[stunnel-users] Issue with NTLM authorisation

28 Feb 2019


      Hi,
I have to create tunnel between server and client. Client have proxy
configured in between.
So i use below in /etc/stunnel/stunnel.config. User name and password is
correct
pid = /var/run/stunnel.pid
cert = /home/client.crt
key = /home/client.key
options = NO_SSLv2
debug = 7
output = /var/log/stunnel4/stunnel.log
client = yes
CAfile=/home/**chain.pem
verify=2
[test]
protocol = connect
accept = 127.0.0.1:10000
protocolHost = host.vmj.com:443
connect = <PROXYIP>:<PROXY port>
protocolUsername = vmj.com\user1
protocolPassword = VMJTEST!123
protocolAuthentication = NTLM
In stunnel.log, i can see below error
2019.02.28 18:36:50 LOG6[2103:140737354032896]: Client-mode connect
protocol negotiations started
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> CONNECT host.vmj.com:443
HTTP/1.1
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Host: host.vmj.com:443
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Proxy-Connection:
keep-alive
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Proxy-Authorization:
NTLM TlRMTVNTUAABAAAAAgIAAA==
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  ->
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- HTTP/1.1 407 Proxy
Authentication Required
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Server: squid/3.3.8
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Mime-Version: 1.0
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Date: Thu, 28 Feb 2019
18:36:33 GMT
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Type: text/html
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Length: 3285
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Squid-Error:
ERR_CACHE_ACCESS_DENIED 0
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Vary: Accept-Language
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Language: en
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Proxy-Authenticate:
NTLM
TlRMTVNTUAACAAAAAAAAADgAAAACAgACueAMGSlaSZ0AAAAAAAAAAAAAAAA4AAAABgEAAAAAAA8=
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Cache: MISS from
squidproxy.vmj.com
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Cache-Lookup: NONE
from squidproxy.vmj.com:3128
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Via: 1.1
squidproxy.vmj.com (squid/3.3.8)
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Connection: keep-alive
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <-
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> CONNECT host.vmj.com:443
 HTTP/1.1
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Host: host.vmj.com:443
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Proxy-Authorization:
NTLM
TlRMTVNTUAADAAAAAAAAAGcAAAAYABgAQAAAAAAAAABnAAAADwAPAFgAAAAAAAAAZwAAAAAAAABnAAAAAgIAAAGbqH5v5ML8msrfm3R1yDBsS+ai3ldihnZybmkuY29tXGJoYXJ0aQ==
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  ->
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- HTTP/1.1 407 Proxy
Authentication Required
2019.02.28 18:36:50 LOG3[2103:140737354032896]: CONNECT request rejected
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Server: squid/3.3.8
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Mime-Version: 1.0
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Date: Thu, 28 Feb 2019
18:36:33 GMT
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Type: text/html
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Length: 3363
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Squid-Error:
ERR_CACHE_ACCESS_DENIED 0
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Vary: Accept-Language
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Language: en
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Proxy-Authenticate: NTLM
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Cache: MISS from
squidproxy.vmj.com
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Cache-Lookup: NONE
from squidproxy.vmj.com:3128
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Via: 1.1
squidproxy.vmj.com (squid/3.3.8)
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Connection: keep-alive
2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <-
2019.02.28 18:36:50 LOG5[2103:140737354032896]: Connection reset: 0 byte(s)
sent to SSL, 0 byte(s) sent to socket
2019.02.28 18:36:50 LOG7[2103:140737354032896]: Remote socket (FD=14) closed
2019.02.28 18:36:50 LOG7[2103:140737354032896]: Local socket (FD=3) closed
2019.02.28 18:36:50 LOG7[2103:140737354032896]: Service [test] finished (0
left)
If i try with basic authentication it works fine.
Its urgent , can some one help me out.
Thanks,
Vj

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[stunnel-users] Issue with NTLM authorisation