Normally you won't have a reason to use another domain, the server
appplication uses the domain of the user account it is running with.
Make sure your application is running with the domain account you want to
use AND sufficent privileges (needed to query the user database).
You have to give a domain user using domain\user - if, an only if, the
server
you're sending this information to is in *another* domain (with domain
trustship) than the server application is working with.
So that's necessary when domains are set up to trust each other. The
web access I'm writing this email from prompts only for user name and
password. I use this webmailer for years and it has always be the same, it
looks the same with every browser that supports NTLM auth (IE, Firefox,
konqueror, countless others on Unix and Solaris).
I give you an example:
My user account is in the default domain "g" where the server is in, but
other users from a domain (ie "d") that is trusted by domain "g" have to
write d\myusername. The difference is that Windows will query the trusted
domain instead to look in it's own user database. in this special case
you need to specify another domain.
- You will need hm I don't remember years ago (not admin rights but
at least "helper" privileges) to be able to query for other domain users
than yourself. It's the credentials from the logged in (server) application
user, if you are running with a local account you won't be able to query the
domain controller.
- You can *not* just give specify another domain in the user field if the
serevrs are not set up to trust each other
- You can also *not* authenticate users of another trusted domain, if you
use trusted domains, without your application user having privileges in
every of the trusted domains
Benjamin Stadin
Fastream Technologies schrieb:
, thank you for tolerating my insistence. I am trying to understand.
There is just one issue left: under IE6XP, when I log in, I am not asked
of
any NTLM-domain name! And assuming that it is like IE-FTP client, I cannot
find the log in change option in any menu! Does anybody know the logic
behind this? I have seen the words of Francois but I am opting for just
the
opposite of auto logging in, I want the _option_ to be able to
select the NTLM-domain.
Best Regards,
SZ

Thank you for the explanation Benjamin! I got it now. BTW, one note for
others: does not support NTLM. :(

Message
From: "Stadin, Benjamin" <Benjamin.Stadin (AT) akad (DOT) med.uni-giessen.de>
To: <twsocket (AT) elists (DOT) org>
Sent: Wednesday, September 13, 2006 7:38 PM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

: Normally you won't have a reason to use another domain, the server
: appplication uses the domain of the user account it is running with.
: Make sure your application is running with the domain account you want to
: use AND sufficent privileges (needed to query the user database).
:
: You have to give a domain user using domain\user - if, an only if, the
: server
: you're sending this information to is in *another* domain (with domain
: trustship) than the server application is working with.
:
: So that's necessary when domains are set up to trust each other. The

: web access I'm writing this email from prompts only for user name and
: password. I use this webmailer for years and it has always be the same, it
: looks the same with every browser that supports NTLM auth (IE, Firefox,
: konqueror, countless others on Unix and Solaris).
:
: I give you an example:
: My user account is in the default domain "g" where the server is in, but
: other users from a domain (ie "d") that is trusted by domain "g" have to
: write d\myusername. The difference is that Windows will query the trusted
: domain instead to look in it's own user database. in this special
case
: you need to specify another domain.
:
: - You will need hm I don't remember years ago (not admin rights
but
: at least "helper" privileges) to be able to query for other domain users
: than yourself. It's the credentials from the logged in (server)
application
: user, if you are running with a local account you won't be able to query
the
: domain controller.
: - You can *not* just give specify another domain in the user field if the
: serevrs are not set up to trust each other
: - You can also *not* authenticate users of another trusted domain, if you
: use trusted domains, without your application user having privileges in
: every of the trusted domains
:
: Benjamin Stadin
:
:
:
: Fastream Technologies schrieb:
: >
: , thank you for tolerating my insistence. I am trying to understand.
: >
: There is just one issue left: under IE6XP, when I log in, I am not asked
: of
: any NTLM-domain name! And assuming that it is like IE-FTP client, I
cannot
: find the log in change option in any menu! Does anybody know the logic
: behind this? I have seen the words of Francois but I am opting for just
: the
: opposite of auto logging in, I want the _option_ to be able to
: select the NTLM-domain.
: >
: Best Regards,
: >
: SZ
:
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be

Arno,

You have the option to enter the NTLM domain name in msg1 of NTLM (base64
encoded). That's what I mean.

Second, I still cannot get the FF to work. I believe this is an issue at
least some customers would complain if I deploy now, wrong?

Regards,

SZ

Message
From: "Stadin, Benjamin" <Benjamin.Stadin (AT) akad (DOT) med.uni-giessen.de>
To: <twsocket (AT) elists (DOT) org>
Sent: Wednesday, September 13, 2006 7:38 PM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

: Normally you won't have a reason to use another domain, the server
: appplication uses the domain of the user account it is running with.
: Make sure your application is running with the domain account you want to
: use AND sufficent privileges (needed to query the user database).
:
: You have to give a domain user using domain\user - if, an only if, the
: server
: you're sending this information to is in *another* domain (with domain
: trustship) than the server application is working with.
:
: So that's necessary when domains are set up to trust each other. The

: web access I'm writing this email from prompts only for user name and
: password. I use this webmailer for years and it has always be the same, it
: looks the same with every browser that supports NTLM auth (IE, Firefox,
: konqueror, countless others on Unix and Solaris).
:
: I give you an example:
: My user account is in the default domain "g" where the server is in, but
: other users from a domain (ie "d") that is trusted by domain "g" have to
: write d\myusername. The difference is that Windows will query the trusted
: domain instead to look in it's own user database. in this special
case
: you need to specify another domain.
:
: - You will need hm I don't remember years ago (not admin rights
but
: at least "helper" privileges) to be able to query for other domain users
: than yourself. It's the credentials from the logged in (server)
application
: user, if you are running with a local account you won't be able to query
the
: domain controller.
: - You can *not* just give specify another domain in the user field if the
: serevrs are not set up to trust each other
: - You can also *not* authenticate users of another trusted domain, if you
: use trusted domains, without your application user having privileges in
: every of the trusted domains
:
: Benjamin Stadin
:
:
:
: Fastream Technologies schrieb:
: >
: , thank you for tolerating my insistence. I am trying to understand.
: >
: There is just one issue left: under IE6XP, when I log in, I am not asked
: of
: any NTLM-domain name! And assuming that it is like IE-FTP client, I
cannot
: find the log in change option in any menu! Does anybody know the logic
: behind this? I have seen the words of Francois but I am opting for just
: the
: opposite of auto logging in, I want the _option_ to be able to
: select the NTLM-domain.
: >
: Best Regards,
: >
: SZ
:
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be

Fastream Technologies wrote:
Arno,

You have the option to enter the NTLM domain name in msg1 of NTLM
(base64 encoded). That's what I mean.

Again: NTLM message 1 is sent by the the client/browser!!

Second, I still cannot get the FF to work. I believe this is an issue
at least some customers would complain if I deploy now, wrong?

Regards,

SZ

Message
From: "Stadin, Benjamin" <Benjamin.Stadin (AT) akad (DOT) med.uni-giessen.de>
To: <twsocket (AT) elists (DOT) org>
Sent: Wednesday, September 13, 2006 7:38 PM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)


>Normally you won't have a reason to use another domain, the server
>appplication uses the domain of the user account it is running with.
>Make sure your application is running with the domain account you
>want to use AND sufficent privileges (needed to query the user
>database).
>
>You have to give a domain user using domain\user - if, an only if,
>the server
>you're sending this information to is in *another* domain (with
>domain trustship) than the server application is working with.
>
>So that's necessary when domains are set up to trust each other. The
>web access I'm writing this email from prompts only for user
>name and password. I use this webmailer for years and it has always
>be the same, it looks the same with every browser that supports NTLM
>auth (IE, Firefox, konqueror, countless others on Unix and Solaris).
>
>I give you an example:
>My user account is in the default domain "g" where the server is in,
>but other users from a domain (ie "d") that is trusted by domain "g"
>have to write d\myusername. The difference is that Windows will
>query the trusted domain instead to look in it's own user database.
>in this special case you need to specify another domain.
>
>- You will need hm I don't remember years ago (not admin
>rights but at least "helper" privileges) to be able to query for
>other domain users than yourself. It's the credentials from the
>logged in (server) application user, if you are running with a local
>account you won't be able to query the domain controller.
>- You can *not* just give specify another domain in the user field
>if the serevrs are not set up to trust each other
>- You can also *not* authenticate users of another trusted domain,
>if you use trusted domains, without your application user having
>privileges in every of the trusted domains
>
>Benjamin Stadin
>
>
>
>Fastream Technologies schrieb:

, thank you for tolerating my insistence. I am trying to
understand.

There is just one issue left: under IE6XP, when I log in, I am not
asked of any NTLM-domain name! And assuming that it is like IE-FTP
client, I cannot find the log in change option in any menu! Does
anybody know the logic behind this? I have seen the words of
Francois but I am opting for just the opposite of auto
logging in, I want the _option_ to be able to select the NTLM-
domain.

