From sarah.milani at gmail.com Mon Oct 3 19:02:03 2011 From: sarah.milani at gmail.com (Sarah Milani) Date: Mon, 3 Oct 2011 15:02:03 -0400 Subject: ntlm authentication Message-ID: Hi ^^ I need implemment ntlm authetication...but i get this message error on console: 000.10| Xaction.cc:109: error: 1024/1024 (c94) proxy authentication without authenticate headers 1317663887.910116# obj: http://192.168.7.20:3128/w1828aa3b.10f71152:00000008/t03/_0000000f.jpegflags: rpt,basic,GET,chb, size: 0/4180 xact: 1828aa3b.10f71152:000004f8 HTTP/1.0 407 Proxy Authentication Required Server: squid Mime-Version: 1.0 Date: Mon, 03 Oct 2011 18:39:34 GMT Content-Type: text/html Content-Length: 3865 X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 X-Cache: MISS from host.teste.mt.br Via: x (squid) Connection: close At my workload file i set: Robot R = { kind = "R101"; pop_model = { pop_distr = popUnif(); }; recurrence = 75% / cntImage.cachable; // req_rate = 20/sec; credentials = [ "TESTE/sarah:secret"]; origins = S.addresses; // where the origin servers are addresses = ['192.168.1.1' ** 5 ]; // use clone operator }; Where TESTE is my domain, sarah (user) : secret (password)... But. didn't pass. =/ Any sugestion? -- Atenciosamente, Sarah Milani "T? te tornas eternamente respons?vel por aquilo que clicas" -------------- next part -------------- An HTML attachment was scrubbed... URL: From dmitry.kurochkin at measurement-factory.com Mon Oct 3 23:24:33 2011 From: dmitry.kurochkin at measurement-factory.com (Dmitry Kurochkin) Date: Tue, 04 Oct 2011 03:24:33 +0400 Subject: ntlm authentication In-Reply-To: References: Message-ID: <87hb3p3bgu.fsf@gmail.com> Hi Sarah. On Mon, 3 Oct 2011 15:02:03 -0400, Sarah Milani wrote: > Hi ^^ > I need implemment ntlm authetication...but i get this message error on > console: > > 000.10| Xaction.cc:109: error: 1024/1024 (c94) proxy authentication without > authenticate headers > 1317663887.910116# obj: > http://192.168.7.20:3128/w1828aa3b.10f71152:00000008/t03/_0000000f.jpegflags: > rpt,basic,GET,chb, size: 0/4180 xact: 1828aa3b.10f71152:000004f8 > HTTP/1.0 407 Proxy Authentication Required > Server: squid > Mime-Version: 1.0 > Date: Mon, 03 Oct 2011 18:39:34 GMT > Content-Type: text/html > Content-Length: 3865 > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 > X-Cache: MISS from host.teste.mt.br > Via: x (squid) > Connection: close > > > At my workload file i set: > > > Robot R = { > kind = "R101"; > pop_model = { pop_distr = popUnif(); }; > recurrence = 75% / cntImage.cachable; // > req_rate = 20/sec; > credentials = [ "TESTE/sarah:secret"]; > origins = S.addresses; // where the origin servers are > addresses = ['192.168.1.1' ** 5 ]; // use clone operator > }; > > Where TESTE is my domain, sarah (user) : secret (password)... > > > But. didn't pass. =/ > > Any sugestion? > First of all, NTLM and Negotiate authentication requires client-side persistent connections so make sure they are enabled in your tests. See Agent::pconn_use_lmt and related options for PGL knobs [1]. As for the error, it means that the proxy requested authentication (407 status code), but did not sent a Proxy-Authenticate header. You can see that in the proxy reply headers dump above. It may happen because persistent connections are not enabled. So I suggest you to fix that first. If it does not help, you need to look at the proxy configuration. Regards, Dmitry [1] http://www.web-polygraph.org/docs/reference/pgl/types.html#type:docs/reference/pgl/types/Agent > > > > -- > Atenciosamente, > > Sarah Milani > > "T? te tornas eternamente respons?vel por aquilo que clicas" From ufa at ig.com.br Thu Oct 20 13:37:46 2011 From: ufa at ig.com.br (=?ISO-8859-1?Q?F=E1bio_C=E9sar_Miranda_de_Ara=FAjo?