curl-library
Re: Problem with NTLM proxy authentication
Date: Mon, 01 Sep 2014 23:59:13 +0200
Daniel,
> On Mon, 1 Sep 2014, Ulrich Telle wrote:
>
> Just to clarify a detail on the log you posted, in case it wasn't absolutely
> clear:
>
> > Header out: GET http://xyz.com/ HTTP/1.1
> > Proxy-Authorization: NTLM
> > TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQ
> > AFAHAAAAAGAAYAdQAAAAAAAAAAAAAABoKJACjrUgzovGvZAAAAAAA
> > AAAAAAAAAAAAAAH8aPq9LDPKDglDlt4O+6kw69fgaLSTJNkxYSlFVU0cx
> > NVlS
>
> This is the request that should be the last and fine request, ending
> the NTLM "handshake" and yet...
>
> > Header in: HTTP/1.1 407 authenticationrequired
>
> The proxy rejects it, which makes libcurl say:
>
> > Text: NTLM handshake rejected
> > Text: Authentication problem. Ignoring this.
>
> It is really not easy to say why it does this.
That's why I started to ask on this list, because I'm at a loss why the
authentication process fails for the affected users.
> Is the user or password using any "fun" unicode letters ?
In the log I posted I modified urls, ip numbers and user names to mask the
identity of the user and his company. In the original log there is a real user id
and a real password consisting of only ASCII characters.
> Is this using NTLMv2 ?
I don't know. How can I find this out? Have I to ask the proxy server
operator?
BTW, the problem first showed up with a failure of the authentication process
using "basic authentication", but for some users only. Then I changed my
application to set option CURLOPT_PROXYAUTH to CURLAUTH_ANY, to
allow the other authentication option the proxy claims to support, namely
NTLM). However, NTLM authentication now seems to fail consistently for
*all* users.
Regards,
Ulrich
-- E-Mail privat: Ulrich.Telle_at_gmx.de World Wide Web: http://www.telle-online.de ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2014-09-02