Best Regards,

SZ
>
>--
>To unsubscribe or change your settings for TWSocket mailing list
>please goto
>Visit our website at http://www.overbyte.be

I am trying to understand why the FF does not work

Message
From: "Arno Garrels" <arno.garrels (AT) gmx (DOT) de>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Wednesday, September 13, 2006 8:05 PM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

: Fastream Technologies wrote:
: Arno,
:
: You have the option to enter the NTLM domain name in msg1 of NTLM
: (base64 encoded). That's what I mean.
:
: Again: NTLM message 1 is sent by the the client/browser!!
:
:
:
: Second, I still cannot get the FF to work. I believe this is an issue
: at least some customers would complain if I deploy now, wrong?
:
: Regards,
:
: SZ
:
: Message
: From: "Stadin, Benjamin" <Benjamin.Stadin (AT) akad (DOT) med.uni-giessen.de>
: To: <twsocket (AT) elists (DOT) org>
: Sent: Wednesday, September 13, 2006 7:38 PM
: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:
:
: >Normally you won't have a reason to use another domain, the server
: >appplication uses the domain of the user account it is running with.
: >Make sure your application is running with the domain account you
: >want to use AND sufficent privileges (needed to query the user
: >database).
: >
: >You have to give a domain user using domain\user - if, an only if,
: >the server
: >you're sending this information to is in *another* domain (with
: >domain trustship) than the server application is working with.
: >
: >So that's necessary when domains are set up to trust each other. The
: >web access I'm writing this email from prompts only for user
: >name and password. I use this webmailer for years and it has always
: >be the same, it looks the same with every browser that supports NTLM
: >auth (IE, Firefox, konqueror, countless others on Unix and Solaris).
: >
: >I give you an example:
: >My user account is in the default domain "g" where the server is in,
: >but other users from a domain (ie "d") that is trusted by domain "g"
: >have to write d\myusername. The difference is that Windows will
: >query the trusted domain instead to look in it's own user database.
: >in this special case you need to specify another domain.
: >
: >- You will need hm I don't remember years ago (not admin
: >rights but at least "helper" privileges) to be able to query for
: >other domain users than yourself. It's the credentials from the
: >logged in (server) application user, if you are running with a local
: >account you won't be able to query the domain controller.
: >- You can *not* just give specify another domain in the user field
: >if the serevrs are not set up to trust each other
: >- You can also *not* authenticate users of another trusted domain,
: >if you use trusted domains, without your application user having
: >privileges in every of the trusted domains
: >
: >Benjamin Stadin
: >
: >
: >
: >Fastream Technologies schrieb:
:
: , thank you for tolerating my insistence. I am trying to
: understand.
:
: There is just one issue left: under IE6XP, when I log in, I am not
: asked of any NTLM-domain name! And assuming that it is like IE-FTP
: client, I cannot find the log in change option in any menu! Does
: anybody know the logic behind this? I have seen the words of
: Francois but I am opting for just the opposite of auto
: logging in, I want the _option_ to be able to select the NTLM-
: domain.
:
: Best Regards,
:
: SZ
: >
: >--
: >To unsubscribe or change your settings for TWSocket mailing list
: >please goto
: >Visit our website at http://www.overbyte.be
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be

Scrive Fastream Technologies <gates (AT) fastream (DOT) com>:

[]

Second, I still cannot get the FF to work. I believe this is an issue at
least some customers would complain if I deploy now, wrong?

But does IE work? In that case compare the log made with ethereal.

Bye, Maurizio.

This mail has been sent using Alpikom webmail system
http://www.alpikom.it

Hello,

Here is the problematic FF log:

13.09.2006 21:50:09 Connection

13.09.2006 21:50:09 From Local
GET / HTTP/1.1Host: Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
Firefox/1.5.0.6Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
keep-alive

13.09.2006 21:50:09 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLMContent-Length:
629Content-Type: text/htmlConnection: keep-aliveServer: Fastream IQ
Reverse Proxy<HTML><HEAD><TITLE>401

13.09.2006 21:50:17 From Local
GET / HTTP/1.1Host: Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
Firefox/1.5.0.6Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
keep-aliveAuthorization: NTLM

13.09.2006 21:50:17 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM

629Content-Type: text/htmlConnection: keep-aliveServer: Fastream IQ
Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
Required</TITLE></HEAD><BDY><FNT

13.09.2006 21:50:17 From Local
GET / HTTP/1.1Host: Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
Firefox/1.5.0.6Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
keep-aliveAuthorization: NTLM

13.09.2006 21:50:17 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
Content-Length: 629Content-Type: text/htmlConnection:
keep-aliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401

The IE6 response has a different WWW-authenticate. If NTLM is like Digest,
then they should not be expected to be similar anyway (due to hashing).

Regards,

SZ

Message
From: "Maurizio Lotauro" <Lotauro.Maurizio (AT) dnet (DOT) it>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Wednesday, September 13, 2006 9:06 PM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

: Scrive Fastream Technologies <gates (AT) fastream (DOT) com>:
:
: []
:
: Second, I still cannot get the FF to work. I believe this is an issue at
: least some customers would complain if I deploy now, wrong?
:
: But does IE work? In that case compare the log made with ethereal.
:
:
: Bye, Maurizio.
:
:
:
: This mail has been sent using Alpikom webmail system
: http://www.alpikom.it
:
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be

To sum up: we have just one bug/problem left. It is the FF compatibility and
with IE it works fine now. However, Arno claims the code runs well on his
FF1.5.0.6 but the same browser fails here to authenticate. I thought maybe
that's because of my Turkish locale but neither my username nor my password
contains any language-specific characters. Also user "a" with a blank
password also fails. I have just one other browser that is and it does
not support NTLM. I tried with FlashGet and it worked fine in login mode
though. So either this is a FF bug or what?

Thanks to all who helped me today: Arno, Benjamin, Maurizio and everybody
else who simply took our traffic!

Best Regards,

SZ

Message
From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Wednesday, September 13, 2006 10:04 PM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

: Hello,
:
: Here is the problematic FF log:
:
: 13.09.2006 21:50:09 Connection
:
: 13.09.2006 21:50:09 From Local
: GET / HTTP/1.1Host: Mozilla/5.0
: (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
: Firefox/1.5.0.6Accept:
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
: keep-alive
:
: 13.09.2006 21:50:09 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
NTLMContent-Length:
: 629Content-Type: text/htmlConnection: keep-aliveServer: Fastream IQ
: Reverse Proxy<HTML><HEAD><TITLE>401
:
:
: 13.09.2006 21:50:17 From Local
: GET / HTTP/1.1Host: Mozilla/5.0
: (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
: Firefox/1.5.0.6Accept:
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
: keep-aliveAuthorization: NTLM
:
:
: 13.09.2006 21:50:17 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
:

: 629Content-Type: text/htmlConnection: keep-aliveServer: Fastream IQ
: Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
: Required</TITLE></HEAD><BDY><FNT
:
:
: 13.09.2006 21:50:17 From Local
: GET / HTTP/1.1Host: Mozilla/5.0
: (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
: Firefox/1.5.0.6Accept:
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
: keep-aliveAuthorization: NTLM
:

:
: 13.09.2006 21:50:17 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
: Content-Length: 629Content-Type: text/htmlConnection:
: keep-aliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401
:
:
:
: The IE6 response has a different WWW-authenticate. If NTLM is like Digest,
: then they should not be expected to be similar anyway (due to hashing).
:
: Regards,
:
: SZ
:
: Message
: From: "Maurizio Lotauro" <Lotauro.Maurizio (AT) dnet (DOT) it>
: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
: Sent: Wednesday, September 13, 2006 9:06 PM
: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:
:
:: Scrive Fastream Technologies <gates (AT) fastream (DOT) com>:
::
:: []
::
:: Second, I still cannot get the FF to work. I believe this is an issue
at
:: least some customers would complain if I deploy now, wrong?
::
:: But does IE work? In that case compare the log made with ethereal.
::
::
:: Bye, Maurizio.
::
::
::
:: This mail has been sent using Alpikom webmail system
:: http://www.alpikom.it
::
:: --
:: To unsubscribe or change your settings for TWSocket mailing list
:: please goto
:: Visit our website at http://www.overbyte.be
:
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be

News! 9.01 available online from www.opera.com supports NTLM! :) Yet
the bug also occurs on that software :(

Arno, can you try my exe with ?

Best Regards,

SZ

Message
From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Wednesday, September 13, 2006 10:46 PM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

: To sum up: we have just one bug/problem left. It is the FF compatibility
and
: with IE it works fine now. However, Arno claims the code runs well on his
: FF1.5.0.6 but the same browser fails here to authenticate. I thought maybe
: that's because of my Turkish locale but neither my username nor my
password
: contains any language-specific characters. Also user "a" with a blank
: password also fails. I have just one other browser that is and it
does
: not support NTLM. I tried with FlashGet and it worked fine in login mode
: though. So either this is a FF bug or what?
:
: Thanks to all who helped me today: Arno, Benjamin, Maurizio and everybody
: else who simply took our traffic!
:
: Best Regards,
:
: SZ
:
: Message
: From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
: Sent: Wednesday, September 13, 2006 10:04 PM
: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:
:
:: Hello,
::
:: Here is the problematic FF log:
::
:: 13.09.2006 21:50:09 Connection
::
:: 13.09.2006 21:50:09 From Local
:: GET / HTTP/1.1Host: Mozilla/5.0
:: (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
:: Firefox/1.5.0.6Accept:
::
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
:: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
:: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
:: keep-alive
::
:: 13.09.2006 21:50:09 From Remote
:: HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
: NTLMContent-Length:
:: 629Content-Type: text/htmlConnection: keep-aliveServer: Fastream IQ
:: Reverse Proxy<HTML><HEAD><TITLE>401
::
::
:: 13.09.2006 21:50:17 From Local
:: GET / HTTP/1.1Host: Mozilla/5.0
:: (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
:: Firefox/1.5.0.6Accept:
::
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
:: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
:: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
:: keep-aliveAuthorization: NTLM
::
::
:: 13.09.2006 21:50:17 From Remote
:: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
::
:

:: 629Content-Type: text/htmlConnection: keep-aliveServer: Fastream IQ
:: Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
:: Required</TITLE></HEAD><BDY><FNT
::
::
:: 13.09.2006 21:50:17 From Local
:: GET / HTTP/1.1Host: Mozilla/5.0
:: (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
:: Firefox/1.5.0.6Accept:
::
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
:: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
:: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
:: keep-aliveAuthorization: NTLM
::
:

::
:: 13.09.2006 21:50:17 From Remote
:: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
:: Content-Length: 629Content-Type: text/htmlConnection:
:: keep-aliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401
::
::
::
:: The IE6 response has a different WWW-authenticate. If NTLM is like
Digest,
:: then they should not be expected to be similar anyway (due to hashing).
::
:: Regards,
::
:: SZ
::
:: Message
:: From: "Maurizio Lotauro" <Lotauro.Maurizio (AT) dnet (DOT) it>
:: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
:: Sent: Wednesday, September 13, 2006 9:06 PM
:: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
::
::
::: Scrive Fastream Technologies <gates (AT) fastream (DOT) com>:
:::
::: []
:::
::: Second, I still cannot get the FF to work. I believe this is an issue
: at
::: least some customers would complain if I deploy now, wrong?
:::
::: But does IE work? In that case compare the log made with ethereal.
:::
:::
::: Bye, Maurizio.
:::
:::
:::
::: This mail has been sent using Alpikom webmail system
::: http://www.alpikom.it
:::
::: --
::: To unsubscribe or change your settings for TWSocket mailing list
::: please goto
::: Visit our website at http://www.overbyte.be
::
:: --
:: To unsubscribe or change your settings for TWSocket mailing list
:: please goto
:: Visit our website at http://www.overbyte.be
:
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be

Scrive Fastream Technologies <gates (AT) fastream (DOT) com>:

Hello,

Here is the problematic FF log:

[]

A file version would be better, and of both browser.

