Re: [twsocket] Fw: Urgent (Another simple NTLM question)

Thu, 14 Sep 2006 05:31:56 -0700 

I just noticed that Ethereal cannot dump the protocol insight. :( Or maybe 
there is a way??

Arno, I think you will need to use the POST demo together with NTLM to test 
against.

Benjamin, thanks for the empty password idea!

Best Regards,

SubZero

----- Original Message ----- 
From: "Fastream Technologies" <[EMAIL PROTECTED]>
To: "ICS support mailing" <twsocket@elists.org>
Sent: Thursday, September 14, 2006 3:22 PM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)


Basicallly the ntlmmessage = NULL where it must not be--ethereal calls this
malformed header!!!

Regards,

SZ

----- Original Message ----- 
From: "Fastream Technologies" <[EMAIL PROTECTED]>
To: "ICS support mailing" <twsocket@elists.org>
Sent: Thursday, September 14, 2006 3:15 PM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)


: Ok I recreated the user "a" with a non-null pwd and it worked. BUT POST
does
: not work in ANY browser! Never authenticates. This is the Ethereal dump:
:
: Ã"Ãf²¡          ÿÿ     â,¬E E¬D ú  ú   v֐Ã< [EMAIL PROTECTED] 
E
ì-@ â,¬E&Ã?¨Ã?¨â?o
: PqÃfAâ?¦h7õµPÿÿX]  POST / HTTP/1.1
: Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
: application/x-shockwave-flash, application/vnd.ms-excel,
: application/vnd.ms-powerpoint, application/msword, */*
: Referer: http://fastream.homeip.net/
: Accept-Language: tr,en-us;q=0.5
: Content-Type: multipart/form-data;
: boundary=---------------------------7d637af120086
: UA-CPU: x86
: Accept-Encoding: gzip, deflate
: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
: 1.1.4322)
: Host: fastream.homeip.net
: Connection: Keep-Alive
: Cache-Control: no-cache
: Cookie: IQDomain="NAME=949BB1BDF325862423C53938CEA5EB6D
: Authorization: NTLM
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
: Content-Length: 0
:
: â,¬E EÃ"L      Ã~Íâ?¢@ v֐Ã< E ùÃ.6@ â,¬Å"qÃ?¨Ã?¨
Pâ?oh7õµqÃfDIPÿÿâ
: HTTP/1.1 401 Authorization Required
: WWW-Authenticate: NTLM
:
TlRMTVNTUAACAAAADAAMADgAAAAFgoqioCqv9v7MM+EAAAAAAAAAAEQARABEAAAABQEoCgAAAA9MAEEAUABUAE8AUAACAAwATABBAFAAVABPAFAAAQAMAEwAQQBQAFQATwBQAAQADABsAGEAcAB0AG8AcAADAAwAbABhAHAAdABvAHAAAAAAAA==
: Content-Length: 629
: Content-Type: text/html
: Connection: close
: Server: Fastream IQ Reverse Proxy
:
: <HTML><HEAD><TITLE>401 Authorization Required</TITLE></HEAD><BODY><FONT
: FACE="Verdana"><H1>Authorization Required</H1><BR>This server could not
: verify that you are authorized to access the document requested. Either
you
: supplied the wrong credentials (e.g. bad password), or your browser
doesn't
: understand how to supply the credentials required. You may want to contact
: the server administrator here: <A
:
HREF="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</A>.<P><BR><HR><I><B>Fastream
: IQ Reverse Proxy</B><BR><A
:
HREF="http://www.fastream.com/IQReverseProxy/";>www.fastream.com/IQReverseProxy</A></I><HR></FONT></BODY></HTML>â,¬E
: EøM 6   6    Ã~Íâ?¢@ v֐Ã< E  (Ã.7@ â,¬ AÃ?¨Ã?¨ Pâ?oh7ùâ?
qÃfDIPÿÿ Ï  â,¬E EÅ N <
: <    v֐Ã< [EMAIL PROTECTED] E  (-â?~@ â,¬GèÃ?¨Ã?¨â?o
PqÃfDIh7ùâ?¡Pü.         â,¬E E¸Q Ã"
: Ã"   v֐Ã< [EMAIL PROTECTED] E Ã?-â?T@ â,¬DIÃ?¨Ã?¨â?o
PqÃfDIh7ùâ?¡Pü.âr  POST / HTTP/1.1
: Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
: application/x-shockwave-flash, application/vnd.ms-excel,
