cntlm: Proxy returning invalid challenge
Amedee Van Gasse
amedee-ubuntu at amedee.be
Tue Oct 19 10:46:14 UTC 2010
On Mon, October 18, 2010 16:49, sktsee wrote:
> 1. Fire up wireshark and capture the auth negotiation between your
> machine and the ISA server. Wireshark has expert analysis for a lot of
> differnent protocols, so maybe it will provide a clue as to why the auth
> is failing.
Ok I will do that first.
> 2. Try ntlmaps. The package description for ntlmaps says that it can
> alter the client's request headers to make it appear to the server that
> the connectign client is MS IE. Presumably, it's talking about faking the
> user-agent string of your browser. IIRC, the debug output listed in one
> of your previous messages contained a line identifying an unaltered
> Firefox/Ubuntu user-agent string being sent to the ISA server. I know
> nothing about ISA servers, but if ntlmaps has client impersonation as a
> feature, then maybe its a requirement for NTLM auth. Alternately, if you
> are really set on making cntlm work, but it doesn't have the ability to
> modify the client headers to look like MS IE, then install the User-agent
> Switcher, or Modify Headers addon to do it from the browser.
cntlm can do that too. In fact, cntlm is a complete rewrite of ntlmaps.
According to the author, cntlm should do everything that ntlmaps does, but
a lot faster.
I will keep your suggestion in mind, but I will keep it until last. I will
try the other things first.
> 3. http://forums.isaserver.org/ Dates of recently posted messages
> indicate active participation. I can't speak to forum members' expertise
> and attitude towards Linux users, though.
Attitude seems neutral, but I'm afraid that expertise isn't up to my
> 4. Speak with the ISA system administrator and have her/him look at the
> server logs to identify the problem? I know, I know... it seems almost
> blasphemous to the spirit of Linux DIY troubleshooting to suggest such an
> action, which is why I list it only as a last resort.
Will do, while he still owes me a favor. ;-)
More information about the ubuntu-users