Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 43FE6E4C0 for ; Tue, 5 Feb 2013 14:43:17 +0000 (UTC) Received: (qmail 30444 invoked by uid 500); 5 Feb 2013 14:43:17 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 30420 invoked by uid 500); 5 Feb 2013 14:43:16 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 30194 invoked by uid 99); 5 Feb 2013 14:43:14 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Feb 2013 14:43:14 +0000 Date: Tue, 5 Feb 2013 14:43:14 +0000 (UTC) From: "Karl Wright (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HTTPCLIENT-1315) NTLM or digest authentication using a local user on a domain host doesn't work MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HTTPCLIENT-1315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13571352#comment-13571352 ] Karl Wright commented on HTTPCLIENT-1315: ----------------------------------------- Has there been any further developments here? One other point. Since the claim is that jcifs works but httpclient native does not, it occurred to me that we need to know what mode jcifs is operating in. As you may know, you control jcifs by way of a -D switch, which sets its lmcompatibility level emulation. The httpclient code does not need this because it uses the flags sent by the server to determine what mode to use, just like browsers do. Please verify that for your jcifs test, you are setting its lmcompatibility level to. If you are not setting the switch at all, this too is interesting information in that it means that your jcifs data point is useless. You will need a switch value of 5 to be able to guarantee that jcifs is in fact able to authenticate using the same mechanisms as httpclient is using in this case. > NTLM or digest authentication using a local user on a domain host doesn't work > ------------------------------------------------------------------------------ > > Key: HTTPCLIENT-1315 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1315 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpAuth, HttpClient > Affects Versions: 4.2.3 > Environment: using httpclient to connect to a Windows Server 2008 R2 standard host running IIS 7.5 > Reporter: Mihai David > Assignee: Karl Wright > Priority: Minor > Labels: NTLM, authentication, digest, domain, workgroup > Attachments: browser login with local user.txt, digestlog.txt, disable_flags.patch, httpclient login with local user.txt, zero_lm.patch > > > The default AuthScheme cannot authenticate local users if the host is included in a domain. Authetication with domain users or local users if the host is in a workgroup works fine. > If using ntlm or digest authentication: > - Authentication with a domain user works fine > - Authentication with a local user if the host is in a workgroup works fine > - Authentication with a local user (e.g. Administrator) if the host is in a domain returns 401 - Unauthorized. (Note: this works with JCIFS implementation) > To reproduce: > //using local user returns "401 - Unauthorized" if the host is part of a domain > NTCredentials creds = new NTCredentials("Administrator", "password", "myworkstation", "HOSTNAME"); > //domain user works fine: > //NTCredentials creds = new NTCredentials("USERNAME", "password", "myworkstation", "DOMAIN"); > DefaultHttpClient httpclient = new DefaultHttpClient(); > httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds); > HttpHost target = new HttpHost("xx.xx.xx.xx", 81, "http"); > HttpContext localContext = new BasicHttpContext(); > HttpGet httpget = new HttpGet("/Orchestrator2012/Orchestrator.svc/Jobs"); > List authpref = new ArrayList(); > authpref.add(AuthPolicy.NTLM); > httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF, authpref); > HttpResponse response1 = httpclient.execute(target, httpget, localContext); > HttpEntity entity1 = response1.getEntity(); > The code works if I use jcifs-1.3.17 to create an NTLMEngine like in the example: http://hc.apache.org/httpcomponents-client-ga/ntlm.html -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org