FW: [jcifs] NTLM authentication

Suvendu_Mohapatra Suvendu_mohapatra at satyam.com
Fri Apr 24 02:52:55 GMT 2009

Hello Michael,

        Thank you very much for your suggestion.
As I have mentioned in my last mail that I have downloaded the third party package from http://www.luigidragone.com/networking/ntlm.html
The good thing in the Grinder tool is that if you set the property of authorization module to true, then all the requests will go through your authorization module(since Grinder scripts are written in java, you can integrate the java to it very easily) . The same thing what I have done for the above stated 3rd party package. And it works fine for some requests. But the module is failing when I am trying to send GET requests with multiple url tokens or while I am trying to POST the requests.
It is throwing an error like "Bug in authorization handling: server refused the given info 10 times" which is defined in HTTPClient.AuthorizationModule class file. But this code works fine while I am trying to send requests like GET www.google.co.in.
And believe me I have gone through NTLMAuthorizationHandler.java file where I found all the NTLM handshake process has been done. But I  surprised why my proxy server is throwing such error. I am completely stuck at this point.

I would also like to tell that my proxy server implemented NTLMv1 authorization type. So I will definitely help you in testing your code if you want to implement NTLM authorization for proxy server.

With Regards,

-----Original Message-----
From: Michael B Allen [mailto:ioplex at gmail.com]
Sent: Thursday, April 23, 2009 11:16 PM
To: Suvendu_Mohapatra
Cc: aw at ice-sa.com; jcifs at lists.samba.org
Subject: Re: FW: [jcifs] NTLM authentication

On Thu, Apr 23, 2009 at 12:46 PM, Suvendu_Mohapatra
<Suvendu_mohapatra at satyam.com> wrote:
> I am posting this mail again because my exchange server gave some error during post for first time. If you have received this mail, then kindly ignore this and sorry for spamming your mail box.
> Hi,
>        I am trying to replay back my Grinder script through network proxy authorization type NTLM. But the Grinder tool does not support NTLM authentication. So every time I am getting response code "proxy authorization 407". So I am trying to write a code by using 3rd party package so that Grinder will support NTLM authentication.

It sounds like you want to implement the client side of NTLM proxy
authentication in this tool that you're using.

Proxy authentication is slightly different from authenticating with an
HTTP server directly. I don't have a proxy server that supports NTLM
(although I do need an exemplary one to implement NTLM proxy
authentication elsewhere so if someone knows about NTLM proxies please
let me know) so I cannot comment on the details but I think you
basically just want to use jcifs.smb.client.NtlmContext.initSecContext
with the jcifs.util.Base64 class in a loop to emit and consume tokens
between the client and the proxy server. Once that completes
succcessfully, the original request will go through.

However, you must first understand that NTLM is a multi-request
process and figure out how that will integrate with this tool that
you're using. That is very unclear. You have some research to do
regarding the protocol and the tool. WireShark will be required for


Michael B Allen
Java Active Directory Integration

This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.

More information about the jcifs mailing list