Re: NTLM proxy authentication is failing with McAfee web gateway proxy server
We had also similar problem with proxy NTLM authentication and we have to use jcifs for fixing of this problem. The bug https://issues.apache.org/jira/browse/HTTPCLIENT-1080 is fixed now so I will do some tests if it has really gone. I think there might be some issues with domain. I would try to put the domain into username as "username@domain" and leave domain as null or empty string. AFAIK the Windows SSPI API domain can be set to NULL or empty string. The NULL is interpreted as a client side default which is usually the client machine hostnane. The empty string domain means default on the server side, which is Active directory domain, but it depends on implementation. Note that the Active directory username can also contain the at sign('@') character and in such case the username can be formed as e.g "username@email@domain" (at least in SSPI) and can be used only for NTLMv2 authentication. You have to use so called pre-Windows 2000 form when using NTLMv1. As NTLMv1 doesn't support dot in the domain you can use only first part of the domain. You know the NTLMv1 was designed for NetBios networks so username and domain are limited in size and set of characters which can be used. Hope that helps, Bronislav 2013/2/6 Oleg Kalnichevski > On Wed, 2013-02-06 at 22:03 +0530, anir . wrote: > > Try using jcifs jar . > > I had the same issue which got resolved using jcifs jar. > > > > Still, please consider raising a JIRA and submitting Wireshark packet > captures got those cases where JCIFS works and HttpClient's internal > NTLM engine does not. This should help us improve our NTLM code. > > Oleg > > > On Wed, Feb 6, 2013 at 5:45 PM, Oleg Kalnichevski > wrote: > > > > > On Wed, 2013-02-06 at 08:29 +0530, Deepak Mishra wrote: > > > > Had attached the log files but not able to see them on mail thread, > so > > > > attaching the same again. > > > > thank you, > > > > deepak > > > > > > > > > > Deepak > > > > > > I see nothing wrong on the HTTP level. There must be some kind of > > > incompatibility at the NTLM protocol level. Please capture both > sessions > > > with Wireshart (it has to be Wireshark), raise a JIRA and attach both > > > packet dumps to it. Hopefully Karl will be kind enough to take a look. > > > > > > Oleg > > > > > > > -- Forwarded message -- > > > > From: Deepak Mishra > > > > Date: Wed, Feb 6, 2013 at 6:27 AM > > > > Subject: NTLM proxy authentication is failing with McAfee web gateway > > > > proxy server > > > > To: HttpClient User Discussion > > > > > > > > > > > > Hi, > > > > We are using HttpClient 4.2.3 to communicate to an internet URL > > > > through a proxy server. Proxy server has NTLM authentication > > > > integrated with an Active Directory. > > > > We are able to do NTLM authentication with Ubuntu 12.04 Squid proxy > > > > server but not able to do NTLM authentication with McAfee webgateway > > > > proxy server. > > > > > > > > I am attaching HttpClient debug log for both the cases. > > > > Can some one please take a look at the logs and tell me why NTLM > > > > authentication is failing with McAfee webgateway proxy server. > > > > > > > > I am using same code to communicate with both of them. Following is > > > > the code. > > > > > > > > DefaultHttpClientclient = new DefaultHttpClient(); > > > > HttpHost host = new HttpHost(proxyServer, port); > > > > client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, host); > > > > NTCredentials creds = new NTCredentials(userName, > > > > password, > > > > InetAddress.getLocalHost().getHostName(), > > > > domain); > > > > client.getCredentialsProvider().setCredentials(new AuthScope(host, > > > > AuthScope.ANY_REALM, AuthPolicy.NTLM), creds); > > > > HttpGet httpMethod = new HttpGet(url); > > > > HttpResponse response = client.execute(httpMethod); > > > > BasicResponseHandler responseHandler = new BasicResponseHandler(); > > > > return responseHandler.handleResponse(response); > > > > > > > > thank you for help, > > > > deepak > > > > > > > > > > > > - > > > > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > > > > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > > > > > > > > > > > - > > > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > > > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > > > > > > > > > - > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > >
Re: NTLM proxy authentication is failing with McAfee web gateway proxy server
On Wed, 2013-02-06 at 22:03 +0530, anir . wrote: > Try using jcifs jar . > I had the same issue which got resolved using jcifs jar. > Still, please consider raising a JIRA and submitting Wireshark packet captures got those cases where JCIFS works and HttpClient's internal NTLM engine does not. This should help us improve our NTLM code. Oleg > On Wed, Feb 6, 2013 at 5:45 PM, Oleg Kalnichevski wrote: > > > On Wed, 2013-02-06 at 08:29 +0530, Deepak Mishra wrote: > > > Had attached the log files but not able to see them on mail thread, so > > > attaching the same again. > > > thank you, > > > deepak > > > > > > > Deepak > > > > I see nothing wrong on the HTTP level. There must be some kind of > > incompatibility at the NTLM protocol level. Please capture both sessions > > with Wireshart (it has to be Wireshark), raise a JIRA and attach both > > packet dumps to it. Hopefully Karl will be kind enough to take a look. > > > > Oleg > > > > > -- Forwarded message -- > > > From: Deepak Mishra > > > Date: Wed, Feb 6, 2013 at 6:27 AM > > > Subject: NTLM proxy authentication is failing with McAfee web gateway > > > proxy server > > > To: HttpClient User Discussion > > > > > > > > > Hi, > > > We are using HttpClient 4.2.3 to communicate to an internet URL > > > through a proxy server. Proxy server has NTLM authentication > > > integrated with an Active Directory. > > > We are able to do NTLM authentication with Ubuntu 