search

SamDecrock / node-http-ntlm

Node.js module to authenticate using HTTP NTLM
MIT License
192 stars 89 forks source link

Supports only NTLMv1? or supports NTLMv2 as well? #59

Closed raghuureddy closed 1 year ago

raghuureddy commented 7 years ago

Hello Sam,

My SharePoint site uses NTLMv2 & on the IIS server 'lmcompatibilitylevel' registry is set as '5'.

This module supports only NTLMv1? I see that in the code the naming convention is as below.

create_LM_hashed_password_v1

Wondering if this only supports NTLMv1.

I am getting always 401 Unauthorized from SharePoint site & its passing all handshake including type3 message. But the response comes as 401.

SamDecrock commented 7 years ago

I suppose it doesn't. If you can provide me with the protocol for v2, I can have a look at it and implement... if I find the time.

emcho92 commented 7 years ago

I can confirm that this does not work with NTLM v2. This project seems to support v2, but it is not working for me for some reason. I just started looking into the code, and if get it working I'll follow up here, on what can be done to support NTLM v2.

emcho92 commented 7 years ago

No progress on this one. Seems there is no js library to handle NTLM v2 support. @raghuureddy Have you made any progress? @SamDecrock Any ideas on this one?

SamDecrock commented 7 years ago

Do you know what server side applications/services use NTLM v2 so I can set up one myself and check it out?

2017-02-20 10:46 GMT+01:00 vertigo notifications@github.com:

No progress on this one. Seems there is no js library to handle NTLM v2 support. @raghuureddy https://github.com/raghuureddy Have you made any progress? @SamDecrock https://github.com/SamDecrock Any ideas on this one?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/SamDecrock/node-http-ntlm/issues/59#issuecomment-281032439, or mute the thread https://github.com/notifications/unsubscribe-auth/AAhmV7IUA2jZHCMFTT-koHq0CNYMKd3pks5reWDjgaJpZM4LihbC .

s-KaiNet commented 7 years ago

Hi Sam,
please take a look at this comment here
As far as I understand all you need is to change reg value to 2 or something bigger than 2 (less than 6)

Simran-B commented 6 years ago

So the solution is to change the registry key HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel to 5?

https://technet.microsoft.com/en-us/library/cc960646.aspx

@raghuureddy @emcho92 Can you test this?

Dror-Bar commented 6 years ago

Any update on this?

s-KaiNet commented 6 years ago

@Dror-Bar I use this one (npm) which works very well for both ntlm v1 and v2. I migrated from httpntlm like 6 months ago, no issues so far.

Dror-Bar commented 6 years ago

Thanks. I wish there were some real example usage, but I'll definitely check it out!

s-KaiNet commented 6 years ago

I use it in my own module, so you can dig into the file OnpremiseUserCredentials.ts for a real usage example.

The class itself performs NTLM auth and returns credentials via Authorization header. You can attach that header to your ongoing http request against NTLM protected resource. keep alive agent also seems required.

Dror-Bar commented 5 years ago

@s-KaiNet Thanks a lot. I have created a simplified version for my needs. Perhaps this will help someone:

const request = require('request'); 
const ntlm = require('ntlm-client');
const https = require('https'); 
const keepAliveAgent = new https.Agent({ keepAlive: true }); 
const type1msg = ntlm.createType1Message();

const URL = 'your url';
const USERNAME = 'your username';
const PASSWORD = 'your password';

request(
       {
           url: URL,
           headers: { 'Authorization': type1msg },
           agent: keepaliveAgent,    //   I think this is required
           ca: ca        // I also needed ca
       },
           function (error, response) {
               if (error) console.log(error);
               const type2msg = ntlm.decodeType2Message(response.headers['www-authenticate']);
               const type3msg = ntlm.createType3Message(type2msg, USERNAME, PASSWORD);

               request(
                           {
                               url: URL,
                               headers: { 'Authorization': type3msg },
                               agent: keepaliveAgent,
                               ca: ca
                           },
                               function (err, res, body) {
                                   if (err) console.log(err);
                                   console.log(body);
                          });
 });
pano9000 commented 1 year ago

I guess seeing that https://github.com/SamDecrock/node-http-ntlm/commit/ca31baf93451ad387dbb84b4f8642eb9aa380a1f , which adds NTLMv2 support, has been merged, this topic can potentially be closed?

SamDecrock commented 1 year ago

Indeed. Thanks for the heads up.