Arno Garrels wrote:
> Fastream Technologies wrote:
>> Latest report: when I used the Administrator account of Windows, it
>> worked! :) So I am beginning to think this is a problem with security
>> policies of some Windows.
>
> Yesterday I tested on a out-of-the-box, new XP SP2 installation, since
> this box had a hd crash :( Yes, there are policies dealing with NTLM,
> maybe you tweaked them?
Also check your registry, play with the values.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"lmcompatibilitylevel"=dword n
LmCompatibilityLevel settings
The LmCompatibilityLevel registry entry can be configured with the following
values: . LmCompatibilityLevel value of 0: Send LAN Manager (LM) response and
NTLM response; never use NTLM version 2 (NTLMv2) session security. Clients use
LM and NTLM authentication, and never use NTLMv2 session security; domain
controllers accept LM, NTLM, and NTLMv2 authentication.
. LmCompatibilityLevel value of 1: Use NTLMv2 session security, if
negotiated. Clients use LM and NTLM authentication, and use NTLMv2 session
security if the server supports it; domain controllers accept LM, NTLM, and
NTLMv2 authentication.
. LmCompatibilityLevel value of 2: Send NTLM response only. Clients use
only NTLM authentication, and use NTLMv2 session security if the server
supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
. LmCompatibilityLevel value of 3: Send NTLMv2 response only. Clients use
NTLMv2 authentication, and use NTLMv2 session security if the server supports
it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
. LmCompatibilityLevel value of 4: (Server Only) - Domain controllers
refuse LM responses. Clients use NTLM authentication, and use NTLMv2 session
security if the server supports it; domain controllers refuse LM
authentication, and accept NTLM and NTLMv2 authentication.
. LmCompatibilityLevel value of 5: (Server Only) - Domain controllers
refuse LM and NTLM responses, and accept only NTLMv2 responses. Clients use
NTLMv2 authentication, use NTLMv2 session security if the server supports it;
domain controllers refuse NTLM and LM authentication, and accept only NTLMv2
authentication.
>
> Anyway provide us a Ethereal logfile. Ethereal
> does a great job parsing the various NTLM messages!
>
> ---
> Arno Garrels [TeamICS]
> http://www.overbyte.be/eng/overbyte/teamics.html
>
>
>
>> Regards,
>>
>> SZ
>>
>> ----- Original Message -----
>> From: "Fastream Technologies" <[EMAIL PROTECTED]>
>> To: "ICS support mailing" <twsocket@elists.org>
>> Sent: Thursday, September 14, 2006 1:15 PM
>> Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
>>
>>
>>> Now it gives SEC_E_LOGON_DENIED. :(
>>>
>>> Regards,
>>>
>>> SZ
>>>
>>> ----- Original Message -----
>>> From: "Fastream Technologies" <[EMAIL PROTECTED]>
>>> To: "ICS support mailing" <twsocket@elists.org>
>>> Sent: Thursday, September 14, 2006 12:30 PM
>>> Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
>>>
>>>
>>>> Hello,
>>>>
>>>> I found the problem source pinpointed:
>>>>
>>>>
>>>> if Sec < 0 then
>>>> begin
>>>> {$IFDEF DEBUG_EXCEPTIONS}
>>>> Exception.CreateFmt('Init context failed: 0x%x', [Sec]);
>>>> // Sec -2146893048 (0x80090308)
>>>>
>>>> {$ELSE}
>>>> Result := '';
>>>> FState := lsDoneErr;
>>>> Exit;
>>>> {$ENDIF}
>>>> end;
>>>>
>>>> When DEBUG_EXCEPTIONS is defined, it does not set Result := ''; so
>>>> works!
>>>>
>>>> Best Regards,
>>>>
>>>> SZ
>>>>
>>>> ----- Original Message -----
>>>> From: "Arno Garrels" <[EMAIL PROTECTED]>
>>>> To: "ICS support mailing" <twsocket@elists.org>
>>>> Sent: Thursday, September 14, 2006 12:08 PM
>>>> Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
>>>>
>>>>
>>>>> Fastream Technologies wrote:
>>>>>> Also the unicode directive enabled, it does not compile! Perhaps
>>>>>> that could be a cure?!
>>>>>
>>>>> No, internally user names, domain names etc. are unicoded anyway.
>>>>> To enable the unicode versions of the SSPI functions you need to
>>>>> uncomment both defines in OverbyteIcsNtlmSsp.pas as well as in
>>>>> OverbyteIcsSspi.pas.
