I thought about that, yet in this situation neither the Type 1 nor the Type 2 message includes the Negotiate_NTLM2_Key flag.
However, when firefox or IE talks to the same proxy, the type 1 message includes Negotiate_NTLM2_Key as does the type 2 message. If the proxy were required to use NTLM2, wouldn't it return that flag set in the type 2? The type 1 message has the following flags set: Negotiate_Domain_Supplied,Negotiate_Local_Call,Negotiate_NTLM,Negotiate_OEM,Request_Target And the type 2 messge has the following flags set: Negotiate_NTLM,Negotiate_OEM,Negotiate_Target_Info,Request_Target,Target_Type_Domain I see in the log I sent where it says Credential Charset not provided. using HTTP element charset. I'm not sure if that charset is the same as "OEM" [Ascii]. I could see how the server would reject the password hash if it is hashed with the wrong charset. I recognize that the httpclient 3.x NTLM support is sort of a boat anchor and that the true solution will be with httpclient 4.x if and when it supports NTLM Thanks JJ On 3/7/08, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote: > > On Wed, 2008-03-05 at 14:03 -0800, John Jamison wrote: > > I was ohh so close - I am attempting to code a simple app that > > performs NTLM proxy authentication against a proxy server that > > supports NTLM and basic authentication. > > > > It took me some time to determine the correct value for the Domain > > field in the NTCredentials instance, but decoding the NTLM message 2 > > structure gave it to me (its the NT domain name). > > > > Now though it seems I still always get 407 responses. > > > > Here's the code: > > > > System.setProperty("org.apache.commons.logging.Log", > > "org.apache.commons.logging.impl.SimpleLog"); > > System.setProperty > > ("org.apache.commons.logging.simplelog.showdatetime", > > "true"); > > System.setProperty > > > > ("org.apache.commons.logging.simplelog.log.httpclient.wire.header", > > "debug"); > > System.setProperty > > > > ("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", > > "debug"); > > > > HttpClient httpclient = new HttpClient(); > > > > // set the proxy host and port > > httpclient.getHostConfiguration().setProxy("XXXPROXYHOSTXXX", 80); > > > > // tried this, triggers BASIC authentication automatically > > // httpclient.getParams().setAuthenticationPreemptive(true); > > > > // not sure if the following applies to proxy authentication > > List authPrefs = new ArrayList(1); > > authPrefs.add(AuthPolicy.NTLM); > > httpclient.getParams().setParameter > > (AuthPolicy.AUTH_SCHEME_PRIORITY, > > authPrefs); > > > > // > > // set the proxy credentials > > // > > httpclient.getState().setProxyCredentials( > > new AuthScope(AuthScope.ANY_HOST, 80, AuthScope.ANY_REALM), > > new NTCredentials("XXXUSERNAMEXXX", > > "XXXPASSSWORDXXX", > > "","XXXDOMAINXXXcom") > > ); > > > > GetMethod get = new GetMethod("http://www.google.com/"); > > get.setFollowRedirects(true); > > > > int status = httpclient.executeMethod(get); > > > > System.out.println(status); > > ... > > > > Here's the scrubbed debug trace - > > > > Frankly I'm stumped as to why the credentials provided are not being > > accepted. > > > > John, > > Quite likely because the server has been configured to accept NTLMv2 > authentication only, whereas HttpClient supports NTLMv1 only > > Oleg > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- John Jamison [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]