On Fri, 2014-05-30 at 01:13 -0700, [email protected] wrote: > curl_easy_setopt(curl_handle,CURL_PROXYAUTH,CURLAUTH_NTLM | CURLAUTH_NTLM_WB > | CURLAUTH_GSSNEGOTIATE); > curl_easy_setopt(curl_handle,CURL_PROXYUSERPWD,":"); > curl_easy_perform(curl_handle) ; ... > Is there a known problem in curl for running this way in linux ?
I've just sent patches which fix two problems that were preventing this from working for you. As Michael correctly pointed out, you *did* need to supply a username, since the ntlm_auth helper tool doesn't infer it automatically. That's because the ntlm_auth helper was really designed for *server* authentication, and client support was added as an afterthought. So it expects to be *told* the username. And modern NTLM responses will also be too large for the buffer that curl was using to receive them; I've fixed that too. However, there's a third problem — you need to drop CURLAUTH_NTLM from your auth options. Otherwise it'll try 'native' NTLM using that empty username and password (doh!) before trying the automatic NTLM authentication via winbind. Which is a bit stupid, admittedly, but I'm not quite sure what the best fix is. Should we patch http.c to always try ntlm_wb *before* ntlm auth? Or patch the native NTLM auth method to bail out if the username and password are empty? Or both? -- David Woodhouse Open Source Technology Centre [email protected] Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
