Hi, Oleg: I tried all cases you mentioned below, and can't get it work. (My login is domain account) I thought I had one time work in this situation, but actually I missed the line client.getHostConfiguration().setProxy(proxyserverIP, 80);
If I commented out either NTLM authentication (use anoynomous) or proxy authentication, authentication is sucessful. I really doubt whether NTLM host can work through proxy environment. Check this site: http://www.squid-cache.org/mail-archive/squid-users/199710/0279.html It mentioned NLTM should not be used on the Internet at large (by way of Microsoft's recommendation). lili -----Original Message----- From: Kalnichevski, Oleg [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 05, 2004 1:04 AM To: Lili Liu Cc: [EMAIL PROTECTED] Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem Lili, There's nothing in the log that could suggest a flaw in HttpClient's authentication logic. Everything appears sane as far as the authentication is concerned. Proxy authentication was successful. The trouble appears to be caused by the NTLM host server which does not seem to accept the credentials. client.getState().setCredentials( null, "10.8.9.22", new NTCredentials("lliu", "xxxxx", "10.8.9.22", "INXIGHT") ); (1) Please double-check the domain name and try using the host name (every NT box must have one) instead of the IP ("10.8.9.22") in the NTCredentials constructor. client.getState().setCredentials( null, "10.8.9.22", new NTCredentials("lliu", "xxxxx", "myhost", "INXIGHT") ); Where 'lliu' is a domain account (2) Is the account you are using a domain account or a local one? This distinction is very important. If it is a local one, you should be using the host name instead of the domain name, even though the server may be a part of the INXIGHT domain client.getState().setCredentials( null, "10.8.9.22", new NTCredentials("lliu", "xxxxx", "myhost", "myhost") Where 'lliu' is a local account on the 'myhost' host Let me know the results Oleg -----Original Message----- From: Lili Liu [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 20:26 To: Kalnichevski, Oleg Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem Hi, Oleg: I am focusing to get basic proxy + NTLM host work. I downloaded the Httpclient package from the link below (May 4). I still got the 401 error. Here is the log.txt and my test program testProxy.java One thing I thought maybe questionable is the first parameter of setProxyCredentials is null in my case since the proxy does not belong to any domain. lili Let me what you find. Thanks a bunch! -----Original Message----- From: Kalnichevski, Oleg [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 2:06 AM To: Commons HttpClient Project Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem Lili, Truth to be told, NTLM proxy + NTLM host authentication has never been properly tested, because none of us (HttpClient developers) has got access to a Microsoft Proxy installation. I would not be surprised if it did not work at all with HttpClient 2.0. I know for a fact that BASIC proxy + NTLM host should work. I have been using Squid proxy to run the tests, though. Anyways, could you please get hold of the latest HttpClient DEVELOPMENT snapshot from the following location and see if it produces the same results? <http://cvs.apache.org/builds/jakarta-commons/nightly/commons-httpclient/> It is much easier for me to troubleshoot the development version of HttpClient because it's authentication code has become much saner. Authentication code has undergone a complete rewrite for the 3.0 release and _should_ be significantly more robust than that of HttpClient 2.0. Once the problem is idenified and fixed, I'll port the changes to the stable HttpClient branch Please note that the development version (which is going to be the version 3.0 when released) is no longer 2.0 API compatible. You may have to make some adjustments to your code. Oleg -----Original Message----- From: Lili Liu [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 0:13 To: '[EMAIL PROTECTED]' Subject: IIS (NTLM) + proxy server (NTLM or basic) problem Hello, I have tried all authentication combinations with IIS web server and microsoft proxy server. I have 401.1 error when both IIS are set up using NTLM and proxy server is Basic or NTLM. The proxy server set up code is as follows: (NTLM case) client.getState().setAuthenticationPreemptive(false); client.getHostConfiguration().setProxy("<proxy IP address>", 80); client.getState().setProxyCredentials(null, "<proxy IP address>", new NTCredentials(proxy-server-username, proxy-server-password, proxy-server-host, proxy-server-domain)); The web server connection is done as follows: client.getState().setAuthenticationPreemptive(false); client.getState().setCredentials( null, "10.8.9.22", new NTCredentials(username, passwd, "10.8.9.22", "INXIGHT"); Other combinations work well (IIS basic + proxy NTLM or proxy basic) IIS NTLM without proxy server also works. Log file is attached. Any help is highly appreciated! lili <<log.txt>> **************************************************************************** *********************** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. **************************************************************************** *********************** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] **************************************************************************** *********************** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. **************************************************************************** *********************** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
