# Problem: ntlmaps won't negotiate NTLM [solved]

## scotte

I'm experiencing a bit of an odd issue with ntlmaps hoping somebody can shed some light on. My browser (firefox) works just fine through our corporate web proxy, and with network tracing I see that it is negotiating NTLM and working fine. However, when I attempt to use ntlmaps (for wget/emerge/whatever) it seems that the two are unable to agree on an authentication method.

Below is a sample from ntlmaps logfile. Note especially the line:

```
*** Authentication methods allowed:
```

Shouldn't NTLM be listed there? Seems odd that it is blank! If anyone has any ideas, I'd really like to hear. Thanks!

```
GET http://X.Y.Z HTTP/1.0

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */*

Host: mirrors.tds.net

*** Connecting to remote server...(AA.AA.AA.AA:BBBB)...Done.

*** Sending client request header to remote server...Done.

*** Got remote server response header.

*** Remote server header:

=====

HTTP/1.0 407 Proxy Authentication Required

Server: squid/2.5.STABLE12

Mime-Version: 1.0

Date: Tue, 10 Jan 2006 22:38:27 GMT

Content-Type: text/html

Content-Length: 1410

Expires: Tue, 10 Jan 2006 22:38:27 GMT

X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0

X-Cache: MISS from ABC

Proxy-Connection: close

*** Server 'Content-Length' found to be 1410.

*** Authentication routine started.

*** Got Error 407 - "Proxy authentication required".

*** Authentication methods allowed:

*** There are no supported authentication methods in remote server response.

*** Passing 407 to client.

*** Authentication routine finished.

*** Sending remote server response header to client...Done.

*** Sent 1410 bytes to client. (all - 1, len - 1410)

*** Sent ALL the data from remote server to client. (Server buffer - 0 bytes)

*** Client closed connection.

*** Resetting client status...Done. (Client buffer - 0 bytes)

*** Remote server closed connection. (Server buffer - 0 bytes)

*** Resetting remote server status...Done. (Server buffer - 0 bytes)

*** Request completed.

*** Termination conditions detected (remote server and client closed connections). Stop Request issued.

*** Finishing procedure started.

*** Closing thread...Done.

```

[EDIT: See workaround below]Last edited by scotte on Wed Jan 11, 2006 12:30 am; edited 1 time in total

----------

## scotte

Here's the workaround I found:

I edited /usr/lib/ntlmaps/proxy_client.py and on line 595 I added code to spoof ntlmaps into thinking NTLM was advertised by the proxy. See >>>:

```

    def auth_407(self):

        auth = self.rserver_head_obj.get_param_values('Proxy-Authenticate')

>>>     auth = ['NTLM']

        upper_auth = []

        msg = ''

```

I will open a bug on the ntlm sourceforge site, apparantly some proxies do not advertised supported authentication protocols correctly.

----------