>>>>>
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> SZ
>>>>>>
>>>>>> ----- Original Message -----
>>>>>> From: "Fastream Technologies" <[EMAIL PROTECTED]>
>>>>>> To: "ICS support mailing" <twsocket@elists.org>
>>>>>> Sent: Thursday, September 14, 2006 11:40 AM
>>>>>> Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
>>>>>>
>>>>>>
>>>>>>> Hi Arno,
>>>>>>>
>>>>>>> I also wonder if this could be a lifetime/time zone problem? We
>>>>>>> are GMT+200. What is the timeout period of this authentication
>>>>>>> and did you consider different time zones?
>>>>>>>
>>>>>>> Best Regards,
>>>>>>>
>>>>>>> SZ
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>> From: "Fastream Technologies" <[EMAIL PROTECTED]>
>>>>>>> To: "ICS support mailing" <twsocket@elists.org>
>>>>>>> Sent: Thursday, September 14, 2006 11:31 AM
>>>>>>> Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM
>>>>>>> question)
>>>>>>>
>>>>>>>
>>>>>>>> It is very strange that when I enabled DEBUG_EXCEPTIONS, it
>>>>>>>> worked and gave no errors/exceptions! But I cannot deploy in
>>>>>>>> this form... ;(
>>>>>>>>
>>>>>>>> SZ
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>> From: "Arno Garrels" <[EMAIL PROTECTED]>
>>>>>>>> To: "ICS support mailing" <twsocket@elists.org>
>>>>>>>> Sent: Thursday, September 14, 2006 10:49 AM
>>>>>>>> Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM
>>>>>>>> question)
>>>>>>>>
>>>>>>>>
>>>>>>>>> I tested with Opera successfully!
>>>>>>>>>
>>>>>>>>> Change the format string below in order to get a hex display
>>>>>>>>> like: raise Exception.CreateFmt('Init context failed: 0x%x',
>>>>>>>>> [Sec]);
>>>>>>>>>
>>>>>>>>> Post the hex value.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Fastream Technologies wrote:
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> With FF, after msg3,
>>>>>>>>>>
>>>>>>>>>> Sec := FPSFT^.AcceptSecurityContext(@FHCred,
>>>>>>>>>> pHCtx,
>>>>>>>>>> @InBuffDesc,
>>>>>>>>>>
>>>>>>>>>> ASC_REQ_SEQUENCE_DETECT, // context requirements
>>>>>>>>>>
>>>>>>>>>> SECURITY_NATIVE_DREP,
>>>>>>>>>> @FHCtx,
>>>>>>>>>> @OutBuffDesc,
>>>>>>>>>> ContextAttr,
>>>>>>>>>> Lifetime); if Sec < 0 then
>>>>>>>>>> begin // enters here with Sec = -2^31
>>>>>>>>>> {$IFDEF DEBUG_EXCEPTIONS}
>>>>>>>>>> raise Exception.CreateFmt('Init context failed:
>>>>>>>>>> %d', [Sec]); {$ELSE}
>>>>>>>>>> Result := '';
>>>>>>>>>> FState := lsDoneErr;
>>>>>>>>>> Exit;
>>>>>>>>>> {$ENDIF}
>>>>>>>>>> end;
>>>>>>>>>>
>>>>>>>>>> Arno, do you have any idea?
>>>>>>>>>>
>>>>>>>>>> Best Regards,
>>>>>>>>>>
>>>>>>>>>> SZ
>>>>>>>>>>
>>>>>>>>>> ----- Original Message -----
>>>>>>>>>> From: "Fastream Technologies" <[EMAIL PROTECTED]>
>>>>>>>>>> To: "ICS support mailing" <twsocket@elists.org>
>>>>>>>>>> Sent: Thursday, September 14, 2006 8:20 AM
>>>>>>>>>> Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM
>>>>>>>>>> question)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Here is the full log:
>>>>>>>>>>>
>>>>>>>>>>> FireFox 1.5.0.6:
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:50:09 Connection Opened
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:50:09 From Local
>>>>>>>>>>> GET / HTTP/1.1..Host: fastream.homeip.net:82..User-Agent:
>>>>>>>>>>> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
>>>>>>>>>>> Gecko/20060728 Firefox/1.5.0.6..Accept:
>>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5..Accept-Language:
>>>>>>>>>>> en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-
>>>>>>>>>>> Charset: windows-1254,utf-8;q=0.7,*;q=0.7..Keep-Alive:
>>>>>>>>>>> 300..Connection: keep-alive....
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:50:09 From Remote
>>>>>>>>>>> HTTP/1.1 401 Authorization Required..WWW-Authenticate:
>>>>>>>>>>> NTLM..Content- Length: 629..Content-Type:
>>>>>>>>>>> text/html..Connection: keep- alive..Server: Fastream IQ
>>>>>>>>>>> Reverse Proxy....<HTML><HEAD><TITLE>401 Authorization ...