=) Date: Thu, 20 Oct 2011 11:37:46 -0200 Subject: Problems using robots with authentication Message-ID: Hello :) I am trying to do some testing with our new McAfee proxy, using polygraph, but we are failing to do it with proxy authentication. Client ends with this message: -------------------------------------------------------------------- HTTP/1.1 407 authenticationrequired Content-Type: text/html Cache-Control: no-cache Content-Length: 2594 Proxy-Connection: Close Proxy-Authenticate: NTLM Proxy-Authenticate: Basic realm="McAfee Web Gateway" NtlmAuth.cc:798: assertion failed: 'false' Aborted ----------------------------------------------------------------------------- it seems to me that the client receive the 407 message, but something goes wrong and the program exits. Here follows the robot configuration: Robot R = { credentials = [ "myusername:mypassword" ]; kind = "R101"; interests = [ "public": 50% ]; pop_model = { pop_distr = popUnif(); }; recurrence = 55% / SimpleContent.cachable; // adjusted to get 55% DHR req_rate = 1/sec; origins = S.addresses; // where the origin servers are addresses = ['172.17.205.177']; // use clone operator }; Any help will be much appreciated. Thank you ufa From dmitry.kurochkin at measurement-factory.com Thu Oct 20 14:19:25 2011 From: dmitry.kurochkin at measurement-factory.com (Dmitry Kurochkin) Date: Thu, 20 Oct 2011 18:19:25 +0400 Subject: Problems using robots with authentication In-Reply-To: References: Message-ID: <87zkgv3fv6.fsf@gmail.com> Hello. On Thu, 20 Oct 2011 11:37:46 -0200, F?bio C?sar Miranda de Ara?jo wrote: > Hello :) > > I am trying to do some testing with our new McAfee proxy, using > polygraph, but we are failing to do it with proxy authentication. > > Client ends with this message: > -------------------------------------------------------------------- > HTTP/1.1 407 authenticationrequired > Content-Type: text/html > Cache-Control: no-cache > Content-Length: 2594 > Proxy-Connection: Close > Proxy-Authenticate: NTLM > Proxy-Authenticate: Basic realm="McAfee Web Gateway" > > > NtlmAuth.cc:798: assertion failed: 'false' > Aborted > ----------------------------------------------------------------------------- > > it seems to me that the client receive the 407 message, but something > goes wrong and the program exits. > > Here follows the robot configuration: > > Robot R = { > credentials = [ "myusername:mypassword" ]; > kind = "R101"; > interests = [ "public": 50% ]; > pop_model = { pop_distr = popUnif(); }; > recurrence = 55% / SimpleContent.cachable; // adjusted to get 55% DHR > > req_rate = 1/sec; > > origins = S.addresses; // where the origin servers are > addresses = ['172.17.205.177']; // use clone operator > }; > > Any help will be much appreciated. That is a bug in Web Polygraph. Polygraph should print a sane error instead of asserting. NTLM authentication requires OpenSSL, but you built Polygraph without it. Try rebuilding with OpenSSL support. Please let me know if it helps. NTLM and Negotiate authentication requires client-side persistent connections so make sure they are enabled in your tests. See Agent::pconn_use_lmt and related options for PGL knobs [1]. Also, NTLM credentials should contain NTLM domain, see [2] for details. Note, the proxy offers NTLM or Basic authentication in the above reply. But currently Polygraph does not support authentication scheme selection, it just uses the first one and ignores the others. If you configure the proxy to offer only Basic authentication or send Basic authentication header first, Polygraph would use it and none of the above changes would be needed. Regards, Dmitry [1] http://www.web-polygraph.org/docs/reference/pgl/types.html#type:docs/reference/pgl/types/Agent [2] http://www.web-polygraph.org/docs/userman/auth.html > Thank you > > ufa > _______________________________________________ > Users mailing list > Users at web-polygraph.org > http://www.web-polygraph.org/mailman/listinfo/users