hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1315) NTLM or digest authentication using a local user on a domain host doesn't work
Date Fri, 01 Feb 2013 20:28:14 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13569038#comment-13569038
] 

Karl Wright commented on HTTPCLIENT-1315:
-----------------------------------------

Thanks for the wire logging, but I actually need the packet captures because I need to use
Wireshark's ability to pick apart the NTLM packets.  The only thing the wire logging is good
for is seeing the headers, and the only thing interesting is this:

2013/02/01 22:07:44:797 EET [DEBUG] headers - >> Host: 16.77.58.213:81

Windows domain controllers allow you to set policies describing who can connect to the domain,
so often you can't log in unless the host header matches the BIOS name of the machine you
are communicating with.  But the browser capture has the identical header, so unless you modified
one and didn't mention it, that's not the issue here.

I will set up and Amazon instance and look into this on Sunday.

                
> NTLM or digest authentication using a local user on a domain host doesn't work
> ------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1315
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1315
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth, HttpClient
>    Affects Versions: 4.2.3
>         Environment: using httpclient to connect to a Windows Server 2008 R2 standard
host running  IIS 7.5
>            Reporter: Mihai David
>            Assignee: Karl Wright
>            Priority: Minor
>              Labels: NTLM, authentication, digest, domain, workgroup
>         Attachments: browser login with local user.txt, digestlog.txt, httpclient login
with local user.txt
>
>
> The default AuthScheme cannot authenticate local users if the host is included in a domain.
Authetication with domain users or local users if the host is in a workgroup works fine.
> If using ntlm or digest authentication: 
>  - Authentication with a domain user works fine 
>  - Authentication with a local user if the host is in a workgroup works fine 
>  - Authentication with a local user (e.g. Administrator) if the host is in a domain returns
401 - Unauthorized. (Note: this works with JCIFS implementation)
> To reproduce: 
> //using local user returns "401 - Unauthorized" if the host is part of a domain 
> NTCredentials creds = new NTCredentials("Administrator", "password", "myworkstation",
"HOSTNAME"); 
> //domain user works fine: 
> //NTCredentials creds = new NTCredentials("USERNAME", "password", "myworkstation", "DOMAIN");

> DefaultHttpClient httpclient = new DefaultHttpClient(); 
> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds); 
> HttpHost target = new HttpHost("xx.xx.xx.xx", 81, "http"); 
> HttpContext localContext = new BasicHttpContext(); 
> HttpGet httpget = new HttpGet("/Orchestrator2012/Orchestrator.svc/Jobs"); 
> List<String> authpref = new ArrayList<String>(); 
> authpref.add(AuthPolicy.NTLM); 
> httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF, authpref); 
> HttpResponse response1 = httpclient.execute(target, httpget, localContext); 
> HttpEntity entity1 = response1.getEntity(); 
> The code works if I use jcifs-1.3.17 to create an NTLMEngine like in the example: http://hc.apache.org/httpcomponents-client-ga/ntlm.html

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message