Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: NTLM authentication with IIS 6

by Khen1950fx (Canon)
on Apr 16, 2013 at 16:19 UTC ( #1028953=note: print w/ replies, xml ) Need Help??


in reply to NTLM authentication with IIS 6

Have you tried LWP::Authen::Ntlm? It seems like such a good fit.

#!/usr/bin/perl -l use strict; use warnings; use LWP::UserAgent; use HTTP::Request::Common; my $url = 'http://server:port/path/script.aspx'; my $user = 'domain\\user'; my $pass = 'password'; my $host = 'server:port'; my $ua = LWP::UserAgent->new( keep_alive => 1 ); $ua->credentials($host, '', $user, $pass); my $req = GET $url; my $response = $ua->request($req); if ($response->is_success) { printf " %s\n", $response->status_line; printf "\n\n\n" . $response->content(); } else { print "Something's not right... ->" . $response->code; }


Comment on Re: NTLM authentication with IIS 6
Download Code
Replies are listed 'Best First'.
Re^2: NTLM authentication with IIS 6
by runrig (Abbot) on Apr 16, 2013 at 23:03 UTC
    Have you tried LWP::Authen::Ntlm? It seems like such a good fit.

    LWP::Authen::Ntlm uses Authen::NTLM, and neither should need to be explicitly included in the script, as the type of authentication is detected and the NTLM libraries are auto-included.

    Update: Except that it doesn't detect NTLM V1 vs V2, so Authen::NTLM does need to be explicitly included (see below).

      LWP::Authen::Ntlm uses Authen::NTLM, and neither should need to be explicitly included, as the type of authentication is detected and the NTLM libraries are auto-included.

      If I do not explicitly use Authen:NTLM I get:

      Undefined subroutine &main::ntlmv2

      Whether I specify them or not in the suggestion by Khen1950fx I still get response code of '500' with content:

      <html><head><title>Error</title></head><body>The function requested is + not supported </body></html>
        If I do not explicitly use Authen:NTLM I get:...

        Ah, I didn't see that function (Khen1950fx appears to have missed it also). Authen::NTLM exports the function ntlmv2(), which sets the module so that it uses V2 (so Authen::NTLM appears to be required explicitly)...I might have noticed if you explicitly exported the function:

        use Authen::NTLM qw(ntlmv2); ... ntlmv2(1);
        Not that this will fix your problem...the 500 error is probably a result of not using V2.

        If I do not explicitly use Authen:NTLM I get: Undefined subroutine &main::ntlmv2

        Remove ntlmv2(); from your program and try again

Re^2: NTLM authentication with IIS 6
by mrlizard123 (Novice) on Apr 16, 2013 at 22:28 UTC

    Yes I tried that and unfortunately getting this

    LWP::UserAgent::new: () LWP::UserAgent::request: () LWP::UserAgent::send_request: GET http://server:port/path/script.aspx LWP::UserAgent::_need_proxy: Not proxied LWP::Protocol::http::request: () LWP::Protocol::collect: read 808 bytes LWP::Protocol::collect: read 848 bytes LWP::Protocol::http::request: Keep the http connection to server:port LWP::UserAgent::request: Simple response: Unauthorized LWP::Authen::Ntlm::authenticate: authenticate() has been called LWP::Authen::Ntlm::authenticate: In first phase of NTLM authentication LWP::Authen::Ntlm::authenticate: Returning response object with auth h +eader: Authorization NTLM XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +XXXXXXXXXXXXXXXXX LWP::UserAgent::request: () LWP::UserAgent::send_request: GET http://server:port/path/script.aspx LWP::UserAgent::_need_proxy: Not proxied LWP::Protocol::http::request: () LWP::Protocol::collect: read 100 bytes LWP::UserAgent::request: Simple response: Internal Server Error Something's not right... ->500

    I changed the server/port/path and the Authorization NTLM but otherwise this is the output.

    The webserver server has a group policy applied which means I must use NTLMv2...

    Using an old version of Perl.. should probably have mentioned that; 5.6.1.

    Using the same credentials in a browser same url it works fine, on a server with the group policy disabled I don't have these problems either. (unfortunately disabling the policy is not an option...)

    I'd have pulled my hair out by now if I had any!

      It's possible you are running into the same issue I am, in my case the policy is set on the server (NtlmMinClientSec) to 0x20080030.. In short it's 128-bit encryption, NTLMv2 session security, Message confidentiality, Message integrity.

      It's still v2 but with additional minimum NTLMSSP requirements that may or may not be implemented..

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1028953]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (9)
As of 2015-07-31 00:13 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (274 votes), past polls