Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5722
Views
0
Helpful
4
Replies

FTP client which supports NTLM through WSA

meeg050676
Level 1
Level 1

‎11-04-2010 07:02 AM

We are looking into a FTP Client which supports NTLM in combination with
our WSA proxy servers.

With IE or Firefox browser it works fine.

Currently i.am testing Filzilla version 3.3.4.1 "http://filezilla-project.org" but i can't
seem to get it to work.

On the internet there is not much information available.

Anyone have expierence with FTP clients?

Labels:
0 Helpful
4 Replies 4

Rob Klebanov
Level 1
Level 1

‎11-05-2010 12:51 PM

Wish I could help, but unfortunately we are facing the same exact issue.

0 Helpful

meeg050676
Level 1
Level 1
In response to Rob Klebanov

‎11-08-2010 04:56 AM

Have contacted support and they gave me the following information:

###############################################################################################################################

You should be able to use the Filezilla FTP client along with NTLM authentication. The settings for Filezilla would depend on
the below factors & settings:

Using Native FTP Proxy on IronPort
1)      Check the Native FTP port and authentication mechanism configured on IronPort under:
a.       GUI --> Security Services --> FTP proxy
b.      Check the Port and authentication format
2)      Based on the authentication format, you would need to configure settings as the below knowledge-base article:
a.       http://tinyurl.com/nvbt5r

Using FTP over HTTP CONNECT in Filezilla
1)      You can configure this in Filezilla under:
a.       'Edit' --> 'Settings' --> Generic Proxy --> HTTP 1.1 Using CONNECT method
2)      In this section you can specify the NTLM credentials  in the below section:
a.       Proxy Username (DOMAIN\username) and Proxy password 

###############################################################################################################################

So i tried the native ftp option with

Ironport ftp port 8021 with checkpoint auth.

In filezilla under FTP Proxy,

Proxy host %ipaddress%:8021

Proxy user %domain%\%userid%

Proxy pas  **********

Then i get following in Filezilla log:

Status: Using proxy IPADDRESS:8021

Status: Connecting to IPADDRESS:8021...

Status: Connection established, waiting for welcome message...

Response: 220 FTP Server message!!!

Command: USER anonymous@domain\userid@microsoft.com: 331 User name okay, need password.

Response

Command: PASS ***************************

Response: 530 Login denied

Error: Critical error

Error: Could not connect to server

So i think the following part goes wrong:

Command: USER anonymous@domain\userid@microsoft.com

If i have the correct solution i wil post it here!

0 Helpful

Rob Klebanov
Level 1
Level 1
In response to meeg050676

‎11-08-2010 07:37 AM

We were actually able to get FileZilla to work.

Try using Ironport ftp port 8021 with raptor auth.

with

FileZilla

Under FTP Proxy set to

Custom and

     USER %u@%h %s
     PASS %p
     ACCT %w

Followed by your proxy host ip, proxy username and proxy password.

That seems to have solved the issue for us.

Good luck.

0 Helpful

meeg050676
Level 1
Level 1
In response to Rob Klebanov

‎11-08-2010 07:43 AM

Thanks for the reply,

I have it working now also with tnx to the Cisco Ironport engineers!

My setup was correct with the ckecpoint auth but i tested a user with a password that containt an "@" sign and

then it does not work!

The only problem we have is that the windows account is sent in clear text to the proxy server.

The only solution to this is to use FTP over HTTP CONNECT instead of Native FTP!

0 Helpful
Customers Also Viewed These Support Documents