[stunnel-users] Can't get NTLM authentication to work with proxy connect.

• Next message (by thread): [stunnel-users] GPL patches
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi there,

My stunnel client is on an Active Directory-authenticated XP workstation,
which needs to connect via a web proxy that authenticates using NTLM.

I populated my login details in protocolUsername and protocolPassword, but
the connection just dies when it reaches the proxy server. Looking at the
log, I get the following:-

2009.04.01 08:20:39 LOG6[2140:2892]: SSL connected: new session negotiated
2009.04.01 08:20:39 LOG6[2140:2892]: Negotiated ciphers: AES256-SHA SSLv3
Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2009.04.01 15:34:09 LOG7[2140:2708]: ssh3 accepted FD=356 from
127.0.0.1:1026
2009.04.01 15:34:09 LOG7[2140:2708]: Creating a new thread
2009.04.01 15:34:09 LOG7[2140:2708]: New thread created
2009.04.01 15:34:09 LOG7[2140:3896]: ssh3 started
2009.04.01 15:34:09 LOG7[2140:3896]: FD 356 in non-blocking mode
2009.04.01 15:34:09 LOG7[2140:3896]: TCP_NODELAY option set on local socket
2009.04.01 15:34:09 LOG5[2140:3896]: ssh3 accepted connection from
127.0.0.1:1026
2009.04.01 15:34:09 LOG7[2140:3896]: FD 472 in non-blocking mode
2009.04.01 15:34:09 LOG7[2140:3896]: ssh3 connecting 129.32.20.14:8080
2009.04.01 15:34:09 LOG7[2140:3896]: connect_wait: waiting 10 seconds
2009.04.01 15:34:09 LOG7[2140:3896]: connect_wait: connected
2009.04.01 15:34:09 LOG5[2140:3896]: ssh3 connected remote server from
130.32.82.203:1027
2009.04.01 15:34:09 LOG7[2140:3896]: Remote FD=472 initialized
2009.04.01 15:34:09 LOG7[2140:3896]: TCP_NODELAY option set on remote socket
2009.04.01 15:34:09 LOG5[2140:3896]: Negotiations for connect (client side)
started
2009.04.01 15:34:09 LOG7[2140:3896]:  -> CONNECT xxxx.ath.cx:443 HTTP/1.1
2009.04.01 15:34:09 LOG7[2140:3896]:  -> Host: xxxx.ath.cx:443
2009.04.01 15:34:09 LOG7[2140:3896]:  -> Proxy-Connection: keep-alive
2009.04.01 15:34:09 LOG7[2140:3896]:  -> Proxy-Authorization: NTLM
TlRMTVNTUAABAAAAAgIAAA==
2009.04.01 15:34:09 LOG7[2140:3896]:  ->
2009.04.01 15:34:09 LOG3[2140:3896]: Unexpected socket close (fdgetline)
2009.04.01 15:34:09 LOG5[2140:3896]: Connection reset: 0 bytes sent to SSL,
0 bytes sent to socket
2009.04.01 15:34:09 LOG7[2140:3896]: ssh3 finished (1 left)

If I decode the NTLM auth string, I only get the NTLMSSP header, which seems
to be incomplete. If I recall correctly the domain and workstation info
should be passed on as well.

So question is, how do I get this to work? Is there any specific format that
I need to use when using the protocol* settings for NTLM?

Thanks and regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20090401/06d17d79/attachment.html>

• Next message (by thread): [stunnel-users] GPL patches
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]