: application/vnd.ms-powerpoint, application/msword, */*
: Referer: http://fastream.homeip.net/
: Accept-Language: tr,en-us;q=0.5
: Content-Type: multipart/form-data;
: boundary=---------------------------7d637af120086
: UA-CPU: x86
: Accept-Encoding: gzip, deflate
: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
: 1.1.4322)
: Host: fastream.homeip.net
: Content-Length: 194
: Connection: Keep-Alive
: Cache-Control: no-cache
: Cookie: IQDomain="NAME=949BB1BDF325862423C53938CEA5EB6D
: Authorization: NTLM
:
TlRMTVNTUAADAAAAGAAYAJoAAAAYABgAsgAAACYAJgBIAAAAGgAaAG4AAAASABIAiAAAAAAAAADKAAAABYKIogUBKAoAAAAPZgBhAHMAdAByAGUAYQBtAC4AaABvAG0AZQBpAHAALgBuAGUAdABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEIATABBAEMASwBIAEEAVwBLAN96CsZ+Wo0dAAAAAAAAAAAAAAAAAAAAAMMFoduSgerudny+MJHuX4KJKkWtO+xVNg==
:
: â,¬E ER ø   ø    v֐Ã< [EMAIL PROTECTED] E  ê-â?o@ 
â,¬G$Ã?¨Ã?¨â?o
: qÃfGçh7ùâ?¡Pü."A  -----------------------------7d637af120086
: Content-Disposition: form-data; name="upfile"; filename=""
: Content-Type: application/octet-stream
:
:
: -----------------------------7d637af120086--
: â,¬E E7R 6   6    Ã~Íâ?¢@ v֐Ã< E  (Ã.8@ â,¬ @Ã?¨Ã?¨
Pâ?oh7ùâ?¡qÃfH©PûŸ Ï  â,¬E
: ES <   <    v֐Ã< [EMAIL PROTECTED] E  (-â?@ â,¬GÃ¥Ã?¨Ã?¨â?o
PqÃfH©h7ùâ?¡Pü. ?        â,¬E
: E?S 6   6    Ã~Íâ?¢@ v֐Ã< E  (Ã.9@ â,¬ ?Ã?¨Ã?¨
Pâ?oh7ùâ?¡qÃfHªPûŸ Î  â,¬E EžT >
: >    v֐Ã< [EMAIL PROTECTED] E  0-â?¢@ â,¬GÃoÃ?¨Ã?¨â?" PùøŸª
pÿÿ^?  ´â,¬E EÃ'T >
: >    Ã~Íâ?¢@ v֐Ã< E  0Ã.:@ â,¬ 6Ã?¨Ã?¨
Pâ?"Ã^¹¼EùøŸ«pÿÿÃT.  ´â,¬E EqU <
: <    v֐Ã< [EMAIL PROTECTED] E  (-â?"@ â,¬GâÃ?¨Ã?¨â?"
PùøŸ«Ã^¹¼FPÿÿó        â,¬E EaV Ã"
: Ã"   v֐Ã< [EMAIL PROTECTED] E Ã?-Ëo@ â,¬DCÃ?¨Ã?¨â?"
PùøŸ«Ã^¹¼FPÿÿÃ-Ã.  POST / HTTP/1.1
: Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
: application/x-shockwave-flash, application/vnd.ms-excel,
: application/vnd.ms-powerpoint, application/msword, */*
: Referer: http://fastream.homeip.net/
: Accept-Language: tr,en-us;q=0.5
: Content-Type: multipart/form-data;
: boundary=---------------------------7d637af120086
: UA-CPU: x86
: Accept-Encoding: gzip, deflate
: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
: 1.1.4322)
: Host: fastream.homeip.net
: Content-Length: 194
: Connection: Keep-Alive
: Cache-Control: no-cache
: Cookie: IQDomain="NAME=949BB1BDF325862423C53938CEA5EB6D
: Authorization: NTLM
:
TlRMTVNTUAADAAAAGAAYAJoAAAAYABgAsgAAACYAJgBIAAAAGgAaAG4AAAASABIAiAAAAAAAAADKAAAABYKIogUBKAoAAAAPZgBhAHMAdAByAGUAYQBtAC4AaABvAG0AZQBpAHAALgBuAGUAdABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEIATABBAEMASwBIAEEAVwBLAN96CsZ+Wo0dAAAAAAAAAAAAAAAAAAAAAMMFoduSgerudny+MJHuX4KJKkWtO+xVNg==
:
: â,¬E Eé O  O   Ã~Íâ?¢@ v֐Ã< E AÃ.?@ â,¬ Ã?¨Ã?¨
Pâ?"Ã^¹¼Fùø£IPüa^
: HTTP/1.1 401 Authorization Required
: WWW-Authenticate: NTLM
: Content-Length: 629
: Content-Type: text/html
: Connection: close
: Server: Fastream IQ Reverse Proxy
:
: <HTML><HEAD><TITLE>401 Authorization Required</TITLE></HEAD><BODY><FONT
: FACE="Verdana"><H1>Authorization Required</H1><BR>This server could not
: verify that you are authorized to access the document requested. Either
you
: supplied the wrong credentials (e.g. bad password), or your browser
doesn't
: understand how to supply the credentials required. You may want to contact
: the server administrator here: <A
:
HREF="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</A>.<P><BR><HR><I><B>Fastream
: IQ Reverse Proxy</B><BR><A
:
HREF="http://www.fastream.com/IQReverseProxy/";>www.fastream.com/IQReverseProxy</A></I><HR></FONT></BODY></HTML>â,¬E
: E& 6   6    Ã~Íâ?¢@ v֐Ã< E  (Ã.@@ â,¬ 8Ã?¨Ã?¨
Pâ?"Ã^¹¿_ùø£IPüaÃT  â,¬E Eó <
: <    v֐Ã< [EMAIL PROTECTED] E  (-Å¡@ â,¬GÃYÃ?¨Ã?¨â?"
Pùø£IÃ^¹¿_PüæT        â,¬E E <
: <    v֐Ã< [EMAIL PROTECTED] E  (-â?º@ â,¬GŞÃ?¨Ã?¨â?"
Pùø£JÃ^¹¿`PüæS        â,¬E E5 6
: 6    Ã~Íâ?¢@ v֐Ã< E  (Ã.A@ â,¬ 7Ã?¨Ã?¨
Pâ?"Ã^¹¿`ùø£JPüaÃ~  â?sE E .   .   
: ^ÿú v֐Ã< F   Ã.F  Å"ìÃ?¨ïÿÿúâ?   úïÿÿúâ?¡E Ed
: <   <    ^   ¿[Aw E  #  �¨à  dî�          @
t¸Ã,Ï.jZUlâ?°E E©/
: .   .    ^ÿú v֐Ã< F   Ã.G  Å"ëÃ?¨ïÿÿúâ?  
úïÿÿúŠE EÂ¥ >   >    v֐Ã<
: [EMAIL PROTECTED] E  0-Å"@ â,¬GÃ.Ã?¨Ã?¨â?" Ph¸â,¬    pÿÿÃ-[
´ŠE Eü >   >
: Ã~Íâ?¢@ v֐Ã< E  0Ã.H@ â,¬ (Ã?¨Ã?¨ Pâ?"ä<h¸pÿÿâ?sK
´ŠE E¥ <   <
: v֐Ã< [EMAIL PROTECTED] E  (-ž@ â,¬GÃ>Ã?¨Ã?¨â?" 
Ph¸ä<Pÿÿ¯
Å E EÆ' ú  ú
: v֐Ã< [EMAIL PROTECTED] E ì-Ÿ@ â,¬EÃ?¨Ã?¨â?" 
Ph¸ä<Pÿÿ�4
POST / HTTP/1.1
: Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
: application/x-shockwave-flash, application/vnd.ms-excel,
: application/vnd.ms-powerpoint, application/msword, */*
: Referer: http://fastream.homeip.net/
: Accept-Language: tr,en-us;q=0.5
: Content-Type: multipart/form-data;
: boundary=---------------------------7d637af120086
: UA-CPU: x86
: Accept-Encoding: gzip, deflate
: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
: 1.1.4322)
: Host: fastream.homeip.net
: Cookie: IQDomain="NAME=949BB1BDF325862423C53938CEA5EB6D
: Connection: Keep-Alive
: Cache-Control: no-cache
: Authorization: NTLM
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
: Content-Length: 0
:
: Å E E2L      Ã~Íâ?¢@ v֐Ã< E ùÃ.I@ â,¬Å"^Ã?¨Ã?¨
Pâ?"ä<h»EPı;Ã¥7
: HTTP/1.1 401 Authorization Required
: WWW-Authenticate: NTLM
:
TlRMTVNTUAACAAAADAAMADgAAAAFgoqin8sAeAp+szUAAAAAAAAAAEQARABEAAAABQEoCgAAAA9MAEEAUABUAE8AUAACAAwATABBAFAAVABPAFAAAQAMAEwAQQBQAFQATwBQAAQADABsAGEAcAB0AG8AcAADAAwAbABhAHAAdABvAHAAAAAAAA==
: Content-Length: 629
: Content-Type: text/html
: Connection: close
: Server: Fastream IQ Reverse Proxy
:
: <HTML><HEAD><TITLE>401 Authorization Required</TITLE></HEAD><BODY><FONT
: FACE="Verdana"><H1>Authorization Required</H1><BR>This server could not
: verify that you are authorized to access the document requested. Either
you
: supplied the wrong credentials (e.g. bad password), or your browser
doesn't
: understand how to supply the credentials required. You may want to contact
: the server administrator here: <A
:
HREF="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</A>.<P><BR><HR><I><B>Fastream
: IQ Reverse Proxy</B><BR><A
:
HREF="http://www.fastream.com/IQReverseProxy/";>www.fastream.com/IQReverseProxy</A></I><HR></FONT></BODY></HTML>Å
E
: E.M 6   6    Ã~Íâ?¢@ v֐Ã< E  (Ã.J@ â,¬ .Ã?¨Ã?¨
Pâ?"ä?íh»EPı;«=  Å E EON <
: <    v֐Ã< [EMAIL PROTECTED] E  (-¡@ â,¬GÃ~Ã?¨Ã?¨â?"
Ph»Eä?îPü.¬J        Å E EËoP °
: °   v֐Ã< [EMAIL PROTECTED] E ¢-¢@ â,¬D]Ã?¨Ã?¨â?"
Ph»Eä?îPü.ì¦  POST / HTTP/1.1
: Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
: application/x-shockwave-flash, application/vnd.ms-excel,
: application/vnd.ms-powerpoint, application/msword, */*
: Referer: http://fastream.homeip.net/
: Accept-Language: tr,en-us;q=0.5
: Content-Type: multipart/form-data;
: boundary=---------------------------7d637af120086
