[
https://issues.apache.org/jira/browse/HTTPCLIENT-1315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13568971#comment-13568971
]
Karl Wright commented on HTTPCLIENT-1315:
-----------------------------------------
I'll try to reproduce what you are seeing here, and see if there are any flag
issues I can identify. FWIW, the earliest I can do this would be Sunday
evening (2/3). If you were so inclined, you could speed things along by
getting Wireshark or tcpdump packet captures of 2 NTLM sessions: the first
session being a browser interaction that logs in successfully, where the
browser is NOT running on a machine that is on the domain, and the second
session being when you try to connect using HttpClient with the same
credentials. If you decide to go ahead and get these, please attach both of
them to this ticket in a well-labeled manner, so I can inspect them at my
leisure.
> NTLM or digest authentication using a local user on a domain host doesn't work
> ------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1315
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1315
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.3
> Environment: using httpclient to connect to a Windows Server 2008 R2
> standard host running IIS 7.5
> Reporter: Mihai David
> Priority: Minor
> Labels: NTLM, authentication, digest, domain, workgroup
> Attachments: digestlog.txt
>
>
> The default AuthScheme cannot authenticate local users if the host is
> included in a domain. Authetication with domain users or local users if the
> host is in a workgroup works fine.
> If using ntlm or digest authentication:
> - Authentication with a domain user works fine
> - Authentication with a local user if the host is in a workgroup works fine
> - Authentication with a local user (e.g. Administrator) if the host is in a
> domain returns 401 - Unauthorized. (Note: this works with JCIFS
> implementation)
> To reproduce:
> //using local user returns "401 - Unauthorized" if the host is part of a
> domain
> NTCredentials creds = new NTCredentials("Administrator", "password",
> "myworkstation", "HOSTNAME");
> //domain user works fine:
> //NTCredentials creds = new NTCredentials("USERNAME", "password",
> "myworkstation", "DOMAIN");
> DefaultHttpClient httpclient = new DefaultHttpClient();
> httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
> HttpHost target = new HttpHost("xx.xx.xx.xx", 81, "http");
> HttpContext localContext = new BasicHttpContext();
> HttpGet httpget = new HttpGet("/Orchestrator2012/Orchestrator.svc/Jobs");
> List<String> authpref = new ArrayList<String>();
> authpref.add(AuthPolicy.NTLM);
> httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF, authpref);
> HttpResponse response1 = httpclient.execute(target, httpget, localContext);
> HttpEntity entity1 = response1.getEntity();
> The code works if I use jcifs-1.3.17 to create an NTLMEngine like in the
> example: http://hc.apache.org/httpcomponents-client-ga/ntlm.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