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:50:17 From Local
>>>>>>>>>>> GET / HTTP/1.1..Host: fastream.homeip.net:82..User-Agent:
>>>>>>>>>>> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
>>>>>>>>>>> Gecko/20060728 Firefox/1.5.0.6..Accept:
>>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5..Accept-Language:
>>>>>>>>>>> en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-
>>>>>>>>>>> Charset: windows-1254,utf-8;q=0.7,*;q=0.7..Keep-Alive:
>>>>>>>>>>> 300..Connection: keep-alive..Authorization: NTLM
>>>>>>>>>>> TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=....
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:50:17 From Remote
>>>>>>>>>>> HTTP/1.1 401 Authorization Required..WWW-Authenticate: NTLM
>>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>> TlRMTVNTUAACAAAADAAMADgAAAAFgooC/difEScUAFYAAAAAAAAAAEwATABEAAAABQEoCgAAAA9MAEEAUABUAE8AUAACAAwATABBAFAAVABPAFAAAQAMAEwAQQBQAFQATwBQAAQADABsAGEAcAB0AG8AcAADAAwAbABhAHAAdABvAHAABgAEAAEAAAAAAAAA..Content-Length:
>>>>>>>>>>> 629..Content-Type: text/html..Connection: keep-
>>>>>>>>>>> alive..Server: Fastream IQ Reverse
>>>>>>>>>>> Proxy....<HTML><HEAD><TITLE>401 Authorization ...
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:50:17 From Local
>>>>>>>>>>> GET / HTTP/1.1..Host: fastream.homeip.net:82..User-Agent:
>>>>>>>>>>> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
>>>>>>>>>>> Gecko/20060728 Firefox/1.5.0.6..Accept:
>>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5..Accept-Language:
>>>>>>>>>>> en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-
>>>>>>>>>>> Charset: windows-1254,utf-8;q=0.7,*;q=0.7..Keep-Alive:
>>>>>>>>>>> 300..Connection: keep-alive..Authorization: NTLM
>>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>> TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAAAAABAAAAAFgAWAEAAAAAMAAwAVgAAAAAAAAAAAAAABYIIAEcAbwByAGsAZQBtACAAQQB0AGUAcwBsAGEAcAB0AG8AcABc2JyvFDVzpwAAAAAAAAAAAAAAAAAAAABShNO+26e7kFH0QwISJYTrsG5Xb3lYZkM=....
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:50:17 From Remote
>>>>>>>>>>> HTTP/1.1 401 Authorization Required..WWW-Authenticate: NTLM
>>>>>>>>>>> ..Content-Length: 629..Content-Type: text/html..Connection:
>>>>>>>>>>> keep-alive..Server: Fastream IQ Reverse
>>>>>>>>>>> Proxy....<HTML><HEAD><TITLE>401 ...
>>>>>>>>>>>
>>>>>>>>>>> Still asking for password here....Forever...
>>>>>>>>>>>
>>>>>>>>>>> IE6XP:
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:48:06 Connection Opened
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:48:06 From Local
>>>>>>>>>>> GET / HTTP/1.1..Accept: image/gif, image/x-xbitmap,
>>>>>>>>>>> image/jpeg, image/pjpeg, application/x-shockwave-flash,
>>>>>>>>>>> application/vnd.ms- excel, application/msword,
>>>>>>>>>>> application/vnd.ms-powerpoint, */*..Accept-Language:
>>>>>>>>>>> tr..Accept-Encoding: gzip, deflate..User- Agent: Mozilla/4.0
>>>>>>>>>>> (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
>>>>>>>>>>> 1.1.4322)..Host: fastream.homeip.net:82..Connection: Keep-
>>>>>>>>>>> Alive..Cookie:
>>>>>>>>>>> IQDomain="NAME=949BB1BDF325862423C53938CEA5EB6D....
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:48:06 From Remote
>>>>>>>>>>> HTTP/1.1 401 Authorization Required..WWW-Authenticate:
>>>>>>>>>>> NTLM..Content- Length: 629..Content-Type:
>>>>>>>>>>> text/html..Connection: Keep- Alive..Server: Fastream IQ
>>>>>>>>>>> Reverse Proxy....<HTML><HEAD><TITLE>401 Authorization ...
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:48:06 From Local
>>>>>>>>>>> GET / HTTP/1.1..Accept: image/gif, image/x-xbitmap,
>>>>>>>>>>> image/jpeg, image/pjpeg, application/x-shockwave-flash,
>>>>>>>>>>> application/vnd.ms- excel, application/msword,
>>>>>>>>>>> application/vnd.ms-powerpoint, */*..Accept-Language:
>>>>>>>>>>> tr..Accept-Encoding: gzip, deflate..User- Agent: Mozilla/4.0
>>>>>>>>>>> (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
>>>>>>>>>>> 1.1.4322)..Host: fastream.homeip.net:82..Connection: Keep-
>>>>>>>>>>> Alive..Authorization: NTLM
>>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>> TlRMTVNTUAABAAAAB7IIogkACQAuAAAABgAGACgAAAAFASgKAAAAD0xBUFRPUFdPUktHUk9VUA==..Cookie:
>>>>>>>> IQDomain="NAME=949BB1BDF325862423C53938CEA5EB6D....
