You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/09/25 11:16:58 UTC
DO NOT REPLY [Bug 40599] New: - NTLM does not work with Internet Explorer
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40599>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40599
Summary: NTLM does not work with Internet Explorer
Product: Apache httpd-2
Version: 2.0.54
Platform: PC
URL: http://www.brueck.ws
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: mbrueck@gmx.net
I use a php script that does the NTLM challenge. Unfortunately this only works
with Firefox (1.5.0.7). No IE (from 5.0 to 6.0) works - after the final request,
the page will not show up.
I enclosed some whireshark headers:
No. Time Source Destination Protocol Info
2 0.453037 192.168.0.25 192.168.0.202 TCP 1499 >
http [SYN] Seq=0 Len=0 MSS=1460
3 0.448680 192.168.0.202 192.168.0.25 TCP http >
1499 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
4 0.448735 192.168.0.25 192.168.0.202 TCP 1499 >
http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
5 0.453533 192.168.0.25 192.168.0.202 HTTP GET
/bp/index.php HTTP/1.1
6 0.449109 192.168.0.202 192.168.0.25 TCP http >
1499 [ACK] Seq=1 Ack=373 Win=6432 Len=0
7 0.450580 192.168.0.202 192.168.0.25 HTTP
HTTP/1.1 401 Unauthorized
8 0.455151 192.168.0.202 192.168.0.25 TCP http >
1499 [FIN, ACK] Seq=226 Ack=373 Win=6432 Len=0
9 0.455177 192.168.0.25 192.168.0.202 TCP 1499 >
http [ACK] Seq=373 Ack=227 Win=65310 [TCP CHECKSUM INCORRECT] Len=0
10 0.455479 192.168.0.25 192.168.0.202 TCP 1499 >
http [FIN, ACK] Seq=373 Ack=227 Win=65310 [TCP CHECKSUM INCORRECT] Len=0
11 0.451032 192.168.0.202 192.168.0.25 TCP http >
1499 [ACK] Seq=227 Ack=374 Win=6432 Len=0
12 0.456433 192.168.0.25 192.168.0.202 TCP 1500 >
http [SYN] Seq=0 Len=0 MSS=1460
13 0.456523 192.168.0.202 192.168.0.25 TCP http >
1500 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
14 0.456541 192.168.0.25 192.168.0.202 TCP 1500 >
http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
15 0.452194 192.168.0.25 192.168.0.202 HTTP GET
/bp/index.php HTTP/1.1, NTLMSSP_NEGOTIATE
16 0.456795 192.168.0.202 192.168.0.25 TCP http >
1500 [ACK] Seq=1 Ack=459 Win=6432 Len=0
17 0.453824 192.168.0.202 192.168.0.25 HTTP
HTTP/1.1 401 Unauthorized, NTLMSSP_CHALLENGE
18 0.454348 192.168.0.25 192.168.0.202 HTTP GET
/bp/index.php HTTP/1.1, NTLMSSP_AUTH, User: BEG\mb
19 0.480430 192.168.0.202 192.168.0.25 TCP http >
1500 [FIN, ACK] Seq=283 Ack=1037 Win=7514 Len=0
20 0.480469 192.168.0.25 192.168.0.202 TCP 1500 >
http [ACK] Seq=1037 Ack=284 Win=65253 [TCP CHECKSUM INCORRECT] Len=0
21 0.485137 192.168.0.25 192.168.0.202 TCP 1500 >
http [FIN, ACK] Seq=1037 Ack=284 Win=65253 [TCP CHECKSUM INCORRECT] Len=0
22 0.481855 192.168.0.202 192.168.0.25 TCP http >
1500 [ACK] Seq=284 Ack=1038 Win=7514 Len=0
That is where the Internet Explorer stops. Interestingly, Firefox goes further:
No. Time Source Destination Protocol Info
5 4.303368 192.168.0.25 192.168.0.202 TCP 1501 >
http [SYN] Seq=0 Len=0 MSS=1460
6 4.307940 192.168.0.202 192.168.0.25 TCP http >
1501 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
7 4.307982 192.168.0.25 192.168.0.202 TCP 1501 >
http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
