[stunnel-users] Issue with NTLM authorisation

Vijay Raghavan P vijairagav210 at gmail.com
Thu Feb 28 19:43:02 CET 2019 

Hi,
I have to create tunnel between server and client. Client have proxy
configured in between.
So i use below in /etc/stunnel/stunnel.config. User name and password is
correct

pid = /var/run/stunnel.pid

cert = /home/client.crt

key = /home/client.key

options = NO_SSLv2

debug = 7

output = /var/log/stunnel4/stunnel.log

client = yes

CAfile=/home/**chain.pem

verify=2

[test]

protocol = connect

accept = 127.0.0.1:10000

protocolHost = host.vmj.com:443

connect = <PROXYIP>:<PROXY port>

protocolUsername = vmj.com\user1

protocolPassword = VMJTEST!123

protocolAuthentication = NTLM


In stunnel.log, i can see below error


2019.02.28 18:36:50 LOG6[2103:140737354032896]: Client-mode connect
protocol negotiations started

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> CONNECT host.vmj.com:443
HTTP/1.1

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Host: host.vmj.com:443

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Proxy-Connection:
keep-alive

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Proxy-Authorization:
NTLM TlRMTVNTUAABAAAAAgIAAA==

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  ->

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- HTTP/1.1 407 Proxy
Authentication Required

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Server: squid/3.3.8

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Mime-Version: 1.0

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Date: Thu, 28 Feb 2019
18:36:33 GMT

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Type: text/html

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Length: 3285

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Squid-Error:
ERR_CACHE_ACCESS_DENIED 0

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Vary: Accept-Language

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Language: en

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Proxy-Authenticate:
NTLM
TlRMTVNTUAACAAAAAAAAADgAAAACAgACueAMGSlaSZ0AAAAAAAAAAAAAAAA4AAAABgEAAAAAAA8=

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Cache: MISS from
squidproxy.vmj.com

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Cache-Lookup: NONE
from squidproxy.vmj.com:3128

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Via: 1.1
squidproxy.vmj.com (squid/3.3.8)

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Connection: keep-alive

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <-

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> CONNECT host.vmj.com:443
 HTTP/1.1

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Host: host.vmj.com:443

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  -> Proxy-Authorization:
NTLM
TlRMTVNTUAADAAAAAAAAAGcAAAAYABgAQAAAAAAAAABnAAAADwAPAFgAAAAAAAAAZwAAAAAAAABnAAAAAgIAAAGbqH5v5ML8msrfm3R1yDBsS+ai3ldihnZybmkuY29tXGJoYXJ0aQ==

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  ->

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- HTTP/1.1 407 Proxy
Authentication Required

2019.02.28 18:36:50 LOG3[2103:140737354032896]: CONNECT request rejected

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Server: squid/3.3.8

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Mime-Version: 1.0

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Date: Thu, 28 Feb 2019
18:36:33 GMT

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Type: text/html

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Length: 3363

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Squid-Error:
ERR_CACHE_ACCESS_DENIED 0

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Vary: Accept-Language

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Content-Language: en

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Proxy-Authenticate: NTLM

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Cache: MISS from
squidproxy.vmj.com

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- X-Cache-Lookup: NONE
from squidproxy.vmj.com:3128

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Via: 1.1
squidproxy.vmj.com (squid/3.3.8)

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <- Connection: keep-alive

2019.02.28 18:36:50 LOG7[2103:140737354032896]:  <-

2019.02.28 18:36:50 LOG5[2103:140737354032896]: Connection reset: 0 byte(s)
sent to SSL, 0 byte(s) sent to socket

2019.02.28 18:36:50 LOG7[2103:140737354032896]: Remote socket (FD=14) closed

2019.02.28 18:36:50 LOG7[2103:140737354032896]: Local socket (FD=3) closed

2019.02.28 18:36:50 LOG7[2103:140737354032896]: Service [test] finished (0
left)



If i try with basic authentication it works fine.

Its urgent , can some one help me out.


Thanks,

Vj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190301/9d56a59b/attachment-0001.html>

More information about the stunnel-users mailing list