API Negotiation Mechanism" as the Authentication Service, the client SHOULD supply a service principal name (SPN) (for more information, see [SPNNAMES]) of "host/hostname" where hostname is the actual name of the server to which the client is connecting, and "host/" is the literal string "host/".
When using ncacn_np as the RPC protocol sequence, the client SHOULD<4> use an authentication level of RPC_C_AUTHN_LEVEL_PKT_PRIVACY to connect to the server; and, if the server does not support this authentication level, it falls back to RPC_C_AUTHN_LEVEL_CONNECT. Authentication levels are as specified in [MS-RPCE] section 2.2.1.1.8.