PHP Classes

NTLM authentication on a Sharepoint server

Recommend this page to a friend!

      Simple Authentication and Security Layer  >  All threads  >  NTLM authentication on a Sharepoint...  >  (Un) Subscribe thread alerts  
Subject:NTLM authentication on a Sharepoint...
Summary:Failure to authenticate
Messages:6
Author:djhorsman
Date:2007-06-20 13:48:48
Update:2009-05-21 08:55:40
 

  1. NTLM authentication on a Sharepoint...   Reply   Report abuse  
Picture of djhorsman djhorsman - 2007-06-20 13:48:48
I'm having a problem with connecting to an URL on a Sharepoint server. The server uses NTLM authentication for all pages. I have taken the code from the test_http.php file and filled in the required credentials.

No matter what I try, I constantly get the "NTLM authentication was finished without success" error. I used ethereal and the base64_decode function to see what headers firefox was sending / receiving to succesfully authenticate. I noticed two obvious differences between the headers of sasl and firefox.
The first being the domain / workstation being sent by sasl in the NTLM type 1 message, but not by firefox.
Second, the encrypted password string in the type 3 message sent by firefox is different every time I re-authenticate, while it remains the same in sasl.

Maybe I'm not using the right credentials? At least thats what IIS returns after the last NTLM message: "Unauthorized: Access is denied due to invalid credentials".

I've tried using these formats (SERVER is the php-server computer name):

user: username
user: username\DOMAIN
user: username\DOMAIN.local
pass: password
realm: DOMAIN
realm: SERVER
workstation: SERVER
workstation: DOMAIN

PHP is running on a windows 2003 server with IIS 6.

I tried to further decrypt / decode the headers sent by firefox, to see what went wrong, but I can't seem to get any further than base64_decode.

Any suggestions as to what I could try?

Thanks in advance.

djhorsman

  2. Re: NTLM authentication on a Sharepoint...   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2007-06-20 21:47:31 - In reply to message 1 from djhorsman
This is a bit hard for me check because I do not have a Web server that requires NTLM authentication.

If you could provide access to that server and an account that I can try, maybe I can figure what is the problem remotely. Just mail me privately in that case.

  3. Could not figure out how to use...   Reply   Report abuse  
Picture of senthilraja senthilraja - 2008-01-07 08:44:47 - In reply to message 2 from Manuel Lemos
Hi,

Thanks for providing ntlm client class.

I went through your code, but could not find out how to use that class in my application.

I referred your pop3 class.. still could not..


  4. Re: NTLM authentication on a Sharepoint...   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2008-01-07 13:57:52 - In reply to message 3 from senthilraja
If you want to authenticate with a POP3 server that requires NTLM authentication, take a look at the test_pop3.php example script and make sure you uncomment the line that say requires('sasl.php'); .

  5. Re: NTLM authentication on a Sharepoint...   Reply   Report abuse  
Picture of John John - 2009-04-22 18:47:41 - In reply to message 4 from Manuel Lemos
Acutally its a bug in the code with HTTP using NTLM.

In the ntlm_sasl_client.php file change this line:

$ntlm_response=$this->NTLMResponse(substr($response,24,8),$this->credentials["password"]);

To

$ntlm_response=$this->NTLMResponse(substr(base64_decode($response),24,8),$this->credentials["password"]);

After hours of debugging trying to get this work work i found that the code was using the base64 encoded value instead of the actual HEX values.

Also if you are still having trouble cURL supports NTLM as well

  6. Re: NTLM authentication on a Sharepoint...   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2009-05-21 08:55:40 - In reply to message 5 from John
I am not sure if it is a bug in the SASL class or in the HTTP class. I need to make time to try a real HTTP server with NTLM support to reproduce the problem.