: UA-CPU: x86
: Accept-Encoding: gzip, deflate
: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
: 1.1.4322)
: Host: fastream.homeip.net
: Cookie: IQDomain="NAME=949BB1BDF325862423C53938CEA5EB6D
: Connection: Keep-Alive
: Cache-Control: no-cache
: Authorization: NTLM
:
TlRMTVNTUAADAAAAGAAYAIAAAAAYABgAmAAAAAwADABIAAAAGgAaAFQAAAASABIAbgAAAAAAAACwAAAABYKIogUBKAoAAAAPbABhAHAAdABvAHAAYQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBCAEwAQQBDAEsASABBAFcASwDfkLizRDmqUgAAAAAAAAAAAAAAAAAAAADDlsa6UMs01Ep9zIP4BKpkzVT2V7CiC4A=
: Content-Length: 194
:
: Å E E^Q ø   ø    v֐Ã< [EMAIL PROTECTED] E  ê-£@ â,¬GÃ?¨Ã?¨â?"
: h¾¿ä?îPü.¾  -----------------------------7d637af120086
: Content-Disposition: form-data; name="upfile"; filename=""
: Content-Type: application/octet-stream
:
:
: -----------------------------7d637af120086--
: Å E E|Q 6   6    Ã~Íâ?¢@ v֐Ã< E  (Ã.K@ â,¬ -Ã?¨Ã?¨
Pâ?"ä?îh¿Pÿÿ¤=  Å E
: EÃfQ <   <    v֐Ã< [EMAIL PROTECTED] E  (-¤@ â,¬GÃ.Ã?¨Ã?¨â?"
Ph¿ä?îPü.¨
:        Å E EæQ 6   6    Ã~Íâ?¢@ v֐Ã< E  (Ã.L@ â,¬ ,Ã?¨Ã?¨
Pâ?"ä?îh¿â?sPÿÿ¤<
:
: ----- Original Message ----- 
: From: "Stadin, Benjamin" <[EMAIL PROTECTED]>
: To: <twsocket@elists.org>
: Sent: Thursday, September 14, 2006 3:05 PM
: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:
:
::I said that several times. You must at least have "admin helper" (I don't
:: remember what specific privileges are needed) rights to query the user
db,
:: also if you want to auth in a domain your app must run as domain user
with
:: sufficent rights. This is also the case with MS user management utility
: for
:: NT domain users (at least NT4 I worked with years ago).
::
:: I think that empty passwords are not allowed, so your user a would never
: be
:: allowed to log in. At least at home I can't use empty pw's with my xp
:: machines in the net. Test with network SMB login.
::
:: You can change the auto-login and trusted URIs in FF at about:config. I
:: asked you to do so, because I think it's possible that IE sends it's
: domain
:: name in the NTLM challenge for auto-login reasons. NTLM single sign on is
:: used by IE by default, in FF you must enable it. So maybe the server uses
: a
:: wrong domain with FF and it just works with IE because it sends the
: domain.
:: The domain isn't actually needed, because the server has to decide which
:: domain to use, but there may be something fishy at this point at the
: server
:: side right now (ie when FF sends an empty domain when not doing
auto-login
:: the server may try to auth this domain, instead it should overwrite it
: with
:: it's own default domain - maybe).
::
::
::
:: SZ wrote:
::
:: Latest report: when I used the Administrator account of Windows, it
: worked!
:::) So I am beginning to think this is a problem with security policies of
:: some Windows.
::
:: Regards,
::
:: SZ
:: -- 
:: To unsubscribe or change your settings for TWSocket mailing list
:: please goto http://www.elists.org/mailman/listinfo/twsocket
:: Visit our website at http://www.overbyte.be
:
: -- 
: To unsubscribe or change your settings for TWSocket mailing list
: please goto http://www.elists.org/mailman/listinfo/twsocket
: Visit our website at http://www.overbyte.be

-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be 

-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to