8 4.303671 192.168.0.25 192.168.0.202 HTTP GET
/bp/index.php HTTP/1.1
9 4.308207 192.168.0.202 192.168.0.25 TCP http >
1501 [ACK] Seq=1 Ack=524 Win=6432 Len=0
10 4.332528 192.168.0.202 192.168.0.25 HTTP
HTTP/1.1 401 Unauthorized
11 4.337226 192.168.0.25 192.168.0.202 TCP 1501 >
http [FIN, ACK] Seq=524 Ack=226 Win=65310 [TCP CHECKSUM INCORRECT] Len=0
12 4.343153 192.168.0.202 192.168.0.25 TCP http >
1501 [FIN, ACK] Seq=226 Ack=525 Win=6432 Len=0
13 4.343168 192.168.0.25 192.168.0.202 TCP 1501 >
http [ACK] Seq=525 Ack=227 Win=65310 [TCP CHECKSUM INCORRECT] Len=0
14 4.362033 192.168.0.25 192.168.0.202 TCP 1502 >
http [SYN] Seq=0 Len=0 MSS=1460
15 4.362141 192.168.0.202 192.168.0.25 TCP http >
1502 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
16 4.362157 192.168.0.25 192.168.0.202 TCP 1502 >
http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
17 4.366744 192.168.0.25 192.168.0.202 HTTP GET
/bp/index.php HTTP/1.1, NTLMSSP_NEGOTIATE
18 4.362387 192.168.0.202 192.168.0.25 TCP http >
1502 [ACK] Seq=1 Ack=610 Win=6699 Len=0
19 4.364125 192.168.0.202 192.168.0.25 HTTP
HTTP/1.1 401 Unauthorized, NTLMSSP_CHALLENGE
20 4.368641 192.168.0.202 192.168.0.25 TCP http >
1502 [FIN, ACK] Seq=283 Ack=610 Win=6699 Len=0
21 4.368660 192.168.0.25 192.168.0.202 TCP 1502 >
http [ACK] Seq=610 Ack=284 Win=65253 [TCP CHECKSUM INCORRECT] Len=0
22 4.377823 192.168.0.25 192.168.0.202 HTTP GET
/bp/index.php HTTP/1.1, NTLMSSP_AUTH, User: BEG\mb
23 4.377979 192.168.0.25 192.168.0.202 TCP 1502 >
http [FIN, ACK] Seq=1339 Ack=284 Win=65253 [TCP CHECKSUM INCORRECT] Len=0
24 4.373596 192.168.0.202 192.168.0.25 TCP http >
1502 [ACK] Seq=284 Ack=1340 Win=8019 Len=0
25 4.373921 192.168.0.25 192.168.0.202 TCP 1503 >
http [SYN] Seq=0 Len=0 MSS=1460
26 4.374004 192.168.0.202 192.168.0.25 TCP http >
1503 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
27 4.374018 192.168.0.25 192.168.0.202 TCP 1503 >
http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
28 4.378558 192.168.0.25 192.168.0.202 HTTP GET
/bp/index.php HTTP/1.1, NTLMSSP_AUTH, User: B\m
29 4.374200 192.168.0.202 192.168.0.25 TCP http >
1503 [ACK] Seq=1 Ack=730 Win=7290 Len=0
30 4.427499 192.168.0.202 192.168.0.25 HTTP
HTTP/1.1 302 Found (text/html)
31 4.427626 192.168.0.202 192.168.0.25 TCP http >
1503 [FIN, ACK] Seq=646 Ack=730 Win=7290 Len=0
32 4.427657 192.168.0.25 192.168.0.202 TCP 1503 >
http [ACK] Seq=730 Ack=647 Win=64890 [TCP CHECKSUM INCORRECT] Len=0
33 4.441356 192.168.0.25 192.168.0.202 TCP 1504 >
http [SYN] Seq=0 Len=0 MSS=1460
34 4.441411 192.168.0.25 192.168.0.202 TCP 1503 >
http [FIN, ACK] Seq=730 Ack=647 Win=64890 [TCP CHECKSUM INCORRECT] Len=0
35 4.437001 192.168.0.202 192.168.0.25 TCP http >
1504 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
36 4.437032 192.168.0.25 192.168.0.202 TCP 1504 >
http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
37 4.437048 192.168.0.202 192.168.0.25 TCP http >
1503 [ACK] Seq=647 Ack=731 Win=7290 Len=0
38 4.441631 192.168.0.25 192.168.0.202 HTTP GET
/bp/newpage.php HTTP/1.1
39 4.437267 192.168.0.202 192.168.0.25 TCP http >
1504 [ACK] Seq=1 Ack=526 Win=6432 Len=0
Note packet 28 - why is the request retransmitted?
