cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Failure with --proxy-anyauth on NTLM

From: Steve Holme <steve_holme_at_hotmail.com>
Date: Fri, 30 Mar 2012 09:51:49 +0100

Hi Matteo,

> These are the results of the tests (I have no access to the
> ISA-server-Proxy).
>
> 1. curl.exe --proxy-ntlm --proxy 192.168.0.110:3128 --proxy-user
> user:pass www.google.com It works fine if --proxy-ntlm
> <http://curl.haxx.se/docs/manpage.html#--proxy-ntlm> is
> specified.
>
> 2. curl.exe --proxy-anyauth --proxy 192.168.0.110:3128 --proxy-user
> user:pass www.google.com It fails.
>
> 3. curl.exe --proxy-anyauth --proxy-negotiate --proxy
> 192.168.0.110:3128 --proxy-user user:pass www.google.com It
> fails.

I'm not too familiar with proxy servers from a curl prospective so someone
else might be able to answer your query better than me, but I do know how
the SMTP authentication works in curl so I have just delved into the
http_proxy stuff out of curiosity and some of the following may be useful to
you...

> HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
> authorization to fulfill the request. Access to the Web P roxy filter is
> denied. )
> Via: 1.1 NAS
> Proxy-Authenticate: Negotiate
> Proxy-Authenticate: Kerberos
> Proxy-Authenticate: NTLM

I believe this is where the problem lies...

The server has told curl that it supports GSS Negotiate, Kerberos and NTLM
in that order so curl with CURLAUTH_ANY set has tried to authenticate with
GSS first as that was first in the list. This is then failing because, and
I'm guessing here, your customer has a problem authenticating with GSS - as
indicated by test #3 also failing.

I would try and get the customer to fix up GSS - If they don't want to
support GSS can they turn it off so that the server only advertises NTLM for
example?

If they can't turn it off in ISA Server or don't want to, does your
application have a configuration file (or registry setting if it is Windows
based) where you could specify the preferred authentication mechanism as
NTLM?

I hope this helps a little

Kind Regards

Steve

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-30