[stunnel-users] Issue with NTLM authorisation
Vijay Raghavan P
vijairagav210 at gmail.com
Thu Feb 28 19:43:02 CET 2019
Hi,
I have to create tunnel between server and client. Client have proxy
configured in between.
So i use below in /etc/stunnel/stunnel.config. User name and password is
correct
pid = /var/run/stunnel.pid
cert = /home/client.crt
key = /home/client.key
options = NO_SSLv2
debug = 7
output = /var/log/stunnel4/stunnel.log
client = yes
CAfile=/home/**chain.pem
verify=2
[test]
protocol = connect
accept = 127.0.0.1:10000
protocolHost = host.vmj.com:443
connect = <PROXYIP>:<PROXY port>
protocolUsername = vmj.com\user1
protocolPassword = VMJTEST!123
protocolAuthentication = NTLM
In stunnel.log, i can see below error
2019.02.28 18:36:50 LOG6[2103:140737354032896]: Client-mode connect
protocol negotiations started
2019.02.28 18:36:50 LOG7[2103:140737354032896]: -> CONNECT host.vmj.com:443
HTTP/1.1
2019.02.28 18:36:50 LOG7[2103:140737354032896]: -> Host: host.vmj.com:443
2019.02.28 18:36:50 LOG7[2103:140737354032896]: -> Proxy-Connection:
keep-alive
2019.02.28 18:36:50 LOG7[2103:140737354032896]: -> Proxy-Authorization:
NTLM TlRMTVNTUAABAAAAAgIAAA==
2019.02.28 18:36:50 LOG7[2103:140737354032896]: ->
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- HTTP/1.1 407 Proxy
Authentication Required
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Server: squid/3.3.8
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Mime-Version: 1.0
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Date: Thu, 28 Feb 2019
18:36:33 GMT
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Content-Type: text/html
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Content-Length: 3285
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- X-Squid-Error:
ERR_CACHE_ACCESS_DENIED 0
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Vary: Accept-Language
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Content-Language: en
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Proxy-Authenticate:
NTLM
TlRMTVNTUAACAAAAAAAAADgAAAACAgACueAMGSlaSZ0AAAAAAAAAAAAAAAA4AAAABgEAAAAAAA8=
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- X-Cache: MISS from
squidproxy.vmj.com
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- X-Cache-Lookup: NONE
from squidproxy.vmj.com:3128
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Via: 1.1
squidproxy.vmj.com (squid/3.3.8)
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Connection: keep-alive
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <-
2019.02.28 18:36:50 LOG7[2103:140737354032896]: -> CONNECT host.vmj.com:443
HTTP/1.1
2019.02.28 18:36:50 LOG7[2103:140737354032896]: -> Host: host.vmj.com:443
2019.02.28 18:36:50 LOG7[2103:140737354032896]: -> Proxy-Authorization:
NTLM
TlRMTVNTUAADAAAAAAAAAGcAAAAYABgAQAAAAAAAAABnAAAADwAPAFgAAAAAAAAAZwAAAAAAAABnAAAAAgIAAAGbqH5v5ML8msrfm3R1yDBsS+ai3ldihnZybmkuY29tXGJoYXJ0aQ==
2019.02.28 18:36:50 LOG7[2103:140737354032896]: ->
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- HTTP/1.1 407 Proxy
Authentication Required
2019.02.28 18:36:50 LOG3[2103:140737354032896]: CONNECT request rejected
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Server: squid/3.3.8
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Mime-Version: 1.0
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Date: Thu, 28 Feb 2019
18:36:33 GMT
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Content-Type: text/html
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Content-Length: 3363
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- X-Squid-Error:
ERR_CACHE_ACCESS_DENIED 0
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Vary: Accept-Language
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Content-Language: en
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Proxy-Authenticate: NTLM
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- X-Cache: MISS from
squidproxy.vmj.com
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- X-Cache-Lookup: NONE
from squidproxy.vmj.com:3128
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Via: 1.1
squidproxy.vmj.com (squid/3.3.8)
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <- Connection: keep-alive
2019.02.28 18:36:50 LOG7[2103:140737354032896]: <-
2019.02.28 18:36:50 LOG5[2103:140737354032896]: Connection reset: 0 byte(s)
sent to SSL, 0 byte(s) sent to socket
2019.02.28 18:36:50 LOG7[2103:140737354032896]: Remote socket (FD=14) closed
2019.02.28 18:36:50 LOG7[2103:140737354032896]: Local socket (FD=3) closed
2019.02.28 18:36:50 LOG7[2103:140737354032896]: Service [test] finished (0
left)
If i try with basic authentication it works fine.
Its urgent , can some one help me out.
Thanks,
Vj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190301/9d56a59b/attachment-0001.html>
More information about the stunnel-users
mailing list