PHP Classes

NTLM authentication

Recommend this page to a friend!

      PHP HTTP protocol client  >  All threads  >  NTLM authentication  >  (Un) Subscribe thread alerts  
Subject:NTLM authentication
Summary:Problem to use the NTLM authentication with test_http
Author:Guilleaume Valery
Date:2005-10-24 13:09:03
Update:2006-01-30 19:50:41

  1. NTLM authentication   Reply   Report abuse  
Guilleaume Valery - 2005-10-24 13:09:03

Thank you for the good work. I have only a little problem with the test_http.php. I would like to use it on a url with a NTLM authentication.

For that, I have put in the code of test_http.php :

$user="myuser"; /* It's a local user on the server */
$realm="nameofserver"; /* It's local on the server */
$workstation="????"; /* I don't know if I must put the name of the client or the server ; with the FQDN or not ? */

Could you help me, because when I start the script, I have this error :

<TITLE>Test for Manuel Lemos' PHP HTTP class</TITLE>
<H1><CENTER>Test for Manuel Lemos' PHP HTTP class</CENTER></H1>
<H2><LI>Opening connection to:</H2>
Resolving HTTP server domain &quot;myserver&quot;...<br />
Connecting to HTTP server IP ipaddressofserver...<br />
Connected to myserver<br />
<H2><LI>Sending request for page:</H2>

Login: mylogin
Password: *******</PRE>
C GET /perfnettest/ HTTP/1.1<br />
C Host: myserver.fqdn:81<br />
C User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)<br />
C Pragma: nocache<br />
C <br />
GET /perfnettest/ HTTP/1.1</PRE>
<H2><LI>Request headers:</LI</H2>
Host: myserver.fqdn:81
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Pragma: nocache
S HTTP/1.1 401 Unauthorized<br />
S Content-Length: 1656<br />
S Content-Type: text/html<br />
S Server: Microsoft-IIS/6.0<br />
S WWW-Authenticate: Negotiate<br />
S WWW-Authenticate: NTLM<br />
S Date: Mon, 24 Oct 2005 12:43:52 GMT<br />
S <br />
Disconnected from myserver.fqdn<br />
<CENTER><H2>Error: authentication error: authentication mechanism NTLM may not be used: the requested credential user is not defined</H2><CENTER>

Thank you very much,

Valéry Guilleaume

  2. Re: NTLM authentication   Reply   Report abuse  
Manuel Lemos - 2005-10-24 16:25:14 - In reply to message 1 from Guilleaume Valery
It is hard to tell without seeing your script.

Anyway, to authenticate you should be specifying a URL like this:


where user and password are the UrlEncode versions of the user and password that you need to access.

You may also set the user and password with the AuthUser and AuthPassword connection arguments.

  3. Re: NTLM authentication   Reply   Report abuse  
Guilleaume Valery - 2005-10-25 12:10:26 - In reply to message 2 from Manuel Lemos

For a NTLM authentication I must also use this type of authentication http://user:password@domain/page ? I thinked that I must fill (in your example test_http.php) the fields : $user="myuser";$password="mypassword";$realm="nameofserver";$workstation="????";
And it will be ok with that.

My script is very like your exemple. For the moment, I only try to do a connection on a web page with NTLM credentials.

Thank you very much for your help,


  4. Re: NTLM authentication   Reply   Report abuse  
Manuel Lemos - 2005-10-25 16:20:59 - In reply to message 3 from Guilleaume Valery
As I said, you do not need to specify the user and password in the URL if you set the AuthUser and AuthPassword arguments.

The example takes the $user and $password variables to form the URL. But you can do it in whatever way it pleases you.

The realm (Windows domain) and workstation name are set in the arguments from the respective variables.

  5. Re: NTLM authentication   Reply   Report abuse  
Cyril GIRONDE - 2006-01-30 12:52:28 - In reply to message 4 from Manuel Lemos
Hi Manuel,

How i can cancel the auth NTLM
Because i canot use POST & GET
i can register login domain host in session but after i cannot use my standart script with form post & get


best regards


  6. Re: NTLM authentication   Reply   Report abuse  
Manuel Lemos - 2006-01-30 19:50:41 - In reply to message 5 from Cyril GIRONDE
You cannot disable the NTLM authentication without changing the SASL library. What you can do is to tell the HTTP class that you want to give priority to some other authentication method, setting the authentication_mechanism .

However, I suspect that it is your server that is requiring NTLM authentication and you may not be able to access without authenticating with NTLM.