cURL / Mailing Lists / curl-library / Single Mail


Re: Problem with NTLM proxy authentication

From: Ulrich Telle <>
Date: Mon, 01 Sep 2014 23:59:13 +0200


> On Mon, 1 Sep 2014, Ulrich Telle wrote:
> Just to clarify a detail on the log you posted, in case it wasn't absolutely
> clear:
> > Header out: GET HTTP/1.1
> > Proxy-Authorization: NTLM
> > NVlS
> This is the request that should be the last and fine request, ending
> the NTLM "handshake" and yet...
> > Header in: HTTP/1.1 407 authenticationrequired
> The proxy rejects it, which makes libcurl say:
> > Text: NTLM handshake rejected
> > Text: Authentication problem. Ignoring this.
> It is really not easy to say why it does this.

That's why I started to ask on this list, because I'm at a loss why the
authentication process fails for the affected users.

> Is the user or password using any "fun" unicode letters ?

In the log I posted I modified urls, ip numbers and user names to mask the
identity of the user and his company. In the original log there is a real user id
and a real password consisting of only ASCII characters.

> Is this using NTLMv2 ?

I don't know. How can I find this out? Have I to ask the proxy server

BTW, the problem first showed up with a failure of the authentication process
using "basic authentication", but for some users only. Then I changed my
application to set option CURLOPT_PROXYAUTH to CURLAUTH_ANY, to
allow the other authentication option the proxy claims to support, namely
NTLM). However, NTLM authentication now seems to fail consistently for
*all* users.



E-Mail privat:
World Wide Web:
List admin:
Received on 2014-09-02