FW: [jcifs] NTLM authentication

Giampaolo Tomassoni Giampaolo at Tomassoni.biz
Fri Apr 24 12:25:36 GMT 2009


> -----Original Message-----
> From: Michael B Allen
> Sent: Thursday, April 23, 2009 10:37 PM
> 
> ...omissis...
>
> In particular I'm curious as to what Microsoft's
> proxy software is. I've tried to search around on their website but I
> just don't know enough about it to get a toe hold. Then again I
> haven't spent much time on it.

Hi Michael,

the MS Proxy was a server package which was meant to do what is supposed a
proxy does, plus the NTLM transparent authentication. As usual in many proxy
servers, it allowed to establish user and group policies and rules in
accessing outside web resources through it.

You were unsuccessful in finding more docs about it because it is an old
product: you wouldn't get a copy even signing a MAPS agreement with MS, in
example. To my knowledge, the version of the latest MS Proxy package is 2.0.
I installed it once not early than five years ago.

Its "silent" withdrawal by MS is probably due to the fact that it had a very
limited market impact from its very first release: most of the companies
which could afford buying it had already move to xDSL lines dropping the old
ISDN and POTS ones in order to connect to Internet, thereby reducing the
appeal of MS Proxy. Also, the other benefits the MS Proxy could give (access
control, logging, security) where interesting only for middle to big
organizations, and they could however rely in other similar (open source)
products (read: squid) which were also more powerful (squid, in example, can
be plugged to an AV in order to block viruses and the like). Finally, squid
implemented NTLM authentication well before the MS Proxy 2.0 version,
eventually removing the last remaining "plus" of MS Proxy.

Giampaolo


> 
> Thanks tho.
> 
> Mike
> 
> > -----Original Message-----
> > From: jcifs-bounces+pclapham=core-mark.com at lists.samba.org
> [mailto:jcifs-bounces+pclapham=core-mark.com at lists.samba.org] On Behalf
> Of Michael B Allen
> > Sent: April 23, 2009 10:46
> > To: Suvendu_Mohapatra
> > Cc: jcifs at lists.samba.org
> > Subject: Re: FW: [jcifs] NTLM authentication
> >
> > On Thu, Apr 23, 2009 at 12:46 PM, Suvendu_Mohapatra
> <Suvendu_mohapatra at satyam.com> wrote:
> >> I am posting this mail again because my exchange server gave some
> error during post for first time. If you have received this mail, then
> kindly ignore this and sorry for spamming your mail box.
> >>
> >> Hi,
> >>
> >>        I am trying to replay back my Grinder script through network
> proxy authorization type NTLM. But the Grinder tool does not support
> NTLM authentication. So every time I am getting response code "proxy
> authorization 407". So I am trying to write a code by using 3rd party
> package so that Grinder will support NTLM authentication.
> >
> > It sounds like you want to implement the client side of NTLM proxy
> authentication in this tool that you're using.
> >
> > Proxy authentication is slightly different from authenticating with
> an HTTP server directly. I don't have a proxy server that supports NTLM
> (although I do need an exemplary one to implement NTLM proxy
> authentication elsewhere so if someone knows about NTLM proxies please
> let me know) so I cannot comment on the details but I think you
> basically just want to use jcifs.smb.client.NtlmContext.initSecContext
> > with the jcifs.util.Base64 class in a loop to emit and consume tokens
> between the client and the proxy server. Once that completes
> succcessfully, the original request will go through.
> >
> > However, you must first understand that NTLM is a multi-request
> process and figure out how that will integrate with this tool that
> you're using. That is very unclear. You have some research to do
> regarding the protocol and the tool. WireShark will be required for
> that.
> >
> > Mike
> >
> > --
> > Michael B Allen
> > Java Active Directory Integration
> > http://www.ioplex.com/
> >
> 
> 
> 
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/



More information about the jcifs mailing list