hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lili Liu <l...@inxight.com>
Subject RE: IIS (NTLM) + proxy server (NTLM or basic) problem
Date Wed, 05 May 2004 19:58:52 GMT

Hi, Oleg:
Anonymous was disabled (only NTLM is enabled).
Our customer requires Microsoft proxy server and IIS.
lili

Our proxy server is using IIS 3.0, maybe that is too old.

-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: Wednesday, May 05, 2004 11:36 AM
To: Commons HttpClient Project
Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem


Hi Lili,

Do not give up too soon. I did test BASIC proxy (using Squid stable) +
NTLM host authentication and did work. Of course, I cannot rule out that
the problem is caused by some 'peculiarities' of Microsoft Proxy
implementation. 

Please try disabling anonymous access to the host server and see if that
makes any difference. 

Also consider using Squid as a proxy, at least for tests

Oleg

On Wed, 2004-05-05 at 19:11, Lili Liu wrote:
> Hi, Oleg:
> 
> I tried all cases you mentioned below, and can't get it work. (My login is
> domain account)
> I thought I had one time work in this situation, but actually I missed the
> line
> client.getHostConfiguration().setProxy(proxyserverIP, 80);
> 
> If I commented out either NTLM authentication (use anoynomous) or proxy
> authentication, authentication is sucessful.
> 
> I really doubt whether NTLM host can work through proxy environment.
> Check this site:
> http://www.squid-cache.org/mail-archive/squid-users/199710/0279.html
> It mentioned NLTM should not be used on the Internet at large 
> (by way of Microsoft's recommendation). 
> 
> lili
> 
> 
> -----Original Message-----
> From: Kalnichevski, Oleg [mailto:oleg.kalnichevski@bearingpoint.com]
> Sent: Wednesday, May 05, 2004 1:04 AM
> To: Lili Liu
> Cc: commons-httpclient-dev@jakarta.apache.org
> Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem
> 
> 
> 
> Lili,
> There's nothing in the log that could suggest a flaw in HttpClient's
> authentication logic. Everything appears sane as far as the authentication
> is concerned. Proxy authentication was successful. The trouble appears to
be
> caused by the NTLM host server which does not seem to accept the
> credentials.
> 
> 
> client.getState().setCredentials(
> 	null,
> 	"10.8.9.22",
> 	new NTCredentials("lliu", "xxxxx", "10.8.9.22", "INXIGHT")
> );
> 
> (1) Please double-check the domain name and try using the host name (every
> NT box must have one) instead of the IP ("10.8.9.22") in the NTCredentials
> constructor.
> 
> client.getState().setCredentials(
> 	null,
> 	"10.8.9.22",
> 	new NTCredentials("lliu", "xxxxx", "myhost", "INXIGHT")
> );
> 
> Where 'lliu' is a domain account
> 
> 
> (2) Is the account you are using a domain account or a local one? This
> distinction is very important. If it is a local one, you should be using
the
> host name instead of the domain name, even though the server may be a part
> of the INXIGHT domain
> 
> client.getState().setCredentials(
> 	null,
> 	"10.8.9.22",
> 	new NTCredentials("lliu", "xxxxx", "myhost", "myhost")
> 
> Where 'lliu' is a local account on the 'myhost' host
> 
> Let me know the results
> 
> Oleg
> 
> -----Original Message-----
> From: Lili Liu [mailto:lliu@inxight.com]
> Sent: Tuesday, May 04, 2004 20:26
> To: Kalnichevski, Oleg
> Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem
> 
> 
> Hi, Oleg:
> I am focusing to get basic proxy + NTLM host work.
> I downloaded the Httpclient package from the link below (May 4).
> 
> I still got the 401 error.
> Here is the log.txt and my test program testProxy.java
> 
> One thing I thought maybe questionable is the first parameter of
> setProxyCredentials is null in my case since the proxy does not belong to
> any domain.
> 
> lili
> Let me what you find.
> Thanks a bunch!
> 
> 
> -----Original Message-----
> From: Kalnichevski, Oleg [mailto:oleg.kalnichevski@bearingpoint.com]
> Sent: Tuesday, May 04, 2004 2:06 AM
> To: Commons HttpClient Project
> Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem
> 
> 
> 
> Lili,
> Truth to be told, NTLM proxy + NTLM host authentication has never been
> properly tested, because none of us (HttpClient developers) has got access
