---- Tony Lewis <[email protected]> wrote: > [email protected] wrote: > > > So, it seems like the problem is that wget may be doing only NTLM? > > The current version of wget only supports NTLM authentication. Specifically, > it sends the following flags to the server: > NEGOTIATE_OEM (0x00000002) > NEGOTIATE_NTLM_KEY (0x00000200) > > > Does anyone know if wget (latest version) is able to support NTLMV2 (vs. > > NTLM)? > > A year ago, I dug into NTLM authentication and rewrote http-ntlm.c so that it > sends (and supports) the following flags: > NEGOTIATE_UNICODE (0x00000001) > NEGOTIATE_OEM (0x00000002) > NEGOTIATE_NTLM_KEY (0x00000200) > NEGOTIATE_NTLM2_KEY (0x00080000) > > My code works with the servers in my work environment. However, I don't have > access to a environment where I can tweak the settings in the Active > Directory Controller and on the ISS machine so I was not able to thoroughly > test wget against the various combinations of settings. Given that, Micah > (who was maintainer at the time) wasn't willing to deploy my changes; a > decision, with which I agree. > > Jim, if you have an environment in which you can facilitate testing with all > the combinations of settings, we can test my code and then submit it to > Giuseppe Scrivano (the current maintainer) for inclusion in a future release. > > By the way, I think we only need to test against all combinations of settings > in a live environment once. If we capture all the exchanges between wget and > the server then we can develop wget tests for all futures testing. > > For anyone who is interested, I have attached my versions of http-ntlm.c and > http-ntlm.h, which were last tested against a development version of 1.12. I > also had to patch http.c because at some point in time the code got reordered > in a way that completely broke NTLM authentication. I know that this code > will need some tweaking; in particular the bit to make TOUPPER work on both > 1.11.4 and 1.12 is no longer needed. > > Tony
Hi, I have multiple environments with both Win2K and Win2K3 ADs and various Win2K and Win2K3 servers as domain members, etc., and I have control of all of them, plus Linux machines of various flavors, so I think I can help a little with that. I can put sniffers, etc. on as needed also. It would be a good "learning" opportunity for me also :)... The caveats that I'd have are that you would need to provide the test cases that you want covered (e.g., what settings in GPOs, Local Policy, etc.), and, also, I recently had some surgery, so, personally some limitations on my "sitting" time. FYI, I'm on the East coast (near DC). Jim
