|
|
 djhorsman - 2007-06-20 13:48:48 I'm having a problem with connecting to an URL on a Sharepoint server. The server uses NTLM authentication for all pages. I have taken the code from the test_http.php file and filled in the required credentials.
No matter what I try, I constantly get the "NTLM authentication was finished without success" error. I used ethereal and the base64_decode function to see what headers firefox was sending / receiving to succesfully authenticate. I noticed two obvious differences between the headers of sasl and firefox.
The first being the domain / workstation being sent by sasl in the NTLM type 1 message, but not by firefox.
Second, the encrypted password string in the type 3 message sent by firefox is different every time I re-authenticate, while it remains the same in sasl.
Maybe I'm not using the right credentials? At least thats what IIS returns after the last NTLM message: "Unauthorized: Access is denied due to invalid credentials".
I've tried using these formats (SERVER is the php-server computer name):
user: username
user: username\DOMAIN
user: username\DOMAIN.local
pass: password
realm: DOMAIN
realm: SERVER
workstation: SERVER
workstation: DOMAIN
PHP is running on a windows 2003 server with IIS 6.
I tried to further decrypt / decode the headers sent by firefox, to see what went wrong, but I can't seem to get any further than base64_decode.
Any suggestions as to what I could try?
Thanks in advance.
djhorsman
 Manuel Lemos - 2007-06-20 21:47:31 - In reply to message 1 from djhorsmanThis is a bit hard for me check because I do not have a Web server that requires NTLM authentication.
If you could provide access to that server and an account that I can try, maybe I can figure what is the problem remotely. Just mail me privately in that case.
senthilraja - 2008-01-07 08:44:47 - In reply to message 2 from Manuel LemosHi,
Thanks for providing ntlm client class.
I went through your code, but could not find out how to use that class in my application.
I referred your pop3 class.. still could not..
Manuel Lemos - 2008-01-07 13:57:52 - In reply to message 3 from senthilrajaIf you want to authenticate with a POP3 server that requires NTLM authentication, take a look at the test_pop3.php example script and make sure you uncomment the line that say requires('sasl.php'); .
John - 2009-04-22 18:47:41 - In reply to message 4 from Manuel LemosAcutally its a bug in the code with HTTP using NTLM.
In the ntlm_sasl_client.php file change this line:
$ntlm_response=$this->NTLMResponse(substr($response,24,8),$this->credentials["password"]);
To
$ntlm_response=$this->NTLMResponse(substr(base64_decode($response),24,8),$this->credentials["password"]);
After hours of debugging trying to get this work work i found that the code was using the base64 encoded value instead of the actual HEX values.
Also if you are still having trouble cURL supports NTLM as well
Manuel Lemos - 2009-05-21 08:55:40 - In reply to message 5 from JohnI am not sure if it is a bug in the SASL class or in the HTTP class. I need to make time to try a real HTTP server with NTLM support to reproduce the problem.
|
