[stunnel-users] Issue with NTLM authorisation

• Next message (by thread): [stunnel-users] dhparam and others
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Try to split your config username and domain.

protocolDomain = vmj.com
protocolUsername = user1




On Thu, Feb 28, 2019 at 7:44 PM Vijay Raghavan P <vijairagav210 at gmail.com>
wrote:

>
>
> Hi,
> I have to create tunnel between server and client. Client have proxy
> configured in between.
> So i use below in /etc/stunnel/stunnel.config. User name and password is
> correct
>
> pid = /var/run/stunnel.pid
>
> cert = /home/client.crt
>
> key = /home/client.key
>
> options = NO_SSLv2
>
> debug = 7
>
> output = /var/log/stunnel4/stunnel.log
>
> client = yes
>
> CAfile=/home/**chain.pem
>
> verify=2
>
> [test]
>
> protocol = connect
>
> accept = 127.0.0.1:10000
>
> protocolHost = host.vmj.com:443
>
> connect = <PROXYIP>:<PROXY port>
>
> protocolUsername = vmj.com\user1
>
> protocolPassword = VMJTEST!123
>
> protocolAuthentication = NTLM
>
>
> In stunnel.log, i can see below error
>
>
> 2019.02.28 18:36:50 LOG6[2103:140737354032896]: Client-mode connect
> protocol negotiations started
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> CONNECT
> host.vmj.com:443 HTTP/1.1
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Host: host.vmj.com:443
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Proxy-Connection:
> keep-alive
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Proxy-Authorization:
> NTLM TlRMTVNTUAABAAAAAgIAAA==
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  ->
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- HTTP/1.1 407 Proxy
> Authentication Required
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Server: squid/3.3.8
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Mime-Version: 1.0
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Date: Thu, 28 Feb
> 2019 18:36:33 GMT
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Type:
> text/html
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Length: 3285
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Squid-Error:
> ERR_CACHE_ACCESS_DENIED 0
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Vary: Accept-Language
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Language: en
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Proxy-Authenticate:
> NTLM
> TlRMTVNTUAACAAAAAAAAADgAAAACAgACueAMGSlaSZ0AAAAAAAAAAAAAAAA4AAAABgEAAAAAAA8=
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Cache: MISS from
> squidproxy.vmj.com
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Cache-Lookup: NONE
> from squidproxy.vmj.com:3128
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Via: 1.1
> squidproxy.vmj.com (squid/3.3.8)
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Connection: keep-alive
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <-
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> CONNECT
> host.vmj.com:443 HTTP/1.1
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Host: host.vmj.com:443
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Proxy-Authorization:
> NTLM
> TlRMTVNTUAADAAAAAAAAAGcAAAAYABgAQAAAAAAAAABnAAAADwAPAFgAAAAAAAAAZwAAAAAAAABnAAAAAgIAAAGbqH5v5ML8msrfm3R1yDBsS+ai3ldihnZybmkuY29tXGJoYXJ0aQ==
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  ->
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- HTTP/1.1 407 Proxy
> Authentication Required
>
> 2019.02.28 18:36:50 LOG3[2103:140737354032896]: CONNECT request rejected
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Server: squid/3.3.8
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Mime-Version: 1.0
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Date: Thu, 28 Feb
> 2019 18:36:33 GMT
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Type:
> text/html
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Length: 3363
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Squid-Error:
> ERR_CACHE_ACCESS_DENIED 0
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Vary: Accept-Language
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Language: en
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Proxy-Authenticate:
> NTLM
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Cache: MISS from
> squidproxy.vmj.com
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Cache-Lookup: NONE
> from squidproxy.vmj.com:3128
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Via: 1.1
> squidproxy.vmj.com (squid/3.3.8)
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Connection: keep-alive
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <-
>
> 2019.02.28 18:36:50 LOG5[2103:140737354032896]: Connection reset: 0
> byte(s) sent to SSL, 0 byte(s) sent to socket
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]: Remote socket (FD=14)
> closed
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]: Local socket (FD=3) closed
>
> 2019.02.28 18:36:50 LOG7[2103:140737354032896]: Service [test] finished (0
> left)
>
>
>
> If i try with basic authentication it works fine.
>
> Its urgent , can some one help me out.
>
>
> Thanks,
>
> Vj
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190301/942f7851/attachment-0001.html>

• Next message (by thread): [stunnel-users] dhparam and others
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]