Mark Carbonaro - 2006-08-07 01:11:25
Hi,
I am trying to use the HTTP classes to authentication via NTLM to a Windows 2000 Server (specifically to Exchange via webdav), everything works when I use clear text auth, but the default in Exchange is to only have NTLM enabled in IIS, so now that it all works I removed the clear text auth option and now I get the old "Error: Could not process the SASL authentication step: NTLM authentication was finished without success" error.
Using Firefox everything works fine and I am authenticated, although the NTLM flags are different between what Firefox uses and what PHP class uses, in particular Firefox used NTLMv2 while the PHP class doesn't.
Any advice would be fantastic, if you need any more information please let me know. Thanks.
The whole ntlm auth seems to go fine, but it just fails, here is an the debug output I based this on the test_http.php example.
# Opening connection to:
windows.carbs.au
Connecting to windows.carbs.au
Resolving HTTP server domain "windows.carbs.au"...
Connecting to HTTP server IP 172.25.0.40...
Connected to windows.carbs.au
C SEARCH /exadmin/admin/CARBS.AU/MBX/Administrator/NON_IPM_SUBTREE HTTP/1.1
C Host: windows.carbs.au
C Content-Type: text/xml; charset="utf-8"
C Depth: 0
C Translate: f
C
# Request:
SEARCH /exadmin/admin/CARBS.AU/MBX/Administrator/NON_IPM_SUBTREE HTTP/1.1
# Request headers:
Host: windows.carbs.au
Content-Type: text/xml; charset="utf-8"
Depth: 0
Translate: f
# Request body:
S HTTP/1.1 401 Access Denied
S Server: Microsoft-IIS/5.0
S Date: Mon, 07 Aug 2006 01:02:29 GMT
S WWW-Authenticate: Negotiate
S WWW-Authenticate: NTLM
S Connection: close
S Content-Length: 24
S Content-Type: text/html
S
S Error: Access is Denied.
Disconnected from windows.carbs.au
Connecting to windows.carbs.au
Resolving HTTP server domain "windows.carbs.au"...
Connecting to HTTP server IP 172.25.0.40...
Connected to windows.carbs.au
C SEARCH /exadmin/admin/CARBS.AU/MBX/Administrator/NON_IPM_SUBTREE HTTP/1.1
C Host: windows.carbs.au
C Content-Type: text/xml; charset="utf-8"
C Depth: 0
C Translate: f
C Authorization: NTLM TlRMTVNTUAABAAAABzIAAAcABwApAAAACQAJACAAAABQSFBTQ1JJUFRDQVJCU0FV
C
S HTTP/1.1 401 Access Denied
S Server: Microsoft-IIS/5.0
S Date: Mon, 07 Aug 2006 01:02:29 GMT
S WWW-Authenticate: NTLM TlRMTVNTUAACAAAADgAOADgAAAAFAoECT7wL7HWKLVYAAAAAAAAAAGAAYABGAAAABQCTCAAAAA9DAEEAUgBCAFMAQQBVAAIADgBDAEEAUgBCAFMAQQBVAAEADgBXAEkATgBEAE8AVwBTAAQAEABjAGEAcgBiAHMALgBhAHUAAwAgAHcAaQBuAGQAbwB3AHMALgBjAGEAcgBiAHMALgBhAHUAAAAAAA==
S Content-Length: 24
S Content-Type: text/html
S
S Error: Access is Denied.
C SEARCH /exadmin/admin/CARBS.AU/MBX/Administrator/NON_IPM_SUBTREE HTTP/1.1
C Host: windows.carbs.au
C Content-Type: text/xml; charset="utf-8"
C Depth: 0
C Translate: f
C Authorization: NTLM TlRMTVNTUAADAAAAAAAAAHoAAAAYABgAegAAAA4ADgBAAAAAGgAaAE4AAAASABIAaAAAAAAAAACSAAAAAQIAAEMAQQBSAEIAUwBBAFUAYQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAEgAUABTAEMAUgBJAFAAVABme0nfkx1Nt9HG9dLZi+Kleer658cSzaI=
C
S HTTP/1.1 401 Access Denied
S Server: Microsoft-IIS/5.0
S Date: Mon, 07 Aug 2006 01:02:29 GMT
S WWW-Authenticate: Negotiate
S WWW-Authenticate: NTLM
S Connection: close
S Content-Length: 24
S Content-Type: text/html
S
S Error: Access is Denied.
Disconnected from windows.carbs.au
Error: Could not process the SASL authentication step: NTLM authentication was finished without success
Manuel Lemos - 2006-08-07 02:04:45 - In reply to message 1 from Mark Carbonaro
