Thunderbird + Exchange = NTLM does not work
-
- Guest
Thunderbird + Exchange = NTLM does not work
How could I debug reason why NTLM is not working? I have added proper entries to configuration but NTLM still does not work. I can log-in into Exchange server using IMAP and etc but I would like to have NTLM working as well.
-
- Posts: 2177
- Joined: June 26th, 2005, 4:36 pm
- Location: Winter Garden, FL
-
- Posts: 4
- Joined: January 22nd, 2008, 12:03 am
- Location: Vilnius, Lithuania
- Contact:
"Use secure connection" does not help.
* Thunderbird version 2.0.0.9 (newest one)
I have tried setting my company's domain in:
network.automatic-ntlm-auth.trusted-uris
network.negotiate-auth.delegation-uris
network.negotiate-auth.trusted-uris
I have tried different configurations but that has not helped as well.
Now about messages. I don't get any usable message from thunderbird itself. It just asks to enter password.
I have enabled logging but I don't get anything useful except the fact that NTLM is enabled:
* CAPABILITY IMAP4 IMAP4rev1 IDLE LOGIN-REFERRALS MAILBOX-REFERRALS NAMESPACE LITERAL+ UIDPLUS CHILDREN AUTH=NTLM
Later NTLM is not mentioned at all. That's all I could read from the log.
* Thunderbird version 2.0.0.9 (newest one)
I have tried setting my company's domain in:
network.automatic-ntlm-auth.trusted-uris
network.negotiate-auth.delegation-uris
network.negotiate-auth.trusted-uris
I have tried different configurations but that has not helped as well.
Now about messages. I don't get any usable message from thunderbird itself. It just asks to enter password.
I have enabled logging but I don't get anything useful except the fact that NTLM is enabled:
* CAPABILITY IMAP4 IMAP4rev1 IDLE LOGIN-REFERRALS MAILBOX-REFERRALS NAMESPACE LITERAL+ UIDPLUS CHILDREN AUTH=NTLM
Later NTLM is not mentioned at all. That's all I could read from the log.
-
- Posts: 4
- Joined: January 22nd, 2008, 12:03 am
- Location: Vilnius, Lithuania
- Contact:
bkennelly wrote:Dalius wrote:Now about messages. I don't get any usable message from thunderbird itself. It just asks to enter password.
And after you enter your password? Does it just keep prompting?
It works OK. TB remembers password. However that is against all single sign-on philosophy what NTLM is about. When my windows domain password will expire and I will change it I will need to reenter it in TB. Why? Just because NTLM does not work? So that's why I'm asking how could I debug this problem.
-
- Posts: 2177
- Joined: June 26th, 2005, 4:36 pm
- Location: Winter Garden, FL
So, NTLM works, but you want it to work differently.
Thunderbird implements the authentication protocol indicated by AUTH=NTLM, which is a specific challenge-response mechanism. A good description of NTLM can be found here:http://curl.haxx.se/rfc/ntlm.html#whatIsNtlm. Note that NTLM requires the client to have knowledge of the account password.
Thunderbird implements the authentication protocol indicated by AUTH=NTLM, which is a specific challenge-response mechanism. A good description of NTLM can be found here:http://curl.haxx.se/rfc/ntlm.html#whatIsNtlm. Note that NTLM requires the client to have knowledge of the account password.
-
- Posts: 4
- Joined: January 22nd, 2008, 12:03 am
- Location: Vilnius, Lithuania
- Contact:
No. NTLM does not work. For example I can access internal websites using FireFox without entering password (NTLM says who I'm to those sites). TB requires my password anyway even if I said that I allow those sites to verify my identity using NTLM (config entries containing NTLM line). I don't know what happens behind the scenes but if it requires password that means NTLM does not work.
I can make some development work or similar stuff if this problem is not mine only. It would be nice if people who are working on that could contact me (or I could contact them).
I can make some development work or similar stuff if this problem is not mine only. It would be nice if people who are working on that could contact me (or I could contact them).
-
- Posts: 2177
- Joined: June 26th, 2005, 4:36 pm
- Location: Winter Garden, FL
If you are achieving authenticated login, then NTLM is working as designed and as documented. NTLM authentication requires the client to know the password. It is needed to generate the correct Type 3 response.
That said, Firefox uses the SSPI library for SPNEGO http authentication. SSPI has access to your login credentials, and can generate the necessary responses.
There is an open enhancement request to add SSPI support to Thunderbird. https://bugzilla.mozilla.org/show_bug.cgi?id=284538. Log in to bugzilla and vote for it. Even better, if you can supply the necessary patch, upload it!
That said, Firefox uses the SSPI library for SPNEGO http authentication. SSPI has access to your login credentials, and can generate the necessary responses.
There is an open enhancement request to add SSPI support to Thunderbird. https://bugzilla.mozilla.org/show_bug.cgi?id=284538. Log in to bugzilla and vote for it. Even better, if you can supply the necessary patch, upload it!
-
- Posts: 4
- Joined: January 22nd, 2008, 12:03 am
- Location: Vilnius, Lithuania
- Contact:
-
- Guest
Re: Thunderbird + Exchange = NTLM does not work
Two years passed, but SSO feature still not implemented... very sad... ((