diff --git a/authenticate_message.go b/authenticate_message.go
index c893068..1b0fe7d 100644
--- a/authenticate_message.go
+++ b/authenticate_message.go
@@ -42,7 +42,7 @@ func (m authenicateMessage) MarshalBinary() ([]byte, error) {
 	}
 
 	target, user := toUnicode(m.TargetName), toUnicode(m.UserName)
-	workstation := toUnicode("go-ntlmssp")
+	workstation := toUnicode("")
 
 	ptr := binary.Size(&authenticateMessageFields{})
 	f := authenticateMessageFields{
diff --git a/authheader.go b/authheader.go
index aac3f77..c9d30d3 100644
--- a/authheader.go
+++ b/authheader.go
@@ -5,26 +5,55 @@ import (
 	"strings"
 )
 
-type authheader string
+type authheader []string
 
 func (h authheader) IsBasic() bool {
-	return strings.HasPrefix(string(h), "Basic ")
+	for _, s := range h {
+		if strings.HasPrefix(string(s), "Basic ") {
+			return true
+		}
+	}
+	return false
+}
+
+func (h authheader) Basic() string {
+	for _, s := range h {
+		if strings.HasPrefix(string(s), "Basic ") {
+			return s
+		}
+	}
+	return ""
 }
 
 func (h authheader) IsNegotiate() bool {
-	return strings.HasPrefix(string(h), "Negotiate")
+	for _, s := range h {
+		if strings.HasPrefix(string(s), "Negotiate") {
+			return true
+		}
+	}
+	return false
 }
 
 func (h authheader) IsNTLM() bool {
-	return strings.HasPrefix(string(h), "NTLM")
+	for _, s := range h {
+		if strings.HasPrefix(string(s), "NTLM") {
+			return true
+		}
+	}
+	return false
 }
 
 func (h authheader) GetData() ([]byte, error) {
-	p := strings.Split(string(h), " ")
-	if len(p) < 2 {
-		return nil, nil
+	for _, s := range h {
+		if strings.HasPrefix(string(s), "NTLM") || strings.HasPrefix(string(s), "Negotiate") || strings.HasPrefix(string(s), "Basic ") {
+			p := strings.Split(string(s), " ")
+			if len(p) < 2 {
+				return nil, nil
+			}
+			return base64.StdEncoding.DecodeString(string(p[1]))
+		}
 	}
-	return base64.StdEncoding.DecodeString(string(p[1]))
+	return nil, nil
 }
 
 func (h authheader) GetBasicCreds() (username, password string, err error) {
diff --git a/debian/changelog b/debian/changelog
index 540f1e4..345fa42 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+golang-github-azure-go-ntlmssp (0.0~git20211209.48547f2-1) UNRELEASED; urgency=low
+
+  * New upstream snapshot.
+
+ -- Debian Janitor <janitor@jelmer.uk>  Mon, 14 Mar 2022 15:02:24 -0000
+
 golang-github-azure-go-ntlmssp (0.0~git20200615.6637195-1) unstable; urgency=medium
 
   [ Alexandre Viau ]
diff --git a/negotiator.go b/negotiator.go
index 7705eae..a5a5f5b 100644
--- a/negotiator.go
+++ b/negotiator.go
@@ -34,10 +34,11 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 		rt = http.DefaultTransport
 	}
 	// If it is not basic auth, just round trip the request as usual
-	reqauth := authheader(req.Header.Get("Authorization"))
+	reqauth := authheader(req.Header.Values("Authorization"))
 	if !reqauth.IsBasic() {
 		return rt.RoundTrip(req)
 	}
+	reqauthBasic := reqauth.Basic()
 	// Save request body
 	body := bytes.Buffer{}
 	if req.Body != nil {
@@ -59,11 +60,10 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 	if res.StatusCode != http.StatusUnauthorized {
 		return res, err
 	}
-
-	resauth := authheader(res.Header.Get("Www-Authenticate"))
+	resauth := authheader(res.Header.Values("Www-Authenticate"))
 	if !resauth.IsNegotiate() && !resauth.IsNTLM() {
 		// Unauthorized, Negotiate not requested, let's try with basic auth
-		req.Header.Set("Authorization", string(reqauth))
+		req.Header.Set("Authorization", string(reqauthBasic))
 		io.Copy(ioutil.Discard, res.Body)
 		res.Body.Close()
 		req.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes()))
@@ -75,7 +75,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 		if res.StatusCode != http.StatusUnauthorized {
 			return res, err
 		}
-		resauth = authheader(res.Header.Get("Www-Authenticate"))
+		resauth = authheader(res.Header.Values("Www-Authenticate"))
 	}
 
 	if resauth.IsNegotiate() || resauth.IsNTLM() {
@@ -112,7 +112,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 		}
 
 		// receive challenge?
-		resauth = authheader(res.Header.Get("Www-Authenticate"))
+		resauth = authheader(res.Header.Values("Www-Authenticate"))
 		challengeMessage, err := resauth.GetData()
 		if err != nil {
 			return nil, err