On Wed, 2006-11-01 at 09:39 -0800, Jeff Ling wrote: > Hi Oleg, > > I might give it a try. > > Does it mean I need to use "custom auth scheme"?
All you have to do is to register your custom auth scheme instead of the stock one and HttpClient will automatically pick it up Oleg > > Thanks, > Jeff > > On 11/1/06, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote: > > > > On Wed, 2006-11-01 at 08:51 -0800, Jeff Ling wrote: > > > Hi guys, > > > > > > This is an even strangier problem that I've been struggling with. I am > > using > > > Axis2 to call MS Sharepoint web services. At most customers, it works > > well. > > > However, at this one customer, the authentication just fails with the > > event > > > log message on the web server says: "Unknown user name or bad > > password" Of > > > course, the first possibility was invalid user name/password as the > > error > > > message suggested. But I tried many different variations. And I've > > written a > > > .Net client to try it with the same credential, it works. Of course, it > > > could be using NTLMv2 instead. So I tried another application that only > > > supports NTLMv1 (it's a C++ implementation), and it also works! I also > > > turned on wire trace. I know the host doesn't not enforce NTLMv2. > > > > > > The next thing I did was getting all the Axis2 source code, and then all > > the > > > httpclient souce code down. I put in more trace, and saw the type 1 -> > > type > > > 2 -> type 3 message handshaking. I even printed out the user name, > > password, > > > host, domain, and everything seems correct. But After the type 3 message > > was > > > sent to the server, the server returns 401. The only thing I didn't do > > is to > > > analyze the NTLM messages because I don't know how to validate them! > > > > > > The client is running on the same machine as the web server. The user > > > account is a local account (not a domain account), JDK is 1.4.x,and > > > httpclient is 3.0.1. On the server, it says: > > > > > > Logon Failure: > > > Reason: Unknown user name or bad password > > > User Name: SHAREPOINTADMIN > > > Domain: ITDSPDEV > > > Logon Type: 3 > > > Logon Process: NtLmSsp > > > Authentication Package: NTLM > > > Workstation Name: ITDSPDEV.COJ.NET > > > Caller User Name: - > > > Caller Domain: - > > > Caller Logon ID: - > > > Caller Process ID: - > > > Transited Services: - > > > Source Network Address: 161.243.4.71 > > > Source Port: 2009 > > > > > > > > > Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > > > Logon account: SHAREPOINTADMIN > > > Source Workstation: ITDSPDEV.COJ.NET > > > Error Code: 0xC000006A > > > > > > > > > > > > Any suggestions? What else can I do? > > > > > > Thanks, > > > Jeff > > > > Jeff, > > > > It is plausible that HttpClient's low level NTLM code is simply buggy. > > None of the current HttpClient committers is very knowledgeable about > > NTLM and its inner working. Moreover, none of us seems interested in > > getting more involved with the subject. > > > > Our long term plan is to have our home brewed code replaced with JCIFS, > > the library is being developed and maintained by the Samba project. > > > > The analysis of the problem you gave above suggests you already know > > more about the subject than any of us. If you have enough incentive and > > determination to 'scratch your own itch', you may want to consider > > developing an AuthScheme based on JCIFS. Besides, this would be a major > > and a very welcome contribution to the project. > > > > For more details on the subject please refer to this resource: > > > > http://wiki.apache.org/jakarta-httpclient/FrequentlyAskedNTLMQuestions > > > > Cheers, > > > > Oleg > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