> to a Microsoft Proxy installation. I would not be surprised if it did not
> work at all with HttpClient 2.0. I know for a fact that BASIC proxy + NTLM
> host should work. I have been using Squid proxy to run the tests, though.
> 
> 
> Anyways, could you please get hold of the latest HttpClient DEVELOPMENT
> snapshot from the following location and see if it produces the same
> results?
> 
> 
> <http://cvs.apache.org/builds/jakarta-commons/nightly/commons-httpclient/>
> 
> It is much easier for me to troubleshoot the development version of
> HttpClient because it's authentication code has become much saner.
> Authentication code has undergone a complete rewrite for the 3.0 release
and
> _should_ be significantly more robust than that of HttpClient 2.0. Once
the
> problem is idenified and fixed, I'll port the changes to the stable
> HttpClient branch
> 
> Please note that the development version (which is going to be the version
> 3.0 when released) is no longer 2.0 API compatible. You may have to make
> some adjustments to your code.
> 
> 
> Oleg
> 
> -----Original Message-----
> From: Lili Liu [mailto:lliu@inxight.com]
> Sent: Tuesday, May 04, 2004 0:13
> To: 'commons-httpclient-dev@jakarta.apache.org'
> Subject: IIS (NTLM) + proxy server (NTLM or basic) problem
> 
> 
> Hello,
> 
> I have tried all authentication combinations with IIS web server and
> microsoft proxy server.
> I have 401.1 error when both IIS are set up using NTLM and proxy server is
> Basic or NTLM.
> 
> The proxy server set up code is as follows: (NTLM case)
> 
> 
> 
> 
> client.getState().setAuthenticationPreemptive(false);
> 			client.getHostConfiguration().setProxy("<proxy IP
> address>", 80);
> 			client.getState().setProxyCredentials(null, "<proxy
> IP address>",
> 				new NTCredentials(proxy-server-username,
> proxy-server-password, proxy-server-host, proxy-server-domain));
> 
> The web server connection is done as follows:
> 
> 
> 
> client.getState().setAuthenticationPreemptive(false);
> 			client.getState().setCredentials(
> 						            null,
> 						            "10.8.9.22",
> 						            new
> NTCredentials(username, passwd, "10.8.9.22", "INXIGHT");
> 
> 
> Other combinations work well (IIS basic + proxy NTLM or proxy basic)
> IIS NTLM without proxy server also works.
> 
> Log file is attached.
> 
> Any help is highly appreciated!
> 
> lili <<log.txt>>
> 
> 
> 
> 
> 
> 
> 
> 
>
****************************************************************************
> ***********************
> The information in this email is confidential and may be legally
privileged.
> Access to this email by anyone other than the intended addressee is
> unauthorized.  If you are not the intended recipient of this message, any
> review, disclosure, copying, distribution, retention, or any action taken
or
> omitted to be taken in reliance on it is prohibited and may be unlawful.
If
> you are not the intended recipient, please reply to or forward a copy of
> this message to the sender and delete the message, any attachments, and
any
> copies thereof from your system.
>
****************************************************************************
> ***********************
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> commons-httpclient-dev-help@jakarta.apache.org
> 
> 
>
****************************************************************************
> ***********************
> The information in this email is confidential and may be legally
privileged.
> Access to this email by anyone other than the intended addressee is
> unauthorized.  If you are not the intended recipient of this message, any
> review, disclosure, copying, distribution, retention, or any action taken
or
> omitted to be taken in reliance on it is prohibited and may be unlawful.
If
> you are not the intended recipient, please reply to or forward a copy of
> this message to the sender and delete the message, any attachments, and
any
> copies thereof from your system.
>
****************************************************************************
> ***********************
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> commons-httpclient-dev-help@jakarta.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message