http://www.perlmonks.org?node_id=1028953


in reply to NTLM authentication with IIS 6

Have you tried LWP::Authen::Ntlm? It seems like such a good fit. 
#!/usr/bin/perl -l

use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common;

my $url  = 'http://server:port/path/script.aspx';
my $user = 'domain\\user';
my $pass = 'password';
my $host = 'server:port';

my $ua = LWP::UserAgent->new( keep_alive => 1 );
$ua->credentials($host, '', $user, $pass);

my $req = GET $url;

my $response = $ua->request($req);
if ($response->is_success) {
    printf " %s\n", $response->status_line;
    printf "\n\n\n" . $response->content();
}
else {
    print "Something's not right... ->" . $response->code;
}

[download]

Replies are listed 'Best First'.
Re^2: NTLM authentication with IIS 6
by runrig (Abbot) on Apr 16, 2013 at 23:03 UTC
    Have you tried LWP::Authen::Ntlm? It seems like such a good fit.

    LWP::Authen::Ntlm uses Authen::NTLM, and neither should need to be explicitly included in the script, as the type of authentication is detected and the NTLM libraries are auto-included.

    Update: Except that it doesn't detect NTLM V1 vs V2, so Authen::NTLM does need to be explicitly included (see below).

[reply]

      LWP::Authen::Ntlm uses Authen::NTLM, and neither should need to be explicitly included, as the type of authentication is detected and the NTLM libraries are auto-included.

      If I do not explicitly use Authen:NTLM I get:

      Undefined subroutine &main::ntlmv2

      Whether I specify them or not in the suggestion by Khen1950fx I still get response code of '500' with content:

      <html><head><title>Error</title></head><body>The function requested is
+ not supported
</body></html>

      [download]
[reply]
[d/l]
[select]
        If I do not explicitly use Authen:NTLM I get:...

        Ah, I didn't see that function (Khen1950fx appears to have missed it also). Authen::NTLM exports the function ntlmv2(), which sets the module so that it uses V2 (so Authen::NTLM appears to be required explicitly)...I might have noticed if you explicitly exported the function:

        use Authen::NTLM qw(ntlmv2);
...
ntlmv2(1);

        [download]
        Not that this will fix your problem...the 500 error is probably a result of not using V2.
[reply]
[d/l]

        If I do not explicitly use Authen:NTLM I get: Undefined subroutine &main::ntlmv2

        Remove ntlmv2(); from your program and try again

[reply]
Re^2: NTLM authentication with IIS 6
by mrlizard123 (Novice) on Apr 16, 2013 at 22:28 UTC

    Yes I tried that and unfortunately getting this

    LWP::UserAgent::new: ()

LWP::UserAgent::request: ()

LWP::UserAgent::send_request: GET http://server:port/path/script.aspx

LWP::UserAgent::_need_proxy: Not proxied

LWP::Protocol::http::request: ()

LWP::Protocol::collect: read 808 bytes

LWP::Protocol::collect: read 848 bytes

LWP::Protocol::http::request: Keep the http connection to server:port

LWP::UserAgent::request: Simple response: Unauthorized

LWP::Authen::Ntlm::authenticate: authenticate() has been called

LWP::Authen::Ntlm::authenticate: In first phase of NTLM authentication

LWP::Authen::Ntlm::authenticate: Returning response object with auth h
+eader:
Authorization NTLM XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+XXXXXXXXXXXXXXXXX

LWP::UserAgent::request: ()

LWP::UserAgent::send_request: GET http://server:port/path/script.aspx

LWP::UserAgent::_need_proxy: Not proxied

LWP::Protocol::http::request: ()

LWP::Protocol::collect: read 100 bytes

LWP::UserAgent::request: Simple response: Internal Server Error

Something's not right... ->500

    [download]

    I changed the server/port/path and the Authorization NTLM but otherwise this is the output.

    The webserver server has a group policy applied which means I must use NTLMv2...

    Using an old version of Perl.. should probably have mentioned that; 5.6.1.

    Using the same credentials in a browser same url it works fine, on a server with the group policy disabled I don't have these problems either. (unfortunately disabling the policy is not an option...)

    I'd have pulled my hair out by now if I had any!

[reply]
[d/l]

      It's possible you are running into the same issue I am, in my case the policy is set on the server (NtlmMinClientSec) to 0x20080030.. In short it's 128-bit encryption, NTLMv2 session security, Message confidentiality, Message integrity.

      It's still v2 but with additional minimum NTLMSSP requirements that may or may not be implemented..

[reply]

In Section Seekers of Perl Wisdom