The IE6 response has a different WWW-authenticate. If NTLM is like Digest,
then they should not be expected to be similar anyway (due to hashing).

But they should not differ in the domain/user part.

Bye, Maurizio.

This mail has been sent using Alpikom webmail system
http://www.alpikom.it

Here is the full log:

FireFox 1.5.0.6:

13.09.2006 21:50:09 Connection

13.09.2006 21:50:09 From Local
GET / HTTP/1.1Host: Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
Firefox/1.5.0.6Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
keep-alive

13.09.2006 21:50:09 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLMContent-Length:
629Content-Type: text/htmlConnection: keep-aliveServer: Fastream IQ
Reverse Proxy<HTML><HEAD><TITLE>401 Authorization

13.09.2006 21:50:17 From Local
GET / HTTP/1.1Host: Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
Firefox/1.5.0.6Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
keep-aliveAuthorization: NTLM

13.09.2006 21:50:17 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM

629Content-Type: text/htmlConnection: keep-aliveServer: Fastream IQ
Reverse Proxy<HTML><HEAD><TITLE>401 Authorization

13.09.2006 21:50:17 From Local
GET / HTTP/1.1Host: Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
Firefox/1.5.0.6Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
keep-aliveAuthorization: NTLM

13.09.2006 21:50:17 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
Content-Length: 629Content-Type: text/htmlConnection:
keep-aliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401

Still asking for password hereForever

IE6XP:

13.09.2006 21:48:06 Connection

13.09.2006 21:48:06 From Local
GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel, application/msword,
application/vnd.ms-powerpoint, */*Accept-Language: trAccept-Encoding:
gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; SV1; .NET CLR 1.1.4322)Host:
Keep-AliveCookie: IQDomain="

13.09.2006 21:48:06 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLMContent-Length:
629Content-Type: text/htmlConnection: Keep-AliveServer: Fastream IQ
Reverse Proxy<HTML><HEAD><TITLE>401 Authorization

13.09.2006 21:48:06 From Local
GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel, application/msword,
application/vnd.ms-powerpoint, */*Accept-Language: trAccept-Encoding:
gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; SV1; .NET CLR 1.1.4322)Host:
Keep-AliveAuthorization: NTLM

IQDomain="

13.09.2006 21:48:06 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM

629Content-Type: text/htmlConnection: Keep-AliveServer: Fastream IQ
Reverse Proxy<HTML><HEAD><TITLE>401 Authorization

13.09.2006 21:48:06 From Local
GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel, application/msword,
application/vnd.ms-powerpoint, */*Accept-Language: trAccept-Encoding:
gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; SV1; .NET CLR 1.1.4322)Host:
Keep-AliveAuthorization: NTLM

IQDomain="

13.09.2006 21:48:06 From Remote
HTTP/1.1 200 KContent-Type: text/htmlConnection: Keep-AliveServer:
Fastream IQ Web/FTP ServerContent-Length: 14718Content-Encoding:
gzipSet-Cookie: IQDomain="; PATH=/;
EXPIRES=Thu, 01 Jan 2009 21:48:06;"Via: Fastream IQ Reverse
Proxy<data here>

I cut the data sections to obey the ICS list 40kB limit here.

Best Regards,

SZ

Hello,

With FF, after msg3,

Sec := FPSFT^.AcceptSecurityContext(@FHCred,
pHCtx,
@InBuffDesc,
ASC_REQ_SEQUENCE_DETECT, //
context requirements
SECURITY_NATIVE_DREP,
@FHCtx,
@BuffDesc,
ContextAttr,
Lifetime);
if Sec < 0 then
begin // enters here with Sec = -2^31
{$IFDEF DEBUG_EXCEPTINS}
raise Exception.CreateFmt('Init context failed: %d', [Sec]);
{$ELSE}
Result := '';
FState := lsDoneErr;
Exit;
{$ENDIF}
end;

Arno, do you have any idea?

Best Regards,

SZ

Message
From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 8:20 AM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

: Here is the full log:
:
: FireFox 1.5.0.6:
:
: 13.09.2006 21:50:09 Connection
:
: 13.09.2006 21:50:09 From Local
: GET / HTTP/1.1Host: Mozilla/5.0
: (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
: Firefox/1.5.0.6Accept:
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
: keep-alive
:
: 13.09.2006 21:50:09 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
NTLMContent-Length:
: 629Content-Type: text/htmlConnection: keep-aliveServer: Fastream IQ
: Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
:
:
: 13.09.2006 21:50:17 From Local
: GET / HTTP/1.1Host: Mozilla/5.0
: (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
: Firefox/1.5.0.6Accept:
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
: keep-aliveAuthorization: NTLM
:
:
: 13.09.2006 21:50:17 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
:

: 629Content-Type: text/htmlConnection: keep-aliveServer: Fastream IQ
: Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
:
:
: 13.09.2006 21:50:17 From Local
: GET / HTTP/1.1Host: Mozilla/5.0
: (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
: Firefox/1.5.0.6Accept:
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
: keep-aliveAuthorization: NTLM
:

:
: 13.09.2006 21:50:17 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
: Content-Length: 629Content-Type: text/htmlConnection:
: keep-aliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401
:
:
: Still asking for password hereForever
:
: IE6XP:
:
: 13.09.2006 21:48:06 Connection
:
: 13.09.2006 21:48:06 From Local
: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg,
: application/x-shockwave-flash, application/vnd.ms-excel,
application/msword,
: application/vnd.ms-powerpoint, */*Accept-Language: trAccept-Encoding:
: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
: 5.1; SV1; .NET CLR 1.1.4322)Host:
: Keep-AliveCookie: IQDomain="
:
: 13.09.2006 21:48:06 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
NTLMContent-Length:
: 629Content-Type: text/htmlConnection: Keep-AliveServer: Fastream IQ
: Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
:
:
: 13.09.2006 21:48:06 From Local
: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg,
: application/x-shockwave-flash, application/vnd.ms-excel,
application/msword,
: application/vnd.ms-powerpoint, */*Accept-Language: trAccept-Encoding:
: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
: 5.1; SV1; .NET CLR 1.1.4322)Host:
: Keep-AliveAuthorization: NTLM
:

: IQDomain="
:
: 13.09.2006 21:48:06 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
:

: 629Content-Type: text/htmlConnection: Keep-AliveServer: Fastream IQ
: Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
:
:
: 13.09.2006 21:48:06 From Local
: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg,
: application/x-shockwave-flash, application/vnd.ms-excel,
application/msword,
: application/vnd.ms-powerpoint, */*Accept-Language: trAccept-Encoding:
: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
: 5.1; SV1; .NET CLR 1.1.4322)Host:
: Keep-AliveAuthorization: NTLM
:

: IQDomain="
:
: 13.09.2006 21:48:06 From Remote
: HTTP/1.1 200 KContent-Type: text/htmlConnection: Keep-AliveServer:
: Fastream IQ Web/FTP ServerContent-Length: 14718Content-Encoding:
: gzipSet-Cookie: IQDomain="; PATH=/;
: EXPIRES=Thu, 01 Jan 2009 21:48:06;"Via: Fastream IQ Reverse
: Proxy<data here>
:
:
: I cut the data sections to obey the ICS list 40kB limit here.
:
: Best Regards,
:
: SZ
:
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be

I tested with successfully!

Change the format string below in order to get a hex display like:
raise Exception.CreateFmt('Init context failed: 0x%x', [Sec]);

Post the hex value.

Fastream Technologies wrote:
Hello,

With FF, after msg3,

Sec := FPSFT^.AcceptSecurityContext(@FHCred,
pHCtx,
@InBuffDesc,
ASC_REQ_SEQUENCE_DETECT, //
context requirements
SECURITY_NATIVE_DREP,
@FHCtx,
@BuffDesc,
ContextAttr,
Lifetime);
if Sec < 0 then
begin // enters here with Sec = -2^31
{$IFDEF DEBUG_EXCEPTINS}
raise Exception.CreateFmt('Init context failed: %d',
[Sec]); {$ELSE}
Result := '';
FState := lsDoneErr;
Exit;
{$ENDIF}
end;

Arno, do you have any idea?

Best Regards,

SZ

Message
From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 8:20 AM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)


