hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Ling" <jeffl...@google.com>
Subject Re: ntlm issues 2 - Unknown user name or bad password
Date Wed, 01 Nov 2006 17:39:16 GMT
Hi Oleg,

I might give it a try.

Does it mean I need to use "custom auth scheme"?

Thanks,
Jeff

On 11/1/06, Oleg Kalnichevski <olegk@apache.org> wrote:
>
> On Wed, 2006-11-01 at 08:51 -0800, Jeff Ling wrote:
> > Hi guys,
> >
> > This is an even strangier problem that I've been struggling with. I am
> using
> > Axis2 to call MS Sharepoint web services. At most customers, it works
> well.
> > However, at this one customer, the authentication just fails with the
> event
> > log message on the web server says: "Unknown user name or bad
> password"  Of
> > course, the first possibility was invalid user name/password as the
> error
> > message suggested. But I tried many different variations. And I've
> written a
> > .Net client to try it with the same credential, it works. Of course, it
> > could be using NTLMv2 instead. So I tried another application that only
> > supports NTLMv1 (it's a C++ implementation), and it also works!  I also
> > turned on wire trace. I know the host doesn't not enforce NTLMv2.
> >
> > The next thing I did was getting all the Axis2 source code, and then all
> the
> > httpclient souce code down. I put in more trace, and saw the type 1 ->
> type
> > 2 -> type 3 message handshaking. I even printed out the user name,
> password,
> > host, domain, and everything seems correct. But After the type 3 message
> was
> > sent to the server, the server returns 401. The only thing I didn't do
> is to
> > analyze the NTLM messages because I don't know how to validate them!
> >
> > The client is running on the same machine as the web server. The user
> > account is a local account (not a domain account), JDK is 1.4.x,and
> > httpclient is 3.0.1. On the server, it says:
> >
> > Logon Failure:
> >      Reason:        Unknown user name or bad password
> >      User Name:    SHAREPOINTADMIN
> >      Domain:        ITDSPDEV
> >      Logon Type:    3
> >      Logon Process:    NtLmSsp
> >      Authentication Package:    NTLM
> >      Workstation Name:    ITDSPDEV.COJ.NET
> >      Caller User Name:    -
> >      Caller Domain:    -
> >      Caller Logon ID:    -
> >      Caller Process ID:    -
> >      Transited Services:    -
> >      Source Network Address:    161.243.4.71
> >      Source Port:    2009
> >
> >
> > Logon attempt by:    MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> >  Logon account:    SHAREPOINTADMIN
> >  Source Workstation:    ITDSPDEV.COJ.NET
> >  Error Code:    0xC000006A
> >
> >
> >
> > Any suggestions? What else can I do?
> >
> > Thanks,
> > Jeff
>
> Jeff,
>
> It is plausible that HttpClient's low level NTLM code is simply buggy.
> None of the current HttpClient committers is very knowledgeable about
> NTLM and its inner working. Moreover, none of us seems interested in
> getting more involved with the subject.
>
> Our long term plan is to have our home brewed code replaced with JCIFS,
> the library is being developed and maintained by the Samba project.
>
> The analysis of the problem you gave above suggests you already know
> more about the subject than any of us. If you have enough incentive and
> determination to 'scratch your own itch', you may want to consider
> developing an AuthScheme based on JCIFS. Besides, this would be a major
> and a very welcome contribution to the project.
>
> For more details on the subject please refer to this resource:
>
> http://wiki.apache.org/jakarta-httpclient/FrequentlyAskedNTLMQuestions
>
> Cheers,
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>


-- 
Jeff Ling
Product Solutions Engineer
GOOGLE
Office: (650) 253-3095
Fax: (650) 618-1835
Email: jeffling@google.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message