12.04 Squid proxy > > > server but not able to do NTLM authentication with McAfee webgateway > > > proxy server. > > > > > > I am attaching HttpClient debug log for both the cases. > > > Can some one please take a look at the logs and tell me why NTLM > > > authentication is failing with McAfee webgateway proxy server. > > > > > > I am using same code to communicate with both of them. Following is > > > the code. > > > > > > DefaultHttpClientclient = new DefaultHttpClient(); > > > HttpHost host = new HttpHost(proxyServer, port); > > > client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, host); > > > NTCredentials creds = new NTCredentials(userName, > > > password, > > > InetAddress.getLocalHost().getHostName(), > > > domain); > > > client.getCredentialsProvider().setCredentials(new AuthScope(host, > > > AuthScope.ANY_REALM, AuthPolicy.NTLM), creds); > > > HttpGet httpMethod = new HttpGet(url); > > > HttpResponse response = client.execute(httpMethod); > > > BasicResponseHandler responseHandler = new BasicResponseHandler(); > > > return responseHandler.handleResponse(response); > > > > > > thank you for help, > > > deepak > > > > > > > > > - > > > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > > > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > > > > > > > - > > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > > > - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: NTLM proxy authentication is failing with McAfee web gateway proxy server
Try using jcifs jar . I had the same issue which got resolved using jcifs jar. On Wed, Feb 6, 2013 at 5:45 PM, Oleg Kalnichevski wrote: > On Wed, 2013-02-06 at 08:29 +0530, Deepak Mishra wrote: > > Had attached the log files but not able to see them on mail thread, so > > attaching the same again. > > thank you, > > deepak > > > > Deepak > > I see nothing wrong on the HTTP level. There must be some kind of > incompatibility at the NTLM protocol level. Please capture both sessions > with Wireshart (it has to be Wireshark), raise a JIRA and attach both > packet dumps to it. Hopefully Karl will be kind enough to take a look. > > Oleg > > > -- Forwarded message -- > > From: Deepak Mishra > > Date: Wed, Feb 6, 2013 at 6:27 AM > > Subject: NTLM proxy authentication is failing with McAfee web gateway > > proxy server > > To: HttpClient User Discussion > > > > > > Hi, > > We are using HttpClient 4.2.3 to communicate to an internet URL > > through a proxy server. Proxy server has NTLM authentication > > integrated with an Active Directory. > > We are able to do NTLM authentication with Ubuntu 12.04 Squid proxy > > server but not able to do NTLM authentication with McAfee webgateway > > proxy server. > > > > I am attaching HttpClient debug log for both the cases. > > Can some one please take a look at the logs and tell me why NTLM > > authentication is failing with McAfee webgateway proxy server. > > > > I am using same code to communicate with both of them. Following is > > the code. > > > > DefaultHttpClientclient = new DefaultHttpClient(); > > HttpHost host = new HttpHost(proxyServer, port); > > client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, host); > > NTCredentials creds = new NTCredentials(userName, > > password, > > InetAddress.getLocalHost().getHostName(), > > domain); > > client.getCredentialsProvider().setCredentials(new AuthScope(host, > > AuthScope.ANY_REALM, AuthPolicy.NTLM), creds); > > HttpGet httpMethod = new HttpGet(url); > > HttpResponse response = client.execute(httpMethod); > > BasicResponseHandler responseHandler = new BasicResponseHandler(); > > return responseHandler.handleResponse(response); > > > > thank you for help, > > deepak > > > > > > - > > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > > > - > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > >
Re: NTLM proxy authentication is failing with McAfee web gateway proxy server
On Wed, 2013-02-06 at 08:29 +0530, Deepak Mishra wrote: > Had attached the log files but not able to see them on mail thread, so > attaching the same again. > thank you, > deepak > Deepak I see nothing wrong on the HTTP level. There must be some kind of incompatibility at the NTLM protocol level. Please capture both sessions with Wireshart (it has to be Wireshark), raise a JIRA and attach both packet dumps to it. Hopefully Karl will be kind enough to take a look. Oleg > -- Forwarded message -- > From: Deepak Mishra > Date: Wed, Feb 6, 2013 at 6:27 AM > Subject: NTLM proxy authentication is failing with McAfee web gateway > proxy server > To: HttpClient User Discussion > > > Hi, > We are using HttpClient 4.2.3 to communicate to an internet URL > through a proxy server. Proxy server has NTLM authentication > integrated with an Active Directory. > We are able to do NTLM authentication with Ubuntu 12.04 Squid proxy > server but not able to do NTLM authentication with McAfee webgateway > proxy server. > > I am attaching HttpClient debug log for both the cases. > Can some one please take a look at the logs and tell me why NTLM > authentication is failing with McAfee webgateway proxy server. > > I am using same code to communicate with both of them. Following is > the code. > > DefaultHttpClientclient = new DefaultHttpClient(); > HttpHost host = new HttpHost(proxyServer, port); > client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, host); > NTCredentials creds = new NTCredentials(userName, > password, > InetAddress.getLocalHost().getHostName(), > domain); > client.getCredentialsProvider().setCredentials(new AuthScope(host, > AuthScope.ANY_REALM, AuthPolicy.NTLM), creds); > HttpGet httpMethod = new HttpGet(url); > HttpResponse response = client.execute(httpMethod); > BasicResponseHandler responseHandler = new BasicResponseHandler(); > return responseHandler.handleResponse(response); > > thank you for help, > deepak > > > - > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org