I know that NTLM is not a priority but I hope you will find a solution!
Best Regards
Marco
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 40599] - NTLM does not work with Internet Explorer
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40599>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40599
------- Additional Comments From mbrueck@gmx.net 2006-09-25 12:22 -------
I am sorry that I did not explain enough:
the third "get" request does not open index.php ! I tried to debug the
ntlm-headers sent, but the script is not invoked despite the "get".
Is this correct???
Since I thought no use asking Microsoft I tried here.
Best Regards
Marco
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 40599] - NTLM does not work with Internet Explorer
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40599>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40599
mbrueck@gmx.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From mbrueck@gmx.net 2006-10-04 03:33 -------
I set up a 2.0.54 on a SuSE-box. There the script works as expected (3 GETs with
IE). Since this seems to be a Fedora 4 !?! specific httpd problem, I close the
bug . Thanks for your help so far!
Best regards
Marco
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 40599] - NTLM does not work with Internet Explorer
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40599>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40599
mbrueck@gmx.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 40599] - NTLM does not work with Internet Explorer
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40599>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40599
rpluem@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From rpluem@apache.org 2006-09-25 09:56 -------
I do not understand what this has to do with httpd. As far as I understand you
implement NTLM in your own php code. So where is the bug in httpd?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 40599] - NTLM does not work with Internet Explorer
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40599>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40599
rpluem@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |NEEDINFO
------- Additional Comments From rpluem@apache.org 2006-10-04 02:13 -------
(In reply to comment #2)
> I am sorry that I did not explain enough:
>
> the third "get" request does not open index.php ! I tried to debug the
> ntlm-headers sent, but the script is not invoked despite the "get".
Which 3rd GET are you talking about? The one with NTLMSSP_AUTH set?
If this really does not execute your PHP script please check the error log of
httpd and of PHP for any messages. Currently I still do not see a bug in httpd
here. Maybe the error logs return something useful.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 40599] - NTLM does not work with Internet Explorer
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40599>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40599
------- Additional Comments From mbrueck@gmx.net 2006-10-04 02:37 -------
This is my access_log (no error reported):
192.168.0.25 - - [04/Oct/2006:11:28:06 +0200] "GET /bp/index.php HTTP/1.1" 401 -
"-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.7) Gecko/20060909
Firefox/1.5.0.7"
192.168.0.25 - - [04/Oct/2006:11:28:06 +0200] "GET /bp/index.php HTTP/1.1" 401 -
"-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.7) Gecko/20060909
Firefox/1.5.0.7"
192.168.0.25 - - [04/Oct/2006:11:28:06 +0200] "GET /bp/index.php HTTP/1.1" 200
426 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.7) Gecko/20060909
Firefox/1.5.0.7"
192.168.0.25 - - [04/Oct/2006:11:29:47 +0200] "GET /bp/index.php HTTP/1.1" 401 -
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;
.NET CLR 1.1.4322)"
192.168.0.25 - - [04/Oct/2006:11:29:47 +0200] "GET /bp/index.php HTTP/1.1" 401 -
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;
.NET CLR 1.1.4322)"
You are right, the 3rd GET is the one with NTLMSSP_AUTH set. Shouldn't it appear
in the access_log? You can see, with Firefox it works...
Both httpd and php report no error, I will try to increase the level of reporting!
best regards
Marco
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org