Hi Sebb, This is good news, last time we discussed this topic we agreed that NTLM v2 is not supported by HC: http://mail-archives.apache.org/mod_mbox/jmeter-user/201204.mbox/%3CCAOGo0VZnv3=q_w0mtgyuoghsfvjbw6+8tpwf+8bxvyyegdx...@mail.gmail.com%3E
I think that in the link you provided they say that this is only somewhat supported with HC4.1 and later, but we only have HC4.0 on JMeter (or the name HTTPClient4 is misleading). Anyhow this is good direction as I found NTLM not being supported in JMeter as one of the key factors of Enterprises not tending to welcome JMeter (as NTLM authentication is very popular in intranet applications). SCOTT - I have no suggestion for you. Shmuel Krakower. Beatsoo.org - re-use your jmeter scripts for application performance monitoring from worldwide locations for free. On Tue, Nov 13, 2012 at 10:51 PM, sebb <[email protected]> wrote: > On 13 November 2012 20:42, Shmuel Krakower <[email protected]> wrote: > > How did you figure that HC is choosing Kerberos? > > Anyway - NTLM v2 is not supported by JMeter and NTLM v1 is too old for > > being used in Sharepoint2010. > > HttpClient 4.x does support NTLMv2 [1], but the implementation is not > guaranteed to work with all providers. > > [1] http://hc.apache.org/httpcomponents-client-ga/ntlm.html > > > Sorry to ruin the party, but you cannot use JMeter for load testing a > NTLM > > v2 based application. > > You may only use anonymous users or switch to another authentication > method > > on the servers. > > > > Shmuel Krakower. > > Beatsoo.org - re-use your jmeter scripts for application performance > > monitoring from worldwide locations for free. > > > > > > > > On Tue, Nov 13, 2012 at 10:32 PM, HUSSEY, SCOTT T <[email protected]> > wrote: > > > >> As a followup, I did sort out the logging configuration and it does look > >> like HTTP Client is choosing Kerberos over NTLM even though Jmeter > doesn't > >> support it. Is this intended? > >> > >> 2012/11/13 12:17:56 DEBUG - > >> org.apache.http.impl.client.DefaultTargetAuthenticationHandler: > >> Authentication schemes in the order of preference: [negotiate, NTLM, > >> Digest, Basic] > >> 2012/11/13 12:17:56 DEBUG - > >> org.apache.http.impl.client.DefaultTargetAuthenticationHandler: > negotiate > >> authentication scheme selected > >> 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.auth.NegotiateScheme: > >> Received challenge '' from the auth server > >> 2012/11/13 12:17:56 DEBUG - > >> org.apache.http.client.protocol.RequestAddCookies: CookieSpec selected: > >> ignoreCookies > >> 2012/11/13 12:17:56 DEBUG - > >> org.apache.http.client.protocol.RequestAuthCache: Auth cache not set in > the > >> context > >> 2012/11/13 12:17:56 DEBUG - org.apache.http.impl.auth.NegotiateScheme: > >> init <hostname> > >> 2012/11/13 12:17:56 ERROR - > >> org.apache.http.client.protocol.RequestTargetAuthentication: > Authentication > >> error: Invalid name provided (Mechanism level: Cannot locate default > realm) > >> > >> -----Original Message----- > >> From: HUSSEY, SCOTT T > >> Sent: Tuesday, November 13, 2012 10:41 AM > >> To: '[email protected]' > >> Subject: HttpClient4 Selecting Authentication Method > >> > >> All, > >> I'm trying to test a SharePoint 2010 site (Jmeter 2.7, JRE 1.6, > Windows > >> Server 2008). This site is configured to use Kerberos authentication, > but > >> fall back to NTLM if needed. > >> > >> 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: << > "WWW-Authenticate: > >> Negotiate[\r][\n]" > >> 2012/11/13 08:19:10 DEBUG - httpclient.wire.header: << > "WWW-Authenticate: > >> NTLM[\r][\n]" > >> > >> When I use HTTPClient 3.1 and enable trace, I see it selects NTLM but > >> fails authentication because the site is using NTLM v2. When I switch to > >> HTTPClient4 I only get the below error. I cannot figure out a way to > enable > >> more verbose output and do not know if this error is from HTTPClient4 > >> attempting to use Kerberos (which it supports but Jmeter doesn't) or if > it > >> is from an NTLM issue. I'm leaning to the first issue of HTTPClient > >> attempting to use Kerberos because a similar site setup as only NTLM > works > >> fine w/ HTTPClient4. I do have an HTTP Authorization Manager in scope > with > >> the domain and user account entered. > >> > >> 2012/11/13 08:06:02 ERROR - > >> org.apache.http.client.protocol.RequestTargetAuthentication: > Authentication > >> error: Invalid name provided (Mechanism level: Cannot locate default > realm) > >> > >> As a test, is there a way I can rewrite the server headers to remove " > >> WWW-Authenticate: Negotiate" before HTTPClient responds? > >> > >> Thank you for your time. > >> > >> Scott > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: [email protected] > >> > >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