>Here is the full log:
>
>FireFox 1.5.0.6:
>
>13.09.2006 21:50:09 Connection
>
>13.09.2006 21:50:09 From Local
>GET / HTTP/1.1Host: Mozilla/5.0
>(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
>Firefox/1.5.0.6Accept:
>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
>en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
>windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
>keep-alive
>
>13.09.2006 21:50:09 From Remote
>HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLMContent-
>Length: 629Content-Type: text/htmlConnection: keep-
>aliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401
>Authorization
>
>13.09.2006 21:50:17 From Local
>GET / HTTP/1.1Host: Mozilla/5.0
>(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
>Firefox/1.5.0.6Accept:
>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
>en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
>windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
>keep-aliveAuthorization: NTLM
>
>
>13.09.2006 21:50:17 From Remote
>HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
>
>629Content-Type: text/htmlConnection: keep-aliveServer:
>Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
>
>
>13.09.2006 21:50:17 From Local
>GET / HTTP/1.1Host: Mozilla/5.0
>(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
>Firefox/1.5.0.6Accept:
>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
>en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
>windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
>keep-aliveAuthorization: NTLM
>
>
>13.09.2006 21:50:17 From Remote
>HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
>Content-Length: 629Content-Type: text/htmlConnection:
>keep-aliveServer: Fastream IQ Reverse
>Proxy<HTML><HEAD><TITLE>401
>
>Still asking for password hereForever
>
>IE6XP:
>
>13.09.2006 21:48:06 Connection
>
>13.09.2006 21:48:06 From Local
>GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
>image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
>excel, application/msword, application/vnd.ms-powerpoint,
>*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
>Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
>CLR 1.1.4322)Host: Keep-
>AliveCookie: IQDomain="
>
>13.09.2006 21:48:06 From Remote
>HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLMContent-
>Length: 629Content-Type: text/htmlConnection: Keep-
>AliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401
>Authorization
>
>13.09.2006 21:48:06 From Local
>GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
>image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
>excel, application/msword, application/vnd.ms-powerpoint,
>*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
>Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
>CLR 1.1.4322)Host: Keep-
>AliveAuthorization: NTLM
>IQDomain="
>
>13.09.2006 21:48:06 From Remote
>HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
>
>629Content-Type: text/htmlConnection: Keep-AliveServer:
>Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
>
>
>13.09.2006 21:48:06 From Local
>GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
>image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
>excel, application/msword, application/vnd.ms-powerpoint,
>*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
>Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
>CLR 1.1.4322)Host: Keep-
>AliveAuthorization: NTLM
>IQDomain="
>
>13.09.2006 21:48:06 From Remote
>HTTP/1.1 200 KContent-Type: text/htmlConnection: Keep-
>AliveServer: Fastream IQ Web/FTP ServerContent-Length:
>14718Content-Encoding: gzipSet-Cookie:
>IQDomain="; PATH=/;
>EXPIRES=Thu, 01 Jan 2009 21:48:06;"Via: Fastream IQ Reverse
>Proxy<data here
>
>
>I cut the data sections to obey the ICS list 40kB limit here.
>
>Best Regards,
>
>SZ
>
>--
>To unsubscribe or change your settings for TWSocket mailing list
>please goto
>Visit our website at http://www.overbyte.be

It is very strange that when I enabled DEBUG_EXCEPTINS, it worked and gave
no errors/exceptions! But I cannot deploy in this form ;(

SZ

Message
From: "Arno Garrels" <arno.garrels (AT) gmx (DOT) de>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 10:49 AM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

:I tested with successfully!
:
: Change the format string below in order to get a hex display like:
: raise Exception.CreateFmt('Init context failed: 0x%x', [Sec]);
:
: Post the hex value.
:
:
:
: Fastream Technologies wrote:
: Hello,
: >
: With FF, after msg3,
: >
: Sec := FPSFT^.AcceptSecurityContext(@FHCred,
: pHCtx,
: @InBuffDesc,
: ASC_REQ_SEQUENCE_DETECT, //
: context requirements
: SECURITY_NATIVE_DREP,
: @FHCtx,
: @BuffDesc,
: ContextAttr,
: Lifetime);
: if Sec < 0 then
: begin // enters here with Sec = -2^31
: {$IFDEF DEBUG_EXCEPTINS}
: raise Exception.CreateFmt('Init context failed: %d',
: [Sec]); {$ELSE}
: Result := '';
: FState := lsDoneErr;
: Exit;
: {$ENDIF}
: end;
: >
: Arno, do you have any idea?
: >
: Best Regards,
: >
: SZ
: >
: Message
: From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
: Sent: Thursday, September 14, 2006 8:20 AM
: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
: >
: >
: >Here is the full log:
: >>
: >FireFox 1.5.0.6:
: >>
: >13.09.2006 21:50:09 Connection
: >>
: >13.09.2006 21:50:09 From Local
: >GET / HTTP/1.1Host: Mozilla/5.0
: >(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
: >Firefox/1.5.0.6Accept:
: >>
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
: >en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
: >windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
: >keep-alive
: >>
: >13.09.2006 21:50:09 From Remote
: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLMContent-
: >Length: 629Content-Type: text/htmlConnection: keep-
: >aliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401
: >Authorization
: >>
: >13.09.2006 21:50:17 From Local
: >GET / HTTP/1.1Host: Mozilla/5.0
: >(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
: >Firefox/1.5.0.6Accept:
: >>
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
: >en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
: >windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
: >keep-aliveAuthorization: NTLM
: >
: >>
: >13.09.2006 21:50:17 From Remote
: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
: >>

: >629Content-Type: text/htmlConnection: keep-aliveServer:
: >Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
: >
: >>
: >13.09.2006 21:50:17 From Local
: >GET / HTTP/1.1Host: Mozilla/5.0
: >(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
: >Firefox/1.5.0.6Accept:
: >>
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
: >en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
: >windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
: >keep-aliveAuthorization: NTLM
: >>

: >>
: >13.09.2006 21:50:17 From Remote
: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
: >Content-Length: 629Content-Type: text/htmlConnection:
: >keep-aliveServer: Fastream IQ Reverse
: >Proxy<HTML><HEAD><TITLE>401
: >>
: >Still asking for password hereForever
: >>
: >IE6XP:
: >>
: >13.09.2006 21:48:06 Connection
: >>
: >13.09.2006 21:48:06 From Local
: >GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
: >image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
: >excel, application/msword, application/vnd.ms-powerpoint,
: >*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
: >Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
: >CLR 1.1.4322)Host: Keep-
: >AliveCookie: IQDomain="
: >>
: >13.09.2006 21:48:06 From Remote
: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLMContent-
: >Length: 629Content-Type: text/htmlConnection: Keep-
: >AliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401
: >Authorization
: >>
: >13.09.2006 21:48:06 From Local
: >GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
: >image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
: >excel, application/msword, application/vnd.ms-powerpoint,
: >*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
: >Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
: >CLR 1.1.4322)Host: Keep-
: >AliveAuthorization: NTLM
: >>

IQDomain="
: >>
: >13.09.2006 21:48:06 From Remote
: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
: >>

: >629Content-Type: text/htmlConnection: Keep-AliveServer:
: >Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
: >
: >>
: >13.09.2006 21:48:06 From Local
: >GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
: >image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
: >excel, application/msword, application/vnd.ms-powerpoint,
: >*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
: >Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
: >CLR 1.1.4322)Host: Keep-
: >AliveAuthorization: NTLM
: >>

IQDomain="
: >>
: >13.09.2006 21:48:06 From Remote
: >HTTP/1.1 200 KContent-Type: text/htmlConnection: Keep-
: >AliveServer: Fastream IQ Web/FTP ServerContent-Length:
: >14718Content-Encoding: gzipSet-Cookie:
: >IQDomain="; PATH=/;
: >EXPIRES=Thu, 01 Jan 2009 21:48:06;"Via: Fastream IQ Reverse
: >Proxy<data here>
: >>
: >>
: >I cut the data sections to obey the ICS list 40kB limit here.
: >>
: >Best Regards,
: >>
: >SZ
: >>
: >--
: >To unsubscribe or change your settings for TWSocket mailing list
: >please goto
: >Visit our website at http://www.overbyte.be
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be

Hi Arno,

I also wonder if this could be a lifetime/time zone problem? We are GMT+200.
What is the timeout period of this authentication and did you consider
different time zones?

Best Regards,

SZ

Message
From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 11:31 AM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

: It is very strange that when I enabled DEBUG_EXCEPTINS, it worked and
gave
: no errors/exceptions! But I cannot deploy in this form ;(
:
: SZ
:
: Message
: From: "Arno Garrels" <arno.garrels (AT) gmx (DOT) de>
: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
: Sent: Thursday, September 14, 2006 10:49 AM
: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:
:
::I tested with successfully!
::
:: Change the format string below in order to get a hex display like:
:: raise Exception.CreateFmt('Init context failed: 0x%x', [Sec]);
::
:: Post the hex value.
::
::
::
:: Fastream Technologies wrote:
:: Hello,
:: >
:: With FF, after msg3,
:: >
:: Sec := FPSFT^.AcceptSecurityContext(@FHCred,
:: pHCtx,
:: @InBuffDesc,
:: ASC_REQ_SEQUENCE_DETECT, //
:: context requirements
:: SECURITY_NATIVE_DREP,
:: @FHCtx,
:: @BuffDesc,
:: ContextAttr,
:: Lifetime);
:: if Sec < 0 then
:: begin // enters here with Sec = -2^31
:: {$IFDEF DEBUG_EXCEPTINS}
:: raise Exception.CreateFmt('Init context failed: %d',
:: [Sec]); {$ELSE}
:: Result := '';
:: FState := lsDoneErr;
:: Exit;
:: {$ENDIF}
:: end;
:: >
:: Arno, do you have any idea?
:: >
:: Best Regards,
:: >
:: SZ
:: >
:: Message
:: From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
:: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
:: Sent: Thursday, September 14, 2006 8:20 AM
:: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:: >
:: >
:: >Here is the full log:
:: >>
:: >FireFox 1.5.0.6:
:: >>
:: >13.09.2006 21:50:09 Connection
:: >>
:: >13.09.2006 21:50:09 From Local
:: >GET / HTTP/1.1Host: Mozilla/5.0
:: >(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
:: >Firefox/1.5.0.6Accept:
:: >>
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
:: >en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
:: >windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
:: >keep-alive
:: >>
:: >13.09.2006 21:50:09 From Remote
:: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLMContent-
:: >Length: 629Content-Type: text/htmlConnection: keep-
:: >aliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401
:: >Authorization
:: >>
:: >13.09.2006 21:50:17 From Local
:: >GET / HTTP/1.1Host: Mozilla/5.0
:: >(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
:: >Firefox/1.5.0.6Accept:
:: >>
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
:: >en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
:: >windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
:: >keep-aliveAuthorization: NTLM
:: >
:: >>
:: >13.09.2006 21:50:17 From Remote
:: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
:: >>
:

:: >629Content-Type: text/htmlConnection: keep-aliveServer:
:: >Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
:: >
:: >>
:: >13.09.2006 21:50:17 From Local
:: >GET / HTTP/1.1Host: Mozilla/5.0
:: >(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
:: >Firefox/1.5.0.6Accept:
:: >>
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
:: >en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
:: >windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
:: >keep-aliveAuthorization: NTLM
:: >>
:

