Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: NTLM authentication with IIS 6

by Khen1950fx (Canon)
on Apr 16, 2013 at 16:19 UTC ( #1028953=note: print w/ replies, xml ) Need Help??


in reply to NTLM authentication with IIS 6

Have you tried LWP::Authen::Ntlm? It seems like such a good fit.

#!/usr/bin/perl -l use strict; use warnings; use LWP::UserAgent; use HTTP::Request::Common; my $url = 'http://server:port/path/script.aspx'; my $user = 'domain\\user'; my $pass = 'password'; my $host = 'server:port'; my $ua = LWP::UserAgent->new( keep_alive => 1 ); $ua->credentials($host, '', $user, $pass); my $req = GET $url; my $response = $ua->request($req); if ($response->is_success) { printf " %s\n", $response->status_line; printf "\n\n\n" . $response->content(); } else { print "Something's not right... ->" . $response->code; }


Comment on Re: NTLM authentication with IIS 6
Download Code
Re^2: NTLM authentication with IIS 6
by mrlizard123 (Novice) on Apr 16, 2013 at 22:28 UTC

    Yes I tried that and unfortunately getting this

    LWP::UserAgent::new: () LWP::UserAgent::request: () LWP::UserAgent::send_request: GET http://server:port/path/script.aspx LWP::UserAgent::_need_proxy: Not proxied LWP::Protocol::http::request: () LWP::Protocol::collect: read 808 bytes LWP::Protocol::collect: read 848 bytes LWP::Protocol::http::request: Keep the http connection to server:port LWP::UserAgent::request: Simple response: Unauthorized LWP::Authen::Ntlm::authenticate: authenticate() has been called LWP::Authen::Ntlm::authenticate: In first phase of NTLM authentication LWP::Authen::Ntlm::authenticate: Returning response object with auth h +eader: Authorization NTLM XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +XXXXXXXXXXXXXXXXX LWP::UserAgent::request: () LWP::UserAgent::send_request: GET http://server:port/path/script.aspx LWP::UserAgent::_need_proxy: Not proxied LWP::Protocol::http::request: () LWP::Protocol::collect: read 100 bytes LWP::UserAgent::request: Simple response: Internal Server Error Something's not right... ->500

    I changed the server/port/path and the Authorization NTLM but otherwise this is the output.

    The webserver server has a group policy applied which means I must use NTLMv2...

    Using an old version of Perl.. should probably have mentioned that; 5.6.1.

    Using the same credentials in a browser same url it works fine, on a server with the group policy disabled I don't have these problems either. (unfortunately disabling the policy is not an option...)

    I'd have pulled my hair out by now if I had any!

      It's possible you are running into the same issue I am, in my case the policy is set on the server (NtlmMinClientSec) to 0x20080030.. In short it's 128-bit encryption, NTLMv2 session security, Message confidentiality, Message integrity.

      It's still v2 but with additional minimum NTLMSSP requirements that may or may not be implemented..

Re^2: NTLM authentication with IIS 6
by runrig (Abbot) on Apr 16, 2013 at 23:03 UTC
    Have you tried LWP::Authen::Ntlm? It seems like such a good fit.

    LWP::Authen::Ntlm uses Authen::NTLM, and neither should need to be explicitly included in the script, as the type of authentication is detected and the NTLM libraries are auto-included.

    Update: Except that it doesn't detect NTLM V1 vs V2, so Authen::NTLM does need to be explicitly included (see below).

      LWP::Authen::Ntlm uses Authen::NTLM, and neither should need to be explicitly included, as the type of authentication is detected and the NTLM libraries are auto-included.

      If I do not explicitly use Authen:NTLM I get:

      Undefined subroutine &main::ntlmv2

      Whether I specify them or not in the suggestion by Khen1950fx I still get response code of '500' with content:

      <html><head><title>Error</title></head><body>The function requested is + not supported </body></html>

        If I do not explicitly use Authen:NTLM I get: Undefined subroutine &main::ntlmv2

        Remove ntlmv2(); from your program and try again

        If I do not explicitly use Authen:NTLM I get:...

        Ah, I didn't see that function (Khen1950fx appears to have missed it also). Authen::NTLM exports the function ntlmv2(), which sets the module so that it uses V2 (so Authen::NTLM appears to be required explicitly)...I might have noticed if you explicitly exported the function:

        use Authen::NTLM qw(ntlmv2); ... ntlmv2(1);
        Not that this will fix your problem...the 500 error is probably a result of not using V2.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1028953]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (7)
As of 2014-08-23 15:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (174 votes), past polls