On Wed, 2004-05-05 at 21:58, Lili Liu wrote: > Hi, Oleg: > Anonymous was disabled (only NTLM is enabled). > Our customer requires Microsoft proxy server and IIS.
I hope they know what they are doing > lili > > Our proxy server is using IIS 3.0, maybe that is too old. If upgrade is an option, give it a shot. I tested HttpClient against IIS 4.x only Oleg > > -----Original Message----- > From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 05, 2004 11:36 AM > To: Commons HttpClient Project > Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem > > > Hi Lili, > > Do not give up too soon. I did test BASIC proxy (using Squid stable) + > NTLM host authentication and did work. Of course, I cannot rule out that > the problem is caused by some 'peculiarities' of Microsoft Proxy > implementation. > > Please try disabling anonymous access to the host server and see if that > makes any difference. > > Also consider using Squid as a proxy, at least for tests > > Oleg > > On Wed, 2004-05-05 at 19:11, Lili Liu wrote: > > Hi, Oleg: > > > > I tried all cases you mentioned below, and can't get it work. (My login is > > domain account) > > I thought I had one time work in this situation, but actually I missed the > > line > > client.getHostConfiguration().setProxy(proxyserverIP, 80); > > > > If I commented out either NTLM authentication (use anoynomous) or proxy > > authentication, authentication is sucessful. > > > > I really doubt whether NTLM host can work through proxy environment. > > Check this site: > > http://www.squid-cache.org/mail-archive/squid-users/199710/0279.html > > It mentioned NLTM should not be used on the Internet at large > > (by way of Microsoft's recommendation). > > > > lili > > > > > > -----Original Message----- > > From: Kalnichevski, Oleg [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, May 05, 2004 1:04 AM > > To: Lili Liu > > Cc: [EMAIL PROTECTED] > > Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem > > > > > > > > Lili, > > There's nothing in the log that could suggest a flaw in HttpClient's > > authentication logic. Everything appears sane as far as the authentication > > is concerned. Proxy authentication was successful. The trouble appears to > be > > caused by the NTLM host server which does not seem to accept the > > credentials. > > > > > > client.getState().setCredentials( > > null, > > "10.8.9.22", > > new NTCredentials("lliu", "xxxxx", "10.8.9.22", "INXIGHT") > > ); > > > > (1) Please double-check the domain name and try using the host name (every > > NT box must have one) instead of the IP ("10.8.9.22") in the NTCredentials > > constructor. > > > > client.getState().setCredentials( > > null, > > "10.8.9.22", > > new NTCredentials("lliu", "xxxxx", "myhost", "INXIGHT") > > ); > > > > Where 'lliu' is a domain account > > > > > > (2) Is the account you are using a domain account or a local one? This > > distinction is very important. If it is a local one, you should be using > the > > host name instead of the domain name, even though the server may be a part > > of the INXIGHT domain > > > > client.getState().setCredentials( > > null, > > "10.8.9.22", > > new NTCredentials("lliu", "xxxxx", "myhost", "myhost") > > > > Where 'lliu' is a local account on the 'myhost' host > > > > Let me know the results > > > > Oleg > > > > -----Original Message----- > > From: Lili Liu [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, May 04, 2004 20:26 > > To: Kalnichevski, Oleg > > Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem > > > > > > Hi, Oleg: > > I am focusing to get basic proxy + NTLM host work. > > I downloaded the Httpclient package from the link below (May 4). > > > > I still got the 401 error. > > Here is the log.txt and my test program testProxy.java > > > > One thing I thought maybe questionable is the first parameter of > > setProxyCredentials is null in my case since the proxy does not belong to > > any domain. > > > > lili > > Let me what you find. > > Thanks a bunch! > > > > > > -----Original Message----- > > From: Kalnichevski, Oleg [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, May 04, 2004 2:06 AM > > To: Commons HttpClient Project > > Subject: RE: IIS (NTLM) + proxy server (NTLM or basic) problem > > > > > > > > Lili, > > Truth to be told, NTLM proxy + NTLM host authentication has never been > > properly tested, because none of us (HttpClient developers) has got access > > to a Microsoft Proxy installation. I would not be surprised if it did not > > work at all with HttpClient 2.0. I know for a fact that BASIC proxy + NTLM > > host should work. I have been using Squid proxy to run the tests, though. > > > > > > Anyways, could you please get hold of the latest HttpClient DEVELOPMENT > > snapshot from the following location and see if it produces the same > > results? > > > > > > <http://cvs.apache.org/builds/jakarta-commons/nightly/commons-httpclient/> > > > > It is much easier for me to troubleshoot the development version of > > HttpClient because it's authentication code has become much saner. > > Authentication code has undergone a complete rewrite for the 3.0 release > and > > _should_ be significantly more robust than that of HttpClient 2.0. Once > the > > problem is idenified and fixed, I'll port the changes to the stable > > HttpClient branch > > > > Please note that the development version (which is going to be the version > > 3.0 when released) is no longer 2.0 API compatible. You may have to make > > some adjustments to your code. > > > > > > Oleg > > > > -----Original Message----- > > From: Lili Liu [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, May 04, 2004 0:13 > > To: '[EMAIL PROTECTED]' > > Subject: IIS (NTLM) + proxy server (NTLM or basic) problem > > > > > > Hello, > > > > I have tried all authentication combinations with IIS web server and > > microsoft proxy server. > > I have 401.1 error when both IIS are set up using NTLM and proxy server is > > Basic or NTLM. > > > > The proxy server set up code is as follows: (NTLM case) > > > > > > > > > > client.getState().setAuthenticationPreemptive(false); > > client.getHostConfiguration().setProxy("<proxy IP > > address>", 80); > > client.getState().setProxyCredentials(null, "<proxy > > IP address>", > > new NTCredentials(proxy-server-username, > > proxy-server-password, proxy-server-host, proxy-server-domain)); > > > > The web server connection is done as follows: > > > > > > > > client.getState().setAuthenticationPreemptive(false); > > client.getState().setCredentials( > > null, > > "10.8.9.22", > > new > > NTCredentials(username, passwd, "10.8.9.22", "INXIGHT"); > > > > > > Other combinations work well (IIS basic + proxy NTLM or proxy basic) > > IIS NTLM without proxy server also works. > > > > Log file is attached. > > > > Any help is highly appreciated! > > > > lili <<log.txt>> > > > > > > > > > > > > > > > > > > > **************************************************************************** > > *********************** > > The information in this email is confidential and may be legally > privileged. > > Access to this email by anyone other than the intended addressee is > > unauthorized. If you are not the intended recipient of this message, any > > review, disclosure, copying, distribution, retention, or any action taken > or > > omitted to be taken in reliance on it is prohibited and may be unlawful. > If > > you are not the intended recipient, please reply to or forward a copy of > > this message to the sender and delete the message, any attachments, and > any > > copies thereof from your system. > > > **************************************************************************** > > *********************** > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > **************************************************************************** > > *********************** > > The information in this email is confidential and may be legally > privileged. > > Access to this email by anyone other than the intended addressee is > > unauthorized. If you are not the intended recipient of this message, any > > review, disclosure, copying, distribution, retention, or any action taken > or > > omitted to be taken in reliance on it is prohibited and may be unlawful. > If > > you are not the intended recipient, please reply to or forward a copy of > > this message to the sender and delete the message, any attachments, and > any > > copies thereof from your system. > > > **************************************************************************** > > *********************** > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
