Opened 3 years ago

Last modified 3 months ago

#94 new Bug / Defect

NTLM proxy authentication does not work well

Reported by: janjust Owned by:
Priority: minor Milestone:
Component: Networking Version: 2.1.4
Severity: Not set (if unsure, select this one) Keywords: http-proxy ntlm
Cc:

Description

OpenVPN configured to use an http proxy with NTLM proxy authentication cannot authenticate against an apache httpd server with the mod_ntlm module ; the NTLM message sent by OpenVPN seem corrupted.

Attachments (2)

openvpn-ntlm-error1.png (85.8 KB) - added by janjust 3 years ago.
openvpn-ntlm-error2.png (75.8 KB) - added by janjust 3 years ago.

Download all attachments as: .zip

Change History (4)

Changed 3 years ago by janjust

Changed 3 years ago by janjust

comment:1 Changed 20 months ago by dazo

Is this still an issue with 2.3-alpha releases? There are several commits in the 2.3 tree which have touched the ntlm.c code. A couple of them are listed below:

commit 9788322b9566101119484d992364e8b1bb1d4dd4
Author: Adriaan de Jong <dejong@fox-it.com>
Date:   Mon Oct 24 10:46:00 2011 +0200

    Got rid of a few magic numbers in ntlm.c
    
    Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
    Acked-by: James Yonan <james@openvpn.net>
    Acked-by: David Sommerseth <davids@redhat.com>
    Signed-off-by: David Sommerseth <davids@redhat.com>

commit e8c950f12dfd6187f084fb06b6fe6e57c030bdad
Author: Adriaan de Jong <dejong@fox-it.com>
Date:   Thu Jun 23 17:18:32 2011 +0200

    Refactored HMAC functions
    
    Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
    Acked-by: David Sommerseth <davids@redhat.com>
    Signed-off-by: David Sommerseth <davids@redhat.com>

commit 4a5a6033f95369a2d94e2dafff1d702f82f118ba
Author: Adriaan de Jong <dejong@fox-it.com>
Date:   Thu Jun 23 15:03:09 2011 +0200

    Refactored NTLM DES key generation
    
    Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
    Acked-by: David Sommerseth <davids@redhat.com>
    Signed-off-by: David Sommerseth <davids@redhat.com>

commit 183c3d190b12df6c0e9023e5a60f3aa2d3d66140
Author: Adriaan de Jong <dejong@fox-it.com>
Date:   Thu Jun 23 12:45:29 2011 +0200

    Refactored DES key manipulation functions
    
    Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
    Acked-by: David Sommerseth <davids@redhat.com>
    Acked-by: James Yonan <james@openvpn.net>
    Signed-off-by: David Sommerseth <davids@redhat.com>

comment:2 Changed 3 months ago by cron2

There's a number of open trac tickets regarding NTLM auth, but a distinct lack of responsiveness as far as "is this still open?" or "what does the proposed patch do?"...

See also #259

Note: See TracTickets for help on using tickets.