FWIW, it does not appear to be a flag issue. I'll be looking deeper this weekend to see if I can find anything wrong with the encryption logic. Odd that that should be the problem given the tests, but that seems to be where the research is pointing.
Karl On Fri, Feb 15, 2013 at 10:35 AM, Karl Wright <daddy...@gmail.com> wrote: > Jason and I have taken this conversation offline; we're going to try > out a couple of things and see what they do. > > Karl > > On Fri, Feb 15, 2013 at 10:00 AM, Jason Millard <jsm...@gmail.com> wrote: >> Yes I will definitely be willing to do this! >> >> Jason >> >> >> On Friday, February 15, 2013, Karl Wright wrote: >>> >>> Without the ability to duplicate the server-side setup here, the best >>> I can do is change what seems to be different and ask you to try it in >>> your environment, until it works there. >>> >>> The flag differences seem unimportant at first glance, but that is >>> where I would start. What I propose is that I create a number of >>> httpclient jars based on 4.2.3 and ask you to try each one of them in >>> turn. You would be downloading these from >>> http://people.apache.org/~kwright . Do you think this would work for >>> you? >>> >>> Karl >>> >>> On Fri, Feb 15, 2013 at 9:48 AM, Jason Millard <jsm...@gmail.com> wrote: >>> > On Fri, Feb 15, 2013 at 9:40 AM, Karl Wright <daddy...@gmail.com> wrote: >>> >> There's enough info in the capture data provided to tell me the answer >>> >> to the jcifs lmCompatibility question, I think. I'd still like to >>> >> know the answer to question (2) though. >>> >> >>> >> Thanks! >>> >> Karl >>> >> >>> >> On Fri, Feb 15, 2013 at 8:53 AM, Karl Wright <daddy...@gmail.com> >>> >> wrote: >>> >>> Yes - and more information too: >>> >>> >>> >>> (1) I need to know some details about how jcifs is being used when it >>> >>> is successful. Specifically, the question is whether you supply any >>> >>> -D jcifs configuration switches. If *no* switches or system property >>> >>> overrides are being supplied, that is also useful. Specifically, I'm >>> >>> looking for this one: >>> >>> >>> >>> LM_COMPATIBILITY = Config.getInt("jcifs.smb.lmCompatibility", 3); >>> >>> >>> >>> (2) I have tested the HttpClient NTLM code with all the local and >>> >>> domain security policies available on an Windows 2008 R2 setup, and >>> >>> found that it works on all. I will need to know what domain >>> >>> controller authentication policies have been selected to produce a >>> >>> failure. >>> >>> >>> >>> Karl >>> >>> >>> >>> >>> >>> On Fri, Feb 15, 2013 at 7:58 AM, Oleg Kalnichevski <ol...@apache.org> >>> >>> wrote: >>> >>>> Karl >>> >>>> >>> >>>> Do you think these captures could be useful? It appears we have >>> >>>> another >>> >>>> case where JCIFS works while our internal NTLM engine does not. >>> >>>> >>> >>>> Oleg >>> >>>> >>> >>>> -------- Forwarded Message -------- >>> >>>> From: Jason Millard <jsm...@gmail.com> >>> >>>> Reply-to: "HttpClient User Discussion" >>> >>>> <httpclient-us...@hc.apache.org> >>> >>>> To: HttpClient User Discussion <httpclient-us...@hc.apache.org> >>> >>>> Subject: Re: NTLM issues with 4.2.3 >>> >>>> Date: Thu, 14 Feb 2013 11:44:44 -0500 >>> >>>> >>> >>>> On Thu, Feb 14, 2013 at 10:00 AM, Oleg Kalnichevski >>> >>>> <ol...@apache.org> wrote: >>> >>>>> On Wed, 2013-02-13 at 16:15 -0500, Jason Millard wrote: >>> >>>>>> Hello. >>> >>>>>> >>> >>>>>> I've been using previous versions of HttpClient forever using the >>> >>>>>> JCIFSEngine. I wanted to give 4.2.3 a try to see if it solved my >>> >>>>>> issues, but unfortunately I'm having the same problems. >>> >>>>>> >>> >>>>>> I was able to turn on debug logging and compare outputs. It's >>> >>>>>> almost >>> >>>>>> identical except for my final 200 vs 401 status code. Of course the >>> >>>>>> type 1, 2, 3 messages have different signatures. >>> >>>>>> >>> >>>>>> Since the messages have addresses that I don't really want public, >>> >>>>>> I >>> >>>>>> was wondering the best way to get help debugging. >>> >>>>>> >>> >>>>>> 2013/02/13 16:09:22:817 EST [DEBUG] headers - >> User-Agent: >>> >>>>>> Apache-HttpClient/4.2.3 (java 1.5) >>> >>>>>> 2013/02/13 16:09:22:817 EST [DEBUG] headers - >> Authorization: >>> >>>>>> NTLM xxxxxx >>> >>>>>> 2013/02/13 16:09:22:928 EST [DEBUG] wire - << "HTTP/1.1 401 >>> >>>>>> Unauthorized[\r][\n]" >>> >>>>>> 2013/02/13 16:09:22:929 EST [DEBUG] wire - << "Content-Length: >>> >>>>>> 1539[\r][\n]" >>> >>>>>> 2013/02/13 16:09:22:929 EST [DEBUG] wire - << "Content-Type: >>> >>>>>> text/html[\r][\n]" >>> >>>>>> 2013/02/13 16:09:22:929 EST [DEBUG] wire - << "Server: >>> >>>>>> Microsoft-IIS/6.0[\r][\n]" >>> >>> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org
