Can't get NTLM authentication to work with proxy connect. - stunnel-users

1 Apr 2009


      Hi there,
My stunnel client is on an Active Directory-authenticated XP workstation,
which needs to connect via a web proxy that authenticates using NTLM.
I populated my login details in protocolUsername and protocolPassword, but
the connection just dies when it reaches the proxy server. Looking at the
log, I get the following:-
2009.04.01 08:20:39 LOG6[2140:2892]: SSL connected: new session negotiated
2009.04.01 08:20:39 LOG6[2140:2892]: Negotiated ciphers: AES256-SHA SSLv3
Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2009.04.01 15:34:09 LOG7[2140:2708]: ssh3 accepted FD=356 from
127.0.0.1:1026
2009.04.01 15:34:09 LOG7[2140:2708]: Creating a new thread
2009.04.01 15:34:09 LOG7[2140:2708]: New thread created
2009.04.01 15:34:09 LOG7[2140:3896]: ssh3 started
2009.04.01 15:34:09 LOG7[2140:3896]: FD 356 in non-blocking mode
2009.04.01 15:34:09 LOG7[2140:3896]: TCP_NODELAY option set on local socket
2009.04.01 15:34:09 LOG5[2140:3896]: ssh3 accepted connection from
127.0.0.1:1026
2009.04.01 15:34:09 LOG7[2140:3896]: FD 472 in non-blocking mode
2009.04.01 15:34:09 LOG7[2140:3896]: ssh3 connecting 129.32.20.14:8080
2009.04.01 15:34:09 LOG7[2140:3896]: connect_wait: waiting 10 seconds
2009.04.01 15:34:09 LOG7[2140:3896]: connect_wait: connected
2009.04.01 15:34:09 LOG5[2140:3896]: ssh3 connected remote server from
130.32.82.203:1027
2009.04.01 15:34:09 LOG7[2140:3896]: Remote FD=472 initialized
2009.04.01 15:34:09 LOG7[2140:3896]: TCP_NODELAY option set on remote socket
2009.04.01 15:34:09 LOG5[2140:3896]: Negotiations for connect (client side)
started
2009.04.01 15:34:09 LOG7[2140:3896]:  -> CONNECT xxxx.ath.cx:443 HTTP/1.1
2009.04.01 15:34:09 LOG7[2140:3896]:  -> Host: xxxx.ath.cx:443
2009.04.01 15:34:09 LOG7[2140:3896]:  -> Proxy-Connection: keep-alive
2009.04.01 15:34:09 LOG7[2140:3896]:  -> Proxy-Authorization: NTLM
TlRMTVNTUAABAAAAAgIAAA==
2009.04.01 15:34:09 LOG7[2140:3896]:  ->
2009.04.01 15:34:09 LOG3[2140:3896]: Unexpected socket close (fdgetline)
2009.04.01 15:34:09 LOG5[2140:3896]: Connection reset: 0 bytes sent to SSL,
0 bytes sent to socket
2009.04.01 15:34:09 LOG7[2140:3896]: ssh3 finished (1 left)
If I decode the NTLM auth string, I only get the NTLMSSP header, which seems
to be incomplete. If I recall correctly the domain and workstation info
should be passed on as well.
So question is, how do I get this to work? Is there any specific format that
I need to use when using the protocol* settings for NTLM?
Thanks and regards.