Comments on: NTLM authentication in PHP – Now with NTLMv2 hash checking

By: Endre

Endre — Wed, 09 Jun 2010 09:20:32 +0000

Hi Luone,

Thanks for your nice article, but I can not find the next part with Samba integration.
Can you help me to find it?

By: Loune

Loune — Thu, 27 May 2010 10:03:40 +0000

@Maxxx You might able to use $_SERVER['HTTP_AUTHORIZATION'] instead

By: Maxxx

Maxxx — Tue, 18 May 2010 15:49:17 +0000

Hi !

I used an older version of your script but now i can’t use the apache_request_headers() function with the configuration of my web hosting (php in CGI mod).

Do you have a solution for my trouble ?

Thx a lot and sorry for my english.

By: Loune

Loune — Sun, 16 May 2010 01:09:42 +0000

@Simon https should work fine with this NTLM script

@Dave what you’re asking is really to add client NTLM authentication to your SOAP client. This article is about NTLM on the server side. However, you might be able to pass through the NTLM from the web service end point. NTLM is a three way handshake so you probably have to modify the SOAP client to save state in the session as each step of the handshake you need to return to the browser. You have to make sure you turn off IIS NTLM and take the exact header from the SOAP and pass it back to the browser. Lastly this will only work for a single service call per PHP request.

A better way would probably to rewrite the SOAP client to support proper NTLM.

By: Dave

Dave — Thu, 13 May 2010 23:02:38 +0000

NICE Writeup!!!

I am using an NTLM authenticated IIS server and would like to pass through the NTLM authentication to another web-services server (same domain, same authentication credentials). I can get the user through $_SERVER['AUTH_USER'], but, obviously there’s no server Var for the password. I don’t have access to the password repository either.

Can I take the NTLM auth. values from my request header and just pass them through to the header for the downstream web services call?

By: Simon

Simon — Thu, 13 May 2010 19:18:01 +0000

What about https with this version?

By: Florian Ledeboer

Florian Ledeboer — Mon, 10 May 2010 10:45:19 +0000

Is there probably a way to use the ntlm password hash to authenticate the user against an AD with ldap_bind() or something else?

By: Luke

Luke — Fri, 29 Jan 2010 08:38:53 +0000

Dean, can you share your code example please?
Also, I am trying to get this working with ISA server doing FBA and passing NTLM to the backend web server which is IIS. Any help appreciated

By: Dean

Dean — Mon, 18 Jan 2010 09:51:58 +0000

This works for me! It isn’t automated but because of your help I have managed to refine the work i was doing and hopefully i can automate it later!

Thanks so much.

Dean

By: Dean

Dean — Mon, 18 Jan 2010 09:43:43 +0000

Thank you so much! i will give that a shot, if it works ill click some ads on the site

Dean