FW: [jcifs] NTLM authentication

Clapham, Paul pclapham at core-mark.com
Thu Apr 23 19:16:49 GMT 2009

Sorry, I sent this link to Suvendu only instead of the list last time.


It's written in Python but I expect it shouldn't be hard to figure out the NTLM part.


-----Original Message-----
From: jcifs-bounces+pclapham=core-mark.com at lists.samba.org [mailto:jcifs-bounces+pclapham=core-mark.com at lists.samba.org] On Behalf Of Michael B Allen
Sent: April 23, 2009 10:46
To: Suvendu_Mohapatra
Cc: jcifs at lists.samba.org
Subject: Re: FW: [jcifs] NTLM authentication

On Thu, Apr 23, 2009 at 12:46 PM, Suvendu_Mohapatra <Suvendu_mohapatra at satyam.com> wrote:
> I am posting this mail again because my exchange server gave some error during post for first time. If you have received this mail, then kindly ignore this and sorry for spamming your mail box.
> Hi,
>        I am trying to replay back my Grinder script through network proxy authorization type NTLM. But the Grinder tool does not support NTLM authentication. So every time I am getting response code "proxy authorization 407". So I am trying to write a code by using 3rd party package so that Grinder will support NTLM authentication.

It sounds like you want to implement the client side of NTLM proxy authentication in this tool that you're using.

Proxy authentication is slightly different from authenticating with an HTTP server directly. I don't have a proxy server that supports NTLM (although I do need an exemplary one to implement NTLM proxy authentication elsewhere so if someone knows about NTLM proxies please let me know) so I cannot comment on the details but I think you basically just want to use jcifs.smb.client.NtlmContext.initSecContext
with the jcifs.util.Base64 class in a loop to emit and consume tokens between the client and the proxy server. Once that completes succcessfully, the original request will go through.

However, you must first understand that NTLM is a multi-request process and figure out how that will integrate with this tool that you're using. That is very unclear. You have some research to do regarding the protocol and the tool. WireShark will be required for that.


Michael B Allen
Java Active Directory Integration

More information about the jcifs mailing list