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:48:06 From Remote
>>>>>>>>>>> HTTP/1.1 401 Authorization Required..WWW-Authenticate: NTLM
>>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>> TlRMTVNTUAACAAAADAAMADgAAAAFwoqi1rIk+abQsBfodhAAAAAAAEwATABEAAAABQEoCgAAAA9MAEEAUABUAE8AUAACAAwATABBAFAAVABPAFAAAQAMAEwAQQBQAFQATwBQAAQADABsAGEAcAB0AG8AcAADAAwAbABhAHAAdABvAHAABgAEAAEAAAAAAAAA..Content-Length:
>>>>>>>>>>> 629..Content-Type: text/html..Connection: Keep-
>>>>>>>>>>> Alive..Server: Fastream IQ Reverse
>>>>>>>>>>> Proxy....<HTML><HEAD><TITLE>401 Authorization ...
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:48:06 From Local
>>>>>>>>>>> GET / HTTP/1.1..Accept: image/gif, image/x-xbitmap,
>>>>>>>>>>> image/jpeg, image/pjpeg, application/x-shockwave-flash,
>>>>>>>>>>> application/vnd.ms- excel, application/msword,
>>>>>>>>>>> application/vnd.ms-powerpoint, */*..Accept-Language:
>>>>>>>>>>> tr..Accept-Encoding: gzip, deflate..User- Agent: Mozilla/4.0
>>>>>>>>>>> (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
>>>>>>>>>>> 1.1.4322)..Host: fastream.homeip.net:82..Connection: Keep-
>>>>>>>>>>> Alive..Authorization: NTLM
>>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>> TlRMTVNTUAADAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAABcKIogUBKAoAAAAP..Cookie:
>>>>>>>> IQDomain="NAME=949BB1BDF325862423C53938CEA5EB6D....
>>>>>>>>>>>
>>>>>>>>>>> 13.09.2006 21:48:06 From Remote
>>>>>>>>>>> HTTP/1.1 200 OK..Content-Type: text/html..Connection: Keep-
>>>>>>>>>>> Alive..Server: Fastream IQ Web/FTP Server..Content-Length:
>>>>>>>>>>> 14718..Content-Encoding: gzip..Set-Cookie:
>>>>>>>>>>> IQDomain="NAME=949BB1BDF325862423C53938CEA5EB6D; PATH=/;
>>>>>>>>>>> EXPIRES=Thu, 01 Jan 2009 21:48:06;"..Via: Fastream IQ
>>>>>>>>>>> Reverse Proxy.....<data here>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I cut the data sections to obey the ICS list 40kB limit
>>>>>>>>>>> here.
>>>>>>>>>>>
>>>>>>>>>>> Best Regards,
>>>>>>>>>>>
>>>>>>>>>>> SZ
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> To unsubscribe or change your settings for TWSocket mailing
>>>>>>>>>>> list please goto
>>>>>>>>>>> http://www.elists.org/mailman/listinfo/twsocket Visit our
>>>>>>>>>>> website at http://www.overbyte.be
>>>>>>>>> --
>>>>>>>>> To unsubscribe or change your settings for TWSocket mailing
>>>>>>>>> list please goto
>>>>>>>>> http://www.elists.org/mailman/listinfo/twsocket Visit our
>>>>>>>>> website at http://www.overbyte.be
>>>>>>>>
>>>>>>>> --
>>>>>>>> To unsubscribe or change your settings for TWSocket mailing
>>>>>>>> list please goto
>>>>>>>> http://www.elists.org/mailman/listinfo/twsocket Visit our
>>>>>>>> website at http://www.overbyte.be
>>>>>>>
>>>>>>> --
>>>>>>> To unsubscribe or change your settings for TWSocket mailing list
>>>>>>> please goto http://www.elists.org/mailman/listinfo/twsocket
>>>>>>> Visit our website at http://www.overbyte.be
>>>>> --
>>>>> To unsubscribe or change your settings for TWSocket mailing list
>>>>> please goto http://www.elists.org/mailman/listinfo/twsocket
>>>>> Visit our website at http://www.overbyte.be
>>>>
>>>> --
>>>> To unsubscribe or change your settings for TWSocket mailing list
>>>> please goto http://www.elists.org/mailman/listinfo/twsocket
>>>> Visit our website at http://www.overbyte.be
>>>
>>> --
>>> To unsubscribe or change your settings for TWSocket mailing list
>>> please goto http://www.elists.org/mailman/listinfo/twsocket
>>> Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
