[jcifs] NTLM/SSL

O'ROURKE, Tom, FM IT tom.orourke at rbos.com
Thu Aug 18 06:57:45 GMT 2005


I am looking for similar issues with HTTPS through a proxy.


-----Original Message-----
From: Michael B Allen [mailto:mba2000 at ioplex.com] 
Sent: 18 August 2005 02:02
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] NTLM/SSL

On Wed, 17 Aug 2005 22:30:52 +0100
"O'ROURKE, Tom, FM IT" <tom.orourke at rbos.com> wrote:

> Thanks for the reply
> We have NTLM authentication on our proxies (global policy), web sites 
> are not NTLM, ie I am trying to get to a plain SSL web site. If I use 
> http it is ok, if I use https I get the below tunnelling error.
> I have the NTLM authentication working to get through the proxies to 
> get to a seired internet site, my trouble is trying to get to an SSL 
> site.

Well I thought this worked. Maybe it only works if both NTLM and SSL are at
the same site as opposed to NTLM on the proxy and SSL on the target.
Although I should think that would work as well.

I think you have to get a packet capture to see what's going on. If you
don't know the NTLM HTTP protocol you can send the capture to me.


> > I have a working HTTP client through our NTLM proxies - this is 
> > fine.
> > However I need to be able to get to an HTTPS site, can I do this ?
> >  
> > I am using version JCIFS.1.2.1
> >  
> > The error I currently get is :
> >  
> > Exception in thread "main" java.io.IOException: Unable to tunnel
> > through proxy. Proxy returns "HTTP/1.0 407 Proxy Authentication 
> > Required"
> This is proxy authentication not SSL. What exact type of proxy 
> authentication is being used? Does the plain HTTP client work through 
> the proxy? Try going to a non-NTLM site through the proxy to test 
> that. I think you might need to provide separate credentials for the 
> proxy and then NTLM credentials for the NTLM site.
> Mike

The Royal Bank of Scotland plc. Registered in Scotland No 90312.       Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.                                      
Authorised and regulated by the Financial Services Authority     
This e-mail message is confidential and for use by the                      
addressee only. If the message is received by anyone other             
than the addressee, please return the message to the sender          
by replying to it and then delete the message from your                    
computer. Internet e-mails are not necessarily secure. The               
Royal Bank of Scotland plc does not accept responsibility for          
changes made to this message after it was sent.                              
Whilst all reasonable care has been taken to avoid the                   
transmission of viruses, it is the responsibility of the recipient to        
ensure that the onward transmission, opening or use of this             
message and any attachments will not adversely affect its               
systems or data.  No responsibility is accepted by The Royal           
Bank of Scotland plc in this regard and the recipient should carry   
out such virus and other checks as it considers appropriate.           
                                                                                                               Visit our websites at:                                                                          

More information about the jcifs mailing list