:: >>
:: >13.09.2006 21:50:17 From Remote
:: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
:: >Content-Length: 629Content-Type: text/htmlConnection:
:: >keep-aliveServer: Fastream IQ Reverse
:: >Proxy<HTML><HEAD><TITLE>401
:: >>
:: >Still asking for password hereForever
:: >>
:: >IE6XP:
:: >>
:: >13.09.2006 21:48:06 Connection
:: >>
:: >13.09.2006 21:48:06 From Local
:: >GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
:: >image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
:: >excel, application/msword, application/vnd.ms-powerpoint,
:: >*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
:: >Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
:: >CLR 1.1.4322)Host: Keep-
:: >AliveCookie: IQDomain="
:: >>
:: >13.09.2006 21:48:06 From Remote
:: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLMContent-
:: >Length: 629Content-Type: text/htmlConnection: Keep-
:: >AliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401
:: >Authorization
:: >>
:: >13.09.2006 21:48:06 From Local
:: >GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
:: >image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
:: >excel, application/msword, application/vnd.ms-powerpoint,
:: >*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
:: >Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
:: >CLR 1.1.4322)Host: Keep-
:: >AliveAuthorization: NTLM
:: >>
:

: IQDomain="
:: >>
:: >13.09.2006 21:48:06 From Remote
:: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
:: >>
:

:: >629Content-Type: text/htmlConnection: Keep-AliveServer:
:: >Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
:: >
:: >>
:: >13.09.2006 21:48:06 From Local
:: >GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
:: >image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
:: >excel, application/msword, application/vnd.ms-powerpoint,
:: >*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
:: >Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
:: >CLR 1.1.4322)Host: Keep-
:: >AliveAuthorization: NTLM
:: >>
:

: IQDomain="
:: >>
:: >13.09.2006 21:48:06 From Remote
:: >HTTP/1.1 200 KContent-Type: text/htmlConnection: Keep-
:: >AliveServer: Fastream IQ Web/FTP ServerContent-Length:
:: >14718Content-Encoding: gzipSet-Cookie:
:: >IQDomain="; PATH=/;
:: >EXPIRES=Thu, 01 Jan 2009 21:48:06;"Via: Fastream IQ Reverse
:: >Proxy<data here>
:: >>
:: >>
:: >I cut the data sections to obey the ICS list 40kB limit here.
:: >>
:: >Best Regards,
:: >>
:: >SZ
:: >>
:: >--
:: >To unsubscribe or change your settings for TWSocket mailing list
:: >please goto
:: >Visit our website at http://www.overbyte.be
:: --
:: To unsubscribe or change your settings for TWSocket mailing list
:: please goto
:: Visit our website at http://www.overbyte.be
:
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be

Also the unicode directive enabled, it does not compile! Perhaps that could
be a cure?!

Regards,

SZ

Message
From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 11:40 AM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

: Hi Arno,
:
: I also wonder if this could be a lifetime/time zone problem? We are
GMT+200.
: What is the timeout period of this authentication and did you consider
: different time zones?
:
: Best Regards,
:
: SZ
:
: Message
: From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
: Sent: Thursday, September 14, 2006 11:31 AM
: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:
:
:: It is very strange that when I enabled DEBUG_EXCEPTINS, it worked and
: gave
:: no errors/exceptions! But I cannot deploy in this form ;(
::
:: SZ
::
:: Message
:: From: "Arno Garrels" <arno.garrels (AT) gmx (DOT) de>
:: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
:: Sent: Thursday, September 14, 2006 10:49 AM
:: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
::
::
:::I tested with successfully!
:::
::: Change the format string below in order to get a hex display like:
::: raise Exception.CreateFmt('Init context failed: 0x%x', [Sec]);
:::
::: Post the hex value.
:::
:::
:::
::: Fastream Technologies wrote:
::: Hello,
::: >
::: With FF, after msg3,
::: >
::: Sec := FPSFT^.AcceptSecurityContext(@FHCred,
::: pHCtx,
::: @InBuffDesc,
::: ASC_REQ_SEQUENCE_DETECT, //
::: context requirements
::: SECURITY_NATIVE_DREP,
::: @FHCtx,
::: @BuffDesc,
::: ContextAttr,
::: Lifetime);
::: if Sec < 0 then
::: begin // enters here with Sec = -2^31
::: {$IFDEF DEBUG_EXCEPTINS}
::: raise Exception.CreateFmt('Init context failed: %d',
::: [Sec]); {$ELSE}
::: Result := '';
::: FState := lsDoneErr;
::: Exit;
::: {$ENDIF}
::: end;
::: >
::: Arno, do you have any idea?
::: >
::: Best Regards,
::: >
::: SZ
::: >
::: Message
::: From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
::: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
::: Sent: Thursday, September 14, 2006 8:20 AM
::: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
::: >
::: >
::: >Here is the full log:
::: >>
::: >FireFox 1.5.0.6:
::: >>
::: >13.09.2006 21:50:09 Connection
::: >>
::: >13.09.2006 21:50:09 From Local
::: >GET / HTTP/1.1Host: Mozilla/5.0
::: >(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
::: >Firefox/1.5.0.6Accept:
::: >>
::
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
::: >en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
::: >windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
::: >keep-alive
::: >>
::: >13.09.2006 21:50:09 From Remote
::: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLMContent-
::: >Length: 629Content-Type: text/htmlConnection: keep-
::: >aliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401
::: >Authorization
::: >>
::: >13.09.2006 21:50:17 From Local
::: >GET / HTTP/1.1Host: Mozilla/5.0
::: >(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
::: >Firefox/1.5.0.6Accept:
::: >>
::
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
::: >en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
::: >windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
::: >keep-aliveAuthorization: NTLM
::: >
::: >>
::: >13.09.2006 21:50:17 From Remote
::: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
::: >>
::
:

::: >629Content-Type: text/htmlConnection: keep-aliveServer:
::: >Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
::: >
::: >>
::: >13.09.2006 21:50:17 From Local
::: >GET / HTTP/1.1Host: Mozilla/5.0
::: >(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728
::: >Firefox/1.5.0.6Accept:
::: >>
::
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
::: >en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
::: >windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
::: >keep-aliveAuthorization: NTLM
::: >>
::
:

::: >>
::: >13.09.2006 21:50:17 From Remote
::: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
::: >Content-Length: 629Content-Type: text/htmlConnection:
::: >keep-aliveServer: Fastream IQ Reverse
::: >Proxy<HTML><HEAD><TITLE>401
::: >>
::: >Still asking for password hereForever
::: >>
::: >IE6XP:
::: >>
::: >13.09.2006 21:48:06 Connection
::: >>
::: >13.09.2006 21:48:06 From Local
::: >GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
::: >image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
::: >excel, application/msword, application/vnd.ms-powerpoint,
::: >*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
::: >Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
::: >CLR 1.1.4322)Host: Keep-
::: >AliveCookie: IQDomain="
::: >>
::: >13.09.2006 21:48:06 From Remote
::: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLMContent-
::: >Length: 629Content-Type: text/htmlConnection: Keep-
::: >AliveServer: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401
::: >Authorization
::: >>
::: >13.09.2006 21:48:06 From Local
::: >GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
::: >image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
::: >excel, application/msword, application/vnd.ms-powerpoint,
::: >*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
::: >Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
::: >CLR 1.1.4322)Host: Keep-
::: >AliveAuthorization: NTLM
::: >>
::
:

:: IQDomain="
::: >>
::: >13.09.2006 21:48:06 From Remote
::: >HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
::: >>
::
:

::: >629Content-Type: text/htmlConnection: Keep-AliveServer:
::: >Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
::: >
::: >>
::: >13.09.2006 21:48:06 From Local
::: >GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
::: >image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
::: >excel, application/msword, application/vnd.ms-powerpoint,
::: >*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
::: >Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
::: >CLR 1.1.4322)Host: Keep-
::: >AliveAuthorization: NTLM
::: >>
::
:

:: IQDomain="
::: >>
::: >13.09.2006 21:48:06 From Remote
::: >HTTP/1.1 200 KContent-Type: text/htmlConnection: Keep-
::: >AliveServer: Fastream IQ Web/FTP ServerContent-Length:
::: >14718Content-Encoding: gzipSet-Cookie:
::: >IQDomain="; PATH=/;
::: >EXPIRES=Thu, 01 Jan 2009 21:48:06;"Via: Fastream IQ Reverse
::: >Proxy<data here>
::: >>
::: >>
::: >I cut the data sections to obey the ICS list 40kB limit here.
::: >>
::: >Best Regards,
::: >>
::: >SZ
::: >>
::: >--
::: >To unsubscribe or change your settings for TWSocket mailing list
::: >please goto
::: >Visit our website at http://www.overbyte.be
::: --
::: To unsubscribe or change your settings for TWSocket mailing list
::: please goto
::: Visit our website at http://www.overbyte.be
::
:: --
:: To unsubscribe or change your settings for TWSocket mailing list
:: please goto
:: Visit our website at http://www.overbyte.be
:
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be

Fastream Technologies wrote:
Also the unicode directive enabled, it does not compile! Perhaps that
could be a cure?!

No, internally user names, domain names etc. are unicoded anyway.
To enable the unicode versions of the SSPI functions you need to uncomment
both defines in IcsNtlmSsp.pas as well as in IcsSspi.pas.

Regards,

SZ

Message
From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 11:40 AM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)


>Hi Arno,
>
>I also wonder if this could be a lifetime/time zone problem? We are
>GMT+200. What is the timeout period of this authentication and did
>you consider different time zones?
>
>Best Regards,
>
>SZ
>
>Message
>From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
>To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
>Sent: Thursday, September 14, 2006 11:31 AM
>Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
>
>
It is very strange that when I enabled DEBUG_EXCEPTINS, it worked
and gave no errors/exceptions! But I cannot deploy in this form
;(

SZ

Message
From: "Arno Garrels" <arno.garrels (AT) gmx (DOT) de>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 10:49 AM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

I tested with successfully!

Change the format string below in order to get a hex display like:
raise Exception.CreateFmt('Init context failed: 0x%x', [Sec]);

Post the hex value.

Fastream Technologies wrote:
Hello,

With FF, after msg3,

Sec := FPSFT^.AcceptSecurityContext(@FHCred,
pHCtx,
@InBuffDesc,

ASC_REQ_SEQUENCE_DETECT, // context requirements
SECURITY_NATIVE_DREP,
@FHCtx,
@BuffDesc,
ContextAttr,
Lifetime);
if Sec < 0 then
begin // enters here with Sec = -2^31
{$IFDEF DEBUG_EXCEPTINS}
raise Exception.CreateFmt('Init context failed: %d',
[Sec]); {$ELSE}
Result := '';
FState := lsDoneErr;
Exit;
{$ENDIF}
end;

Arno, do you have any idea?

Best Regards,

SZ

Message
From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 8:20 AM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

Here is the full log:

FireFox 1.5.0.6:

13.09.2006 21:50:09 Connection

13.09.2006 21:50:09 From Local
GET / HTTP/1.1Host:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
Gecko/20060728 Firefox/1.5.0.6Accept:

text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
keep-alive

13.09.2006 21:50:09 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
NTLMContent- Length: 629Content-Type: text/htmlConnection:
keep- aliveServer: Fastream IQ Reverse
Proxy<HTML><HEAD><TITLE>401 Authorization

13.09.2006 21:50:17 From Local
GET / HTTP/1.1Host:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
Gecko/20060728 Firefox/1.5.0.6Accept:

text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
keep-aliveAuthorization: NTLM

13.09.2006 21:50:17 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM

629Content-Type: text/htmlConnection: keep-aliveServer:
Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization

13.09.2006 21:50:17 From Local
GET / HTTP/1.1Host:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
Gecko/20060728 Firefox/1.5.0.6Accept:

text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
keep-aliveAuthorization: NTLM

13.09.2006 21:50:17 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
Content-Length: 629Content-Type: text/htmlConnection:
keep-aliveServer: Fastream IQ Reverse
Proxy<HTML><HEAD><TITLE>401

Still asking for password hereForever

IE6XP:

13.09.2006 21:48:06 Connection

13.09.2006 21:48:06 From Local
GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
excel, application/msword, application/vnd.ms-powerpoint,
*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
.NET CLR 1.1.4322)Host:
Keep- AliveCookie:
IQDomain="

13.09.2006 21:48:06 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
NTLMContent- Length: 629Content-Type: text/htmlConnection:
Keep- AliveServer: Fastream IQ Reverse
Proxy<HTML><HEAD><TITLE>401 Authorization

13.09.2006 21:48:06 From Local
GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
excel, application/msword, application/vnd.ms-powerpoint,
*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
.NET CLR 1.1.4322)Host:
Keep- AliveAuthorization: NTLM

IQDomain="

13.09.2006 21:48:06 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM

629Content-Type: text/htmlConnection: Keep-AliveServer:
Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization

13.09.2006 21:48:06 From Local
GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
excel, application/msword, application/vnd.ms-powerpoint,
*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
.NET CLR 1.1.4322)Host:
Keep- AliveAuthorization: NTLM

IQDomain="

13.09.2006 21:48:06 From Remote
HTTP/1.1 200 KContent-Type: text/htmlConnection: Keep-
AliveServer: Fastream IQ Web/FTP ServerContent-Length:
14718Content-Encoding: gzipSet-Cookie:
IQDomain="; PATH=/;
EXPIRES=Thu, 01 Jan 2009 21:48:06;"Via: Fastream IQ Reverse
Proxy<data here>

I cut the data sections to obey the ICS list 40kB limit here.

Best Regards,

SZ

--
To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at http://www.overbyte.be

--
To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at http://www.overbyte.be
>
>--
>To unsubscribe or change your settings for TWSocket mailing list
>please goto
>Visit our website at http://www.overbyte.be

Hello,

I found the problem source pinpointed:

if Sec < 0 then
begin
{$IFDEF DEBUG_EXCEPTINS}
Exception.CreateFmt('Init context failed: 0x%x', [Sec]); //
Sec -2146893048 (0x80090308)

{$ELSE}
Result := '';
FState := lsDoneErr;
Exit;
{$ENDIF}
end;

When DEBUG_EXCEPTINS is defined, it does not set Result := ''; so works!

Best Regards,

SZ

Message
From: "Arno Garrels" <arno.garrels (AT) gmx (DOT) de>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 12:08 PM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

: Fastream Technologies wrote:
: Also the unicode directive enabled, it does not compile! Perhaps that
: could be a cure?!
:
: No, internally user names, domain names etc. are unicoded anyway.
: To enable the unicode versions of the SSPI functions you need to uncomment
: both defines in IcsNtlmSsp.pas as well as in IcsSspi.pas.
:
: >
: Regards,
: >
: SZ
: >
: Message
: From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
: Sent: Thursday, September 14, 2006 11:40 AM
: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
: >
: >
: >Hi Arno,
: >>
: >I also wonder if this could be a lifetime/time zone problem? We are
: >GMT+200. What is the timeout period of this authentication and did
: >you consider different time zones?
: >>
: >Best Regards,
: >>
: >SZ
: >>
: >Message
: >From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
: >To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
: >Sent: Thursday, September 14, 2006 11:31 AM
: >Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
: >>
: >>
: It is very strange that when I enabled DEBUG_EXCEPTINS, it worked
: and gave no errors/exceptions! But I cannot deploy in this form
: ;(
:
: SZ
:
: Message
: From: "Arno Garrels" <arno.garrels (AT) gmx (DOT) de>
: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
: Sent: Thursday, September 14, 2006 10:49 AM
: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:
:
: I tested with successfully!
:
: Change the format string below in order to get a hex display like:
: raise Exception.CreateFmt('Init context failed: 0x%x', [Sec]);
:
: Post the hex value.
:
:
:
: Fastream Technologies wrote:
: Hello,
:
: With FF, after msg3,
:
: Sec := FPSFT^.AcceptSecurityContext(@FHCred,
: pHCtx,
: @InBuffDesc,
:
: ASC_REQ_SEQUENCE_DETECT, // context requirements
: SECURITY_NATIVE_DREP,
: @FHCtx,
: @BuffDesc,
: ContextAttr,
: Lifetime);
: if Sec < 0 then
: begin // enters here with Sec = -2^31
: {$IFDEF DEBUG_EXCEPTINS}
: raise Exception.CreateFmt('Init context failed: %d',
: [Sec]); {$ELSE}
: Result := '';
: FState := lsDoneErr;
: Exit;
: {$ENDIF}
: end;
:
: Arno, do you have any idea?
:
: Best Regards,
:
: SZ
:
: Message
: From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
: Sent: Thursday, September 14, 2006 8:20 AM
: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:
:
: Here is the full log:
:
: FireFox 1.5.0.6:
:
: 13.09.2006 21:50:09 Connection
:
: 13.09.2006 21:50:09 From Local
: GET / HTTP/1.1Host:
: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
: Gecko/20060728 Firefox/1.5.0.6Accept:
:
:
: >>
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
: keep-alive
:
: 13.09.2006 21:50:09 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
: NTLMContent- Length: 629Content-Type: text/htmlConnection:
: keep- aliveServer: Fastream IQ Reverse
: Proxy<HTML><HEAD><TITLE>401 Authorization
:
: 13.09.2006 21:50:17 From Local
: GET / HTTP/1.1Host:
: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
: Gecko/20060728 Firefox/1.5.0.6Accept:
:
:
: >>
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
: keep-aliveAuthorization: NTLM
:
:
: 13.09.2006 21:50:17 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
:
:
: >>
:

: 629Content-Type: text/htmlConnection: keep-aliveServer:
: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
:
:
: 13.09.2006 21:50:17 From Local
: GET / HTTP/1.1Host:
: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
: Gecko/20060728 Firefox/1.5.0.6Accept:
:
:
: >>
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
: keep-aliveAuthorization: NTLM
:
:
: >>
:

:
: 13.09.2006 21:50:17 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
: Content-Length: 629Content-Type: text/htmlConnection:
: keep-aliveServer: Fastream IQ Reverse
: Proxy<HTML><HEAD><TITLE>401
:
: Still asking for password hereForever
:
: IE6XP:
:
: 13.09.2006 21:48:06 Connection
:
: 13.09.2006 21:48:06 From Local
: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
: image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
: excel, application/msword, application/vnd.ms-powerpoint,
: */*Accept-Language: trAccept-Encoding: gzip, deflateUser-
: Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
: .NET CLR 1.1.4322)Host:
: Keep- AliveCookie:
: IQDomain="
:
: 13.09.2006 21:48:06 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
: NTLMContent- Length: 629Content-Type: text/htmlConnection:
: Keep- AliveServer: Fastream IQ Reverse
: Proxy<HTML><HEAD><TITLE>401 Authorization
:
: 13.09.2006 21:48:06 From Local
: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
: image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
: excel, application/msword, application/vnd.ms-powerpoint,
: */*Accept-Language: trAccept-Encoding: gzip, deflateUser-
: Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
: .NET CLR 1.1.4322)Host:
: Keep- AliveAuthorization: NTLM
:
:
: >>
:

: IQDomain="
:
: 13.09.2006 21:48:06 From Remote
: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
:
:
: >>
:

: 629Content-Type: text/htmlConnection: Keep-AliveServer:
: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
:
:
: 13.09.2006 21:48:06 From Local
: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
: image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
: excel, application/msword, application/vnd.ms-powerpoint,
: */*Accept-Language: trAccept-Encoding: gzip, deflateUser-
: Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
: .NET CLR 1.1.4322)Host:
: Keep- AliveAuthorization: NTLM
:
:
: >>
:

: IQDomain="
:
: 13.09.2006 21:48:06 From Remote
: HTTP/1.1 200 KContent-Type: text/htmlConnection: Keep-
: AliveServer: Fastream IQ Web/FTP ServerContent-Length:
: 14718Content-Encoding: gzipSet-Cookie:
: IQDomain="; PATH=/;
: EXPIRES=Thu, 01 Jan 2009 21:48:06;"Via: Fastream IQ Reverse
: Proxy<data here>
:
:
: I cut the data sections to obey the ICS list 40kB limit here.
:
: Best Regards,
:
: SZ
:
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be
:
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be
: >>
: >--
: >To unsubscribe or change your settings for TWSocket mailing list
: >please goto
: >Visit our website at http://www.overbyte.be
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be

Fastream Technologies wrote:
Hi Arno,

I also wonder if this could be a lifetime/time zone problem? We are
GMT+200. What is the timeout period of this authentication and did
you consider different time zones?

I do not think so.
Function AcceptSecurityContext (NTLM) is documented here:

The Timestamp is filled by the security package.
Windows 2000/NT and Windows Me/98/95: This parameter is not used. Set this value to NULL.

I tested on W2k as well as on XP!

Best Regards,

SZ

Message
From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 11:31 AM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)


>It is very strange that when I enabled DEBUG_EXCEPTINS, it worked
>and gave no errors/exceptions! But I cannot deploy in this form ;(
>
>SZ
>
>Message
>From: "Arno Garrels" <arno.garrels (AT) gmx (DOT) de>
>To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
>Sent: Thursday, September 14, 2006 10:49 AM
>Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
>
>
I tested with successfully!

Change the format string below in order to get a hex display like:
raise Exception.CreateFmt('Init context failed: 0x%x', [Sec]);

Post the hex value.

Fastream Technologies wrote:
Hello,

With FF, after msg3,

Sec := FPSFT^.AcceptSecurityContext(@FHCred,
pHCtx,
@InBuffDesc,

ASC_REQ_SEQUENCE_DETECT, // context requirements
SECURITY_NATIVE_DREP,
@FHCtx,
@BuffDesc,
ContextAttr,
Lifetime);
if Sec < 0 then
begin // enters here with Sec = -2^31
{$IFDEF DEBUG_EXCEPTINS}
raise Exception.CreateFmt('Init context failed: %d',
[Sec]); {$ELSE}
Result := '';
FState := lsDoneErr;
Exit;
{$ENDIF}
end;

Arno, do you have any idea?

Best Regards,

SZ

Message
From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 8:20 AM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

Here is the full log:

FireFox 1.5.0.6:

13.09.2006 21:50:09 Connection

13.09.2006 21:50:09 From Local
GET / HTTP/1.1Host:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
Gecko/20060728 Firefox/1.5.0.6Accept:

text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
keep-alive

13.09.2006 21:50:09 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
NTLMContent- Length: 629Content-Type: text/htmlConnection:
keep- aliveServer: Fastream IQ Reverse
Proxy<HTML><HEAD><TITLE>401 Authorization

13.09.2006 21:50:17 From Local
GET / HTTP/1.1Host:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
Gecko/20060728 Firefox/1.5.0.6Accept:

text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
keep-aliveAuthorization: NTLM

13.09.2006 21:50:17 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM

629Content-Type: text/htmlConnection: keep-aliveServer:
Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization

13.09.2006 21:50:17 From Local
GET / HTTP/1.1Host:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
Gecko/20060728 Firefox/1.5.0.6Accept:

text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
keep-aliveAuthorization: NTLM

13.09.2006 21:50:17 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
Content-Length: 629Content-Type: text/htmlConnection:
keep-aliveServer: Fastream IQ Reverse
Proxy<HTML><HEAD><TITLE>401

Still asking for password hereForever

IE6XP:

13.09.2006 21:48:06 Connection

13.09.2006 21:48:06 From Local
GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
excel, application/msword, application/vnd.ms-powerpoint,
*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
.NET CLR 1.1.4322)Host:
Keep- AliveCookie:
IQDomain="

13.09.2006 21:48:06 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
NTLMContent- Length: 629Content-Type: text/htmlConnection:
Keep- AliveServer: Fastream IQ Reverse
Proxy<HTML><HEAD><TITLE>401 Authorization

13.09.2006 21:48:06 From Local
GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
excel, application/msword, application/vnd.ms-powerpoint,
*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
.NET CLR 1.1.4322)Host:
Keep- AliveAuthorization: NTLM

>
>IQDomain="

13.09.2006 21:48:06 From Remote
HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM

629Content-Type: text/htmlConnection: Keep-AliveServer:
Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization

13.09.2006 21:48:06 From Local
GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
excel, application/msword, application/vnd.ms-powerpoint,
*/*Accept-Language: trAccept-Encoding: gzip, deflateUser-
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
.NET CLR 1.1.4322)Host:
Keep- AliveAuthorization: NTLM

>
>IQDomain="

13.09.2006 21:48:06 From Remote
HTTP/1.1 200 KContent-Type: text/htmlConnection: Keep-
AliveServer: Fastream IQ Web/FTP ServerContent-Length:
14718Content-Encoding: gzipSet-Cookie:
IQDomain="; PATH=/;
EXPIRES=Thu, 01 Jan 2009 21:48:06;"Via: Fastream IQ Reverse
Proxy<data here>

I cut the data sections to obey the ICS list 40kB limit here.

Best Regards,

SZ

--
To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at http://www.overbyte.be
>
>--
>To unsubscribe or change your settings for TWSocket mailing list
>please goto
>Visit our website at http://www.overbyte.be

Now it gives SEC_E_LGN_DENIED. :(

Regards,

SZ

Message
From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 12:30 PM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

: Hello,
:
: I found the problem source pinpointed:
:
:
: if Sec < 0 then
: begin
: {$IFDEF DEBUG_EXCEPTINS}
: Exception.CreateFmt('Init context failed: 0x%x', [Sec]); //
: Sec -2146893048 (0x80090308)
:
: {$ELSE}
: Result := '';
: FState := lsDoneErr;
: Exit;
: {$ENDIF}
: end;
:
: When DEBUG_EXCEPTINS is defined, it does not set Result := ''; so works!
:
: Best Regards,
:
: SZ
:
: Message
: From: "Arno Garrels" <arno.garrels (AT) gmx (DOT) de>
: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
: Sent: Thursday, September 14, 2006 12:08 PM
: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:
:
:: Fastream Technologies wrote:
:: Also the unicode directive enabled, it does not compile! Perhaps that
:: could be a cure?!
::
:: No, internally user names, domain names etc. are unicoded anyway.
:: To enable the unicode versions of the SSPI functions you need to
uncomment
:: both defines in IcsNtlmSsp.pas as well as in IcsSspi.pas.
::
:: >
:: Regards,
:: >
:: SZ
:: >
:: Message
:: From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
:: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
:: Sent: Thursday, September 14, 2006 11:40 AM
:: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:: >
:: >
:: >Hi Arno,
:: >>
:: >I also wonder if this could be a lifetime/time zone problem? We are
:: >GMT+200. What is the timeout period of this authentication and did
:: >you consider different time zones?
:: >>
:: >Best Regards,
:: >>
:: >SZ
:: >>
:: >Message
:: >From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
:: >To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
:: >Sent: Thursday, September 14, 2006 11:31 AM
:: >Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:: >>
:: >>
:: It is very strange that when I enabled DEBUG_EXCEPTINS, it worked
:: and gave no errors/exceptions! But I cannot deploy in this form
:: ;(
::
:: SZ
::
:: Message
:: From: "Arno Garrels" <arno.garrels (AT) gmx (DOT) de>
:: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
:: Sent: Thursday, September 14, 2006 10:49 AM
:: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
::
::
:: I tested with successfully!
::
:: Change the format string below in order to get a hex display like:
:: raise Exception.CreateFmt('Init context failed: 0x%x', [Sec]);
::
:: Post the hex value.
::
::
::
:: Fastream Technologies wrote:
:: Hello,
::
:: With FF, after msg3,
::
:: Sec := FPSFT^.AcceptSecurityContext(@FHCred,
:: pHCtx,
:: @InBuffDesc,
::
:: ASC_REQ_SEQUENCE_DETECT, // context requirements
:: SECURITY_NATIVE_DREP,
:: @FHCtx,
:: @BuffDesc,
:: ContextAttr,
:: Lifetime);
:: if Sec < 0 then
:: begin // enters here with Sec = -2^31
:: {$IFDEF DEBUG_EXCEPTINS}
:: raise Exception.CreateFmt('Init context failed: %d',
:: [Sec]); {$ELSE}
:: Result := '';
:: FState := lsDoneErr;
:: Exit;
:: {$ENDIF}
:: end;
::
:: Arno, do you have any idea?
::
:: Best Regards,
::
:: SZ
::
:: Message
:: From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
:: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
:: Sent: Thursday, September 14, 2006 8:20 AM
:: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
::
::
:: Here is the full log:
::
:: FireFox 1.5.0.6:
::
:: 13.09.2006 21:50:09 Connection
::
:: 13.09.2006 21:50:09 From Local
:: GET / HTTP/1.1Host:
:: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
:: Gecko/20060728 Firefox/1.5.0.6Accept:
::
::
:: >>
:: >
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
:: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
:: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
:: keep-alive
::
:: 13.09.2006 21:50:09 From Remote
:: HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
:: NTLMContent- Length: 629Content-Type: text/htmlConnection:
:: keep- aliveServer: Fastream IQ Reverse
:: Proxy<HTML><HEAD><TITLE>401 Authorization
::
:: 13.09.2006 21:50:17 From Local
:: GET / HTTP/1.1Host:
:: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
:: Gecko/20060728 Firefox/1.5.0.6Accept:
::
::
:: >>
:: >
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
:: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
:: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
:: keep-aliveAuthorization: NTLM
::
::
:: 13.09.2006 21:50:17 From Remote
:: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
::
::
:: >>
:: >
:

:: 629Content-Type: text/htmlConnection: keep-aliveServer:
:: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
::
::
:: 13.09.2006 21:50:17 From Local
:: GET / HTTP/1.1Host:
:: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
:: Gecko/20060728 Firefox/1.5.0.6Accept:
::
::
:: >>
:: >
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
:: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
:: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
:: keep-aliveAuthorization: NTLM
::
::
:: >>
:: >
:

::
:: 13.09.2006 21:50:17 From Remote
:: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
:: Content-Length: 629Content-Type: text/htmlConnection:
:: keep-aliveServer: Fastream IQ Reverse
:: Proxy<HTML><HEAD><TITLE>401
::
:: Still asking for password hereForever
::
:: IE6XP:
::
:: 13.09.2006 21:48:06 Connection
::
:: 13.09.2006 21:48:06 From Local
:: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
:: image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
:: excel, application/msword, application/vnd.ms-powerpoint,
:: */*Accept-Language: trAccept-Encoding: gzip, deflateUser-
:: Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
:: .NET CLR 1.1.4322)Host:
:: Keep- AliveCookie:
:: IQDomain="
::
:: 13.09.2006 21:48:06 From Remote
:: HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
:: NTLMContent- Length: 629Content-Type: text/htmlConnection:
:: Keep- AliveServer: Fastream IQ Reverse
:: Proxy<HTML><HEAD><TITLE>401 Authorization
::
:: 13.09.2006 21:48:06 From Local
:: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
:: image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
:: excel, application/msword, application/vnd.ms-powerpoint,
:: */*Accept-Language: trAccept-Encoding: gzip, deflateUser-
:: Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
:: .NET CLR 1.1.4322)Host:
:: Keep- AliveAuthorization: NTLM
::
::
:: >>
:: >
:

:: IQDomain="
::
:: 13.09.2006 21:48:06 From Remote
:: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
::
::
:: >>
:: >
:

:: 629Content-Type: text/htmlConnection: Keep-AliveServer:
:: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
::
::
:: 13.09.2006 21:48:06 From Local
:: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
:: image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
:: excel, application/msword, application/vnd.ms-powerpoint,
:: */*Accept-Language: trAccept-Encoding: gzip, deflateUser-
:: Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
:: .NET CLR 1.1.4322)Host:
:: Keep- AliveAuthorization: NTLM
::
::
:: >>
:: >
:

:: IQDomain="
::
:: 13.09.2006 21:48:06 From Remote
:: HTTP/1.1 200 KContent-Type: text/htmlConnection: Keep-
:: AliveServer: Fastream IQ Web/FTP ServerContent-Length:
:: 14718Content-Encoding: gzipSet-Cookie:
:: IQDomain="; PATH=/;
:: EXPIRES=Thu, 01 Jan 2009 21:48:06;"Via: Fastream IQ Reverse
:: Proxy<data here>
::
::
:: I cut the data sections to obey the ICS list 40kB limit here.
::
:: Best Regards,
::
:: SZ
::
:: --
:: To unsubscribe or change your settings for TWSocket mailing list
:: please goto
:: Visit our website at http://www.overbyte.be
:: --
:: To unsubscribe or change your settings for TWSocket mailing list
:: please goto
:: Visit our website at http://www.overbyte.be
::
:: --
:: To unsubscribe or change your settings for TWSocket mailing list
:: please goto
:: Visit our website at http://www.overbyte.be
:: >>
:: >--
:: >To unsubscribe or change your settings for TWSocket mailing list
:: >please goto
:: >Visit our website at http://www.overbyte.be
:: --
:: To unsubscribe or change your settings for TWSocket mailing list
:: please goto
:: Visit our website at http://www.overbyte.be
:
: --
: To unsubscribe or change your settings for TWSocket mailing list
: please goto
: Visit our website at http://www.overbyte.be

Latest report: when I used the Administrator account of Windows, it worked!
:) So I am beginning to think this is a problem with security policies of
some Windows.

Regards,

SZ

Message
From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
Sent: Thursday, September 14, 2006 1:15 PM
Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)

: Now it gives SEC_E_LGN_DENIED. :(
:
: Regards,
:
: SZ
:
: Message
: From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
: Sent: Thursday, September 14, 2006 12:30 PM
: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:
:
:: Hello,
::
:: I found the problem source pinpointed:
::
::
:: if Sec < 0 then
:: begin
:: {$IFDEF DEBUG_EXCEPTINS}
:: Exception.CreateFmt('Init context failed: 0x%x', [Sec]); //
:: Sec -2146893048 (0x80090308)
::
:: {$ELSE}
:: Result := '';
:: FState := lsDoneErr;
:: Exit;
:: {$ENDIF}
:: end;
::
:: When DEBUG_EXCEPTINS is defined, it does not set Result := ''; so works!
::
:: Best Regards,
::
:: SZ
::
:: Message
:: From: "Arno Garrels" <arno.garrels (AT) gmx (DOT) de>
:: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
:: Sent: Thursday, September 14, 2006 12:08 PM
:: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
::
::
::: Fastream Technologies wrote:
::: Also the unicode directive enabled, it does not compile! Perhaps that
::: could be a cure?!
:::
::: No, internally user names, domain names etc. are unicoded anyway.
::: To enable the unicode versions of the SSPI functions you need to
: uncomment
::: both defines in IcsNtlmSsp.pas as well as in
IcsSspi.pas.
:::
::: >
::: Regards,
::: >
::: SZ
::: >
::: Message
::: From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
::: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
::: Sent: Thursday, September 14, 2006 11:40 AM
::: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
::: >
::: >
::: >Hi Arno,
::: >>
::: >I also wonder if this could be a lifetime/time zone problem? We are
::: >GMT+200. What is the timeout period of this authentication and did
::: >you consider different time zones?
::: >>
::: >Best Regards,
::: >>
::: >SZ
::: >>
::: >Message
::: >From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
::: >To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
::: >Sent: Thursday, September 14, 2006 11:31 AM
::: >Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
::: >>
::: >>
::: It is very strange that when I enabled DEBUG_EXCEPTINS, it worked
::: and gave no errors/exceptions! But I cannot deploy in this form
::: ;(
:::
::: SZ
:::
::: Message
::: From: "Arno Garrels" <arno.garrels (AT) gmx (DOT) de>
::: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
::: Sent: Thursday, September 14, 2006 10:49 AM
::: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:::
:::
::: I tested with successfully!
:::
::: Change the format string below in order to get a hex display like:
::: raise Exception.CreateFmt('Init context failed: 0x%x', [Sec]);
:::
::: Post the hex value.
:::
:::
:::
::: Fastream Technologies wrote:
::: Hello,
:::
::: With FF, after msg3,
:::
::: Sec := FPSFT^.AcceptSecurityContext(@FHCred,
::: pHCtx,
::: @InBuffDesc,
:::
::: ASC_REQ_SEQUENCE_DETECT, // context requirements
::: SECURITY_NATIVE_DREP,
::: @FHCtx,
::: @BuffDesc,
::: ContextAttr,
::: Lifetime);
::: if Sec < 0 then
::: begin // enters here with Sec = -2^31
::: {$IFDEF DEBUG_EXCEPTINS}
::: raise Exception.CreateFmt('Init context failed: %d',
::: [Sec]); {$ELSE}
::: Result := '';
::: FState := lsDoneErr;
::: Exit;
::: {$ENDIF}
::: end;
:::
::: Arno, do you have any idea?
:::
::: Best Regards,
:::
::: SZ
:::
::: Message
::: From: "Fastream Technologies" <gates (AT) fastream (DOT) com>
::: To: "ICS support mailing" <twsocket (AT) elists (DOT) org>
::: Sent: Thursday, September 14, 2006 8:20 AM
::: Subject: Re: [twsocket] Fw: Urgent (Another simple NTLM question)
:::
:::
::: Here is the full log:
:::
::: FireFox 1.5.0.6:
:::
::: 13.09.2006 21:50:09 Connection
:::
::: 13.09.2006 21:50:09 From Local
::: GET / HTTP/1.1Host:
::: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
::: Gecko/20060728 Firefox/1.5.0.6Accept:
:::
:::
::: >>
::: >
::
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
::: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
::: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
::: keep-alive
:::
::: 13.09.2006 21:50:09 From Remote
::: HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
::: NTLMContent- Length: 629Content-Type: text/htmlConnection:
::: keep- aliveServer: Fastream IQ Reverse
::: Proxy<HTML><HEAD><TITLE>401 Authorization
:::
::: 13.09.2006 21:50:17 From Local
::: GET / HTTP/1.1Host:
::: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
::: Gecko/20060728 Firefox/1.5.0.6Accept:
:::
:::
::: >>
::: >
::
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
::: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
::: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
::: keep-aliveAuthorization: NTLM
:::
:::
::: 13.09.2006 21:50:17 From Remote
::: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
:::
:::
::: >>
::: >
::
:

::: 629Content-Type: text/htmlConnection: keep-aliveServer:
::: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
:::
:::
::: 13.09.2006 21:50:17 From Local
::: GET / HTTP/1.1Host:
::: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
::: Gecko/20060728 Firefox/1.5.0.6Accept:
:::
:::
::: >>
::: >
::
:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language:
::: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset:
::: windows-1254,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection:
::: keep-aliveAuthorization: NTLM
:::
:::
::: >>
::: >
::
:

:::
::: 13.09.2006 21:50:17 From Remote
::: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
::: Content-Length: 629Content-Type: text/htmlConnection:
::: keep-aliveServer: Fastream IQ Reverse
::: Proxy<HTML><HEAD><TITLE>401
:::
::: Still asking for password hereForever
:::
::: IE6XP:
:::
::: 13.09.2006 21:48:06 Connection
:::
::: 13.09.2006 21:48:06 From Local
::: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
::: image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
::: excel, application/msword, application/vnd.ms-powerpoint,
::: */*Accept-Language: trAccept-Encoding: gzip, deflateUser-
::: Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
::: .NET CLR 1.1.4322)Host:
::: Keep- AliveCookie:
::: IQDomain="
:::
::: 13.09.2006 21:48:06 From Remote
::: HTTP/1.1 401 Authorization RequiredWWW-Authenticate:
::: NTLMContent- Length: 629Content-Type: text/htmlConnection:
::: Keep- AliveServer: Fastream IQ Reverse
::: Proxy<HTML><HEAD><TITLE>401 Authorization
:::
::: 13.09.2006 21:48:06 From Local
::: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
::: image/pjpeg, application/x-shockwave-flash, application/vnd.ms-
::: excel, application/msword, application/vnd.ms-powerpoint,
::: */*Accept-Language: trAccept-Encoding: gzip, deflateUser-
::: Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
::: .NET CLR 1.1.4322)Host:
::: Keep- AliveAuthorization: NTLM
:::
:::
::: >>
::: >
::
:

::: IQDomain="
:::
::: 13.09.2006 21:48:06 From Remote
::: HTTP/1.1 401 Authorization RequiredWWW-Authenticate: NTLM
:::
:::
::: >>
::: >
::
:

::: 629Content-Type: text/htmlConnection: Keep-AliveServer:
::: Fastream IQ Reverse Proxy<HTML><HEAD><TITLE>401 Authorization
:::
:::
::: 13.09.2006 21:48:06 From Local
::: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg,
::: image/pjpeg, application/x-shockwave-