Support Questions

Find answers, ask questions, and share your expertise

SmartSense Gateway Using a HTTP Proxy with NTLM Authentication

avatar
New Contributor

Does anyone have experience setting up the SmartSense gateway using a proxy server with NTLM authentication?

I know the proxy works for curl since the following command works fine (that's the static.smartsense.hortonworks.com IP 10.92.160.111):

curl --proxy-ntlm --proxy-user user --proxy myproxyserver.net:8080 10.92.160.111

When I try to upload the bundle to HWX, I get the following error:

2018-03-22 11:32:15,505 INFO [qtp765284253-19] HTTPSProvider:107 - Executing request :POSThttps://smartsense.hortonworks.com:443/gateway/api/v1/upload/bundleHTTP/1.1 to targethttps://smartsense.hortonworks.com:443