Hi Lili, Do not give up too soon. I did test BASIC proxy (using Squid stable) + NTLM host authentication and did work. Of course, I cannot rule out that the problem is caused by some 'peculiarities' of Microsoft Proxy implementation.
Please try disabling anonymous access to the host server and see if that makes any difference. Also consider using Squid as a proxy, at least for tests Oleg On Wed, 2004-05-05 at 19:11, Lili Liu wrote: > Hi, Oleg: > > I tried all cases you mentioned below, and can't get it work. (My login is > domain account) > I thought I had one time work in this situation, but actually I missed the > line > client.getHostConfiguration().setProxy(proxyserverIP, 80); > > If I commented out either NTLM authentication (use anoynomous) or proxy > authentication, authentication is sucessful. > > I really doubt whether NTLM host can work through proxy environment. > Check this site: > http://www.squid-cache.org/mail-archive/squid-users/199710/0279.html > It mentioned NLTM should not be used on the Internet at large > (by way of Microsoft's recommendation). > > lili > > > -----Original Message----- > From: Kalnichevski, Oleg [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 05, 2004 1:04 AM > To: Lili Liu > Cc: [EMAIL PROTECTED] > Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem > > > > Lili, > There's nothing in the log that could suggest a flaw in HttpClient's > authentication logic. Everything appears sane as far as the authentication > is concerned. Proxy authentication was successful. The trouble appears to be > caused by the NTLM host server which does not seem to accept the > credentials. > > > client.getState().setCredentials( > null, > "10.8.9.22", > new NTCredentials("lliu", "xxxxx", "10.8.9.22", "INXIGHT") > ); > > (1) Please double-check the domain name and try using the host name (every > NT box must have one) instead of the IP ("10.8.9.22") in the NTCredentials > constructor. > > client.getState().setCredentials( > null, > "10.8.9.22", > new NTCredentials("lliu", "xxxxx", "myhost", "INXIGHT") > ); > > Where 'lliu' is a domain account > > > (2) Is the account you are using a domain account or a local one? This > distinction is very important. If it is a local one, you should be using the > host name instead of the domain name, even though the server may be a part > of the INXIGHT domain > > client.getState().setCredentials( > null, > "10.8.9.22", > new NTCredentials("lliu", "xxxxx", "myhost", "myhost") > > Where 'lliu' is a local account on the 'myhost' host > > Let me know the results > > Oleg > > -----Original Message----- > From: Lili Liu [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 04, 2004 20:26 > To: Kalnichevski, Oleg > Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem > > > Hi, Oleg: > I am focusing to get basic proxy + NTLM host work. > I downloaded the Httpclient package from the link below (May 4). > > I still got the 401 error. > Here is the log.txt and my test program testProxy.java > > One thing I thought maybe questionable is the first parameter of > setProxyCredentials is null in my case since the proxy does not belong to > any domain. > > lili > Let me what you find. > Thanks a bunch! > > > -----Original Message----- > From: Kalnichevski, Oleg [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 04, 2004 2:06 AM > To: Commons HttpClient Project > Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem > > > > Lili, > Truth to be told, NTLM proxy + NTLM host authentication has never been > properly tested, because none of us (HttpClient developers) has got access > to a Microsoft Proxy installation. I would not be surprised if it did not > work at all with HttpClient 2.0. I know for a fact that BASIC proxy + NTLM > host should work. I have been using Squid proxy to run the tests, though. > > > Anyways, could you please get hold of the latest HttpClient DEVELOPMENT > snapshot from the following location and see if it produces the same > results? > > > <http://cvs.apache.org/builds/jakarta-commons/nightly/commons-httpclient/> > > It is much easier for me to troubleshoot the development version of > HttpClient because it's authentication code has become much saner. > Authentication code has undergone a complete rewrite for the 3.0 release and > _should_ be significantly more robust than that of HttpClient 2.0. Once the > problem is idenified and fixed, I'll port the changes to the stable > HttpClient branch > > Please note that the development version (which is going to be the version > 3.0 when released) is no longer 2.0 API compatible. You may have to make > some adjustments to your code. > > > Oleg > > -----Original Message----- > From: Lili Liu [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 04, 2004 0:13 > To: '[EMAIL PROTECTED]' > Subject: IIS (NTLM) + proxy server (NTLM or basic) problem > > > Hello, > > I have tried all authentication combinations with IIS web server and > microsoft proxy server. > I have 401.1 error when both IIS are set up using NTLM and proxy server is > Basic or NTLM. > > The proxy server set up code is as follows: (NTLM case) > > > > > client.getState().setAuthenticationPreemptive(false); > client.getHostConfiguration().setProxy("<proxy IP > address>", 80); > client.getState().setProxyCredentials(null, "<proxy > IP address>", > new NTCredentials(proxy-server-username, > proxy-server-password, proxy-server-host, proxy-server-domain)); > > The web server connection is done as follows: > > > > client.getState().setAuthenticationPreemptive(false); > client.getState().setCredentials( > null, > "10.8.9.22", > new > NTCredentials(username, passwd, "10.8.9.22", "INXIGHT"); > > > Other combinations work well (IIS basic + proxy NTLM or proxy basic) > IIS NTLM without proxy server also works. > > Log file is attached. > > Any help is highly appreciated! > > lili <<log.txt>> > > > > > > > > > **************************************************************************** > *********************** > The information in this email is confidential and may be legally privileged. > Access to this email by anyone other than the intended addressee is > unauthorized. If you are not the intended recipient of this message, any > review, disclosure, copying, distribution, retention, or any action taken or > omitted to be taken in reliance on it is prohibited and may be unlawful. If > you are not the intended recipient, please reply to or forward a copy of > this message to the sender and delete the message, any attachments, and any > copies thereof from your system. > **************************************************************************** > *********************** > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > **************************************************************************** > *********************** > The information in this email is confidential and may be legally privileged. > Access to this email by anyone other than the intended addressee is > unauthorized. If you are not the intended recipient of this message, any > review, disclosure, copying, distribution, retention, or any action taken or > omitted to be taken in reliance on it is prohibited and may be unlawful. If > you are not the intended recipient, please reply to or forward a copy of > this message to the sender and delete the message, any attachments, and any > copies thereof from your system. > **************************************************************************** > *********************** > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
