Daniel,

> On Mon, 1 Sep 2014, Ulrich Telle wrote:
>
> Just to clarify a detail on the log you posted, in case it wasn't absolutely
> clear:
>
> > Header out: GET http://xyz.com/ HTTP/1.1
> > Proxy-Authorization: NTLM
> > TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQ
> > AFAHAAAAAGAAYAdQAAAAAAAAAAAAAABoKJACjrUgzovGvZAAAAAAA
> > AAAAAAAAAAAAAAH8aPq9LDPKDglDlt4O+6kw69fgaLSTJNkxYSlFVU0cx
> > NVlS
>
> This is the request that should be the last and fine request, ending
> the NTLM "handshake" and yet...
>
> > Header in: HTTP/1.1 407 authenticationrequired
>
> The proxy rejects it, which makes libcurl say:
>
> > Text: NTLM handshake rejected
> > Text: Authentication problem. Ignoring this.
>
> It is really not easy to say why it does this.

That's why I started to ask on this list, because I'm at a loss why the
authentication process fails for the affected users.

> Is the user or password using any "fun" unicode letters ?

In the log I posted I modified urls, ip numbers and user names to mask the
identity of the user and his company. In the original log there is a real user id
and a real password consisting of only ASCII characters.

> Is this using NTLMv2 ?

I don't know. How can I find this out? Have I to ask the proxy server
operator?

BTW, the problem first showed up with a failure of the authentication process
using "basic authentication", but for some users only. Then I changed my
application to set option CURLOPT_PROXYAUTH to CURLAUTH_ANY, to
allow the other authentication option the proxy claims to support, namely
NTLM). However, NTLM authentication now seems to fail consistently for
*all* users.

Regards,

Ulrich

-- 
E-Mail privat:  Ulrich.Telle_at_gmx.de
World Wide Web: http://www.telle-online.de
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html