STunnel NTLM Proxy problem - stunnel-users

4 Aug 2011


      Has anyone use Stunnel to works with NTLM proxy?
I am using Stunnel 4.35 on window
It works fine straught and basic proxy but fails to use NTLM proxy. My config for NTLM is like this
---------------- configuration ---------------------
[https]
accept  = someport
connect = proxy:proxy_port
protocol = connect
protocolAuthentication = NTLM
protocolHost = dest:dest_port
protocolUsername = domain\username
protocolPassword = password
-----------------------------------------------------
I checked the traffic using the win shark
-----------------win shark for stunnel -----------------
CONNECT dest:destport HTTP/1.1 , NTLMSSP_AUTH, User: \domain\username
Proxy-Authorization: NTLM some long string
NTLM Secure Service Provider
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_AUTH (0x00000003)
Lan Manager Response: Empty
NTLM Response: 951842e95a3e1a0001d8ac6fb2980a004b82ffa75232795d
…
Domain name: NULL
User name: domain\username
…
------------------------------------------------------
STunnel is not sending the domain and sends the user name consisting of domain and username.
When IE is configured to use NLM proxy, traffic is as
-------------- win shark for IE -----------------------------
CONNECT dest:destport HTTP/1.1 , NTLMSSP_AUTH, User: domain\username
Proxy-Authorization: NTLM some long string
NTLM Secure Service Provider
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_AUTH (0x00000003)
Lan Manager Response: 10f2d8147a2651de00000000000000000000000000000000
…
NTLM Response: 951842e95a3e1a0001d8ac6fb2980a004b82ffa75232795d
…
Domain name: domain
…
User name: username
..
Host name: host
--------------------------------------------------------------
---- stunnel log ---------------
2011.08.04 10:11:16 LOG7[2384:5480]: Service https started
2011.08.04 10:11:16 LOG7[2384:5480]: Option TCP_NODELAY set on local socket
2011.08.04 10:11:16 LOG5[2384:5480]: Service https accepted connection from 127.0.0.1:9913
2011.08.04 10:11:16 LOG7[2384:5480]: remote socket: FD=1456 allocated (non-blocking mode)
2011.08.04 10:11:16 LOG6[2384:5480]: connect_blocking: connecting 172.23.11.161:8080
2011.08.04 10:11:16 LOG7[2384:5480]: connect_blocking: s_poll_wait 172.23.11.161:8080: waiting 10 seconds
2011.08.04 10:11:16 LOG5[2384:5480]: connect_blocking: connected 172.23.11.161:8080
2011.08.04 10:11:16 LOG5[2384:5480]: Service https connected remote server from 172.23.11.45:9914
2011.08.04 10:11:16 LOG7[2384:5480]: Remote FD=1456 initialized
2011.08.04 10:11:16 LOG7[2384:5480]: Option TCP_NODELAY set on remote socket
2011.08.04 10:11:16 LOG5[2384:5480]: Negotiations for connect (client side) started
2011.08.04 10:11:16 LOG7[2384:5480]:  -> CONNECT 172.23.11.35:443 HTTP/1.1
2011.08.04 10:11:16 LOG7[2384:5480]:  -> Host: 172.23.11.35:443
2011.08.04 10:11:16 LOG7[2384:5480]:  -> Proxy-Connection: keep-alive
2011.08.04 10:11:16 LOG7[2384:5480]:  -> Proxy-Authorization: NTLM TlRMTVNTUAABAAAAAgIAAA==
2011.08.04 10:11:16 LOG7[2384:5480]:  -> 
2011.08.04 10:11:16 LOG7[2384:5480]:  <- HTTP/1.1 407 Proxy Authentication Required
2011.08.04 10:11:16 LOG7[2384:5480]:  <- Server: FreeProxy/4.50
2011.08.04 10:11:16 LOG7[2384:5480]:  <- Date: Thu, 04 Aug 2011 17:11:16 GMT
2011.08.04 10:11:16 LOG7[2384:5480]:  <- Content-Type: text/html
2011.08.04 10:11:16 LOG7[2384:5480]:  <- Transfer-Encoding: Chunked
2011.08.04 10:11:16 LOG7[2384:5480]:  <- Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAADgAAAACAgACATR6TVahgFIAAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=
2011.08.04 10:11:16 LOG7[2384:5480]:  <- Proxy-Connection: Keep-Alive
2011.08.04 10:11:16 LOG7[2384:5480]:  <- 
2011.08.04 10:11:16 LOG7[2384:5480]:  -> CONNECT 172.23.11.35:443 HTTP/1.1
2011.08.04 10:11:16 LOG7[2384:5480]:  -> Host: 172.23.11.35:443
2011.08.04 10:11:16 LOG7[2384:5480]:  -> Proxy-Authorization: NTLM TlRMTVNTUAADAAAAAAAAAGwAAAAYABgAQAAAAAAAAABsAAAAFAAUAFgAA......1jDUOrcoBBus0aPbH44onfcpGZvdW5kc3RvbmVccHN5cy1udGxt
2011.08.04 10:11:16 LOG7[2384:5480]:  -> 
2011.08.04 10:11:16 LOG7[2384:5480]:  <- 7E5
2011.08.04 10:11:16 LOG3[2384:5480]: CONNECT request rejected
2011.08.04 10:11:16 LOG7[2384:5480]:  <- <html>
2011.08.04 10:11:16 LOG7[2384:5480]:  <- 
2011.08.04 10:11:16 LOG5[2384:5480]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2011.08.04 10:11:16 LOG7[2384:5480]: Service https finished (0 left)
2011.08.04 10:11:16 LOG7[2384:5480]: str_stats: 0 block(s), 0 byte(s)
--------------------------------
Please help!!!
Subhash Sharma