Bug #102863 for NTLM: Potential bug in Authen::NTLM 1.09

Good day, I am having problems using Authen::NTLM to authenticate via NTLM against a Windows IIS server. Authentication works in a browser (Chrome) and on the command line via "curl --ntlm" - but not in Perl so I suspect there is a bug in Authen::NTLM. I have tried inserting debugging statements into Authen/NTLM.pm and tried to decode some of the NTML messages but, not having much knowledge about NTLM, not been able to make much progress. Authentication via LM & NTLM works but not via NTMLv2. Additional details (code, server, client, script) below. I hope you can shed some light on this problem. Kind regards, Niels Jakob Darger / njd@siteimprove.com Program: #! /usr/bin/env perl use strict; use Test::More; use HTTP::Request; use HTTP::Response; use LWP::UserAgent; my $url = "http://93.160.60.100/"; { my $ua = new LWP::UserAgent( keep_alive => 1, ); $ua->credentials("93.160.60.100:80", '', '***', '***'); # Auth redacted my $request = HTTP::Request->new(); $request->uri($url); $request->method('GET'); my $response = $ua->request($request); is($response->code(), 200, "OK as logged in"); my $pagecontent = $response->content(); like($pagecontent, qr!You are logged on!ios, "Expected page content"); done_testing(); } Server details: Windows 2012 R2 IIS Version 8.5 Network security: LAN Manager Authentication level: Send NTMLv2 resoponse only. Refuse LM & NTLM Client details: Windows 8.1 Strawberry Perl (5.20.2) LWP::UserAgent (6.13) Authen::NTLM (1.09) Perl details: Summary of my perl5 (revision 5 version 20 subversion 2) configuration: Platform: osname=MSWin32, osvers=6.3, archname=MSWin32-x64-multi-thread uname='Win32 strawberry-perl 5.20.2.1 #1 Sat Feb 21 18:04:11 2015 x64' config_args='undef' hint=recommended, useposix=true, d_sigaction=undef useithreads=define, usemultiplicity=define use64bitint=define, use64bitall=undef, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='gcc', ccflags =' -s -O2 -DWIN32 -DWIN64 -DCONSERVATIVE -DPERL_TEXTMODE_SCRIPTS -DPERL_IMPLICIT_CONTEXT -DPERL_IMPLICIT_SYS -DUSE_PERLIO -fwrapv -fno-strict-aliasing -mms-bitfields', optimize='-s -O2', cppflags='-DWIN32' ccversion='', gccversion='4.8.3', gccosandvers='' intsize=4, longsize=4, ptrsize=8, doublesize=8, byteorder=12345678 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long long', ivsize=8, nvtype='double', nvsize=8, Off_t='long long', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='g++', ldflags ='-s -L"C:\STRAWB~1\perl\lib\CORE" -L"C:\STRAWB~1\c\lib"' libpth=C:\STRAWB~1\c\lib C:\STRAWB~1\c\x86_64-w64-mingw32\lib C:\STRAWB~1\c\lib\gcc\x86_64-w64-mingw32\4.8.3 libs=-lmoldname -lkernel32 -luser32 -lgdi32 -lwinspool -lcomdlg32 -ladvapi32 -lshell32 -lole32 -loleaut32 -lnetapi32 -luuid -lws2_32 -lmpr -lwinmm -lversion -lodbc32 -lodbccp32 -lcomctl32 perllibs=-lmoldname -lkernel32 -luser32 -lgdi32 -lwinspool -lcomdlg32 -ladvapi32 -lshell32 -lole32 -loleaut32 -lnetapi32 -luuid -lws2_32 -lmpr -lwinmm -lversion -lodbc32 -lodbccp32 -lcomctl32 libc=, so=dll, useshrplib=true, libperl=libperl520.a gnulibc_version='' Dynamic Linking: dlsrc=dl_win32.xs, dlext=xs.dll, d_dlsymun=undef, ccdlflags=' ' cccdlflags=' ', lddlflags='-mdll -s -L"C:\STRAWB~1\perl\lib\CORE" -L"C:\STRAWB~1\c\lib"' Characteristics of this binary (from libperl): Compile-time options: HAS_TIMES HAVE_INTERP_INTERN MULTIPLICITY PERLIO_LAYERS PERL_DONT_CREATE_GVSV PERL_HASH_FUNC_ONE_AT_A_TIME_HARD PERL_IMPLICIT_CONTEXT PERL_IMPLICIT_SYS PERL_MALLOC_WRAP PERL_NEW_COPY_ON_WRITE PERL_PRESERVE_IVUV USE_64_BIT_INT USE_ITHREADS USE_LARGE_FILES USE_LOCALE USE_LOCALE_COLLATE USE_LOCALE_CTYPE USE_LOCALE_NUMERIC USE_PERLIO USE_PERL_ATOF Built under MSWin32 Compiled at Feb 21 2015 18:08:23 @INC: C:/Strawberry/perl/site/lib C:/Strawberry/perl/vendor/lib C:/Strawberry/perl/lib . Transcript: Request 1: GET http://192.168.10.122/default.html User-Agent: libwww-perl/6.13 Response 1: HTTP/1.1 401 Unauthorized Date: Wed, 18 Mar 2015 10:52:23 GMT Server: Microsoft-IIS/8.5 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 1293 Content-Type: text/html Client-Date: Wed, 18 Mar 2015 10:52:13 GMT Client-Peer: 192.168.10.122:80 Client-Response-Num: 1 Title: 401 - Unauthorized: Access is denied due to invalid credentials. X-Powered-By: ASP.NET [...] Request 2: GET http://192.168.10.122/default.html Authorization: NTLM TlRMTVNTUAABAAAAB7IAAAIAAgAgAAAADgAOACIAAAB3YTE5Mi4xNjguMTAuMTIy User-Agent: libwww-perl/6.13 Response 2: HTTP/1.1 401 Unauthorized Date: Wed, 18 Mar 2015 10:52:23 GMT Server: Microsoft-HTTPAPI/2.0 WWW-Authenticate: NTLM TlRMTVNTUAACAAAAHgAeADgAAAAFgoICVhOZ4BiMa9UAAAAAAAAAAJgAmABWAAAABgOAJQAAAA9XAEkATgAtAEwAUwBVAE0AMwBBAEEARwBWADUAMAACAB4AVwBJAE4ALQBMAFMAVQBNADMAQQBBAEcAVgA1ADAAAQAeAFcASQBOAC0ATABTAFUATQAzAEEAQQBHAFYANQAwAAQAHgBXAEkATgAtAEwAUwBVAE0AMwBBAEEARwBWADUAMAADAB4AVwBJAE4ALQBMAFMAVQBNADMAQQBBAEcAVgA1ADAABwAIAK6YPZ1pYdABAAAAAA== Content-Length: 341 Content-Type: text/html; charset=us-ascii Client-Date: Wed, 18 Mar 2015 10:52:13 GMT Client-Peer: 192.168.10.122:80 Client-Response-Num: 2 Title: Not Authorized [...] Request 3: GET http://192.168.10.122/default.html Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAB4AHgBwAAAABAAEAI4AAAAEAAQAkgAAAAAAAABWAAAABYKCAlYYX1EIApfl4mXUrNb+4EzJVqD+oWDNLRjJzh+lN0aZ3z6g/uCmiyr6gO0SNax3lVcASQBOAC0ATABTAFUATQAzAEEAQQBHAFYANQAwAHcAYQB3AGEA User-Agent: libwww-perl/6.13 Response 3: HTTP/1.1 401 Unauthorized Date: Wed, 18 Mar 2015 10:52:23 GMT Server: Microsoft-IIS/8.5 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 1293 Content-Type: text/html Client-Date: Wed, 18 Mar 2015 10:52:13 GMT Client-Peer: 192.168.10.122:80 Client-Response-Num: 3 Title: 401 - Unauthorized: Access is denied due to invalid credentials. X-Powered-By: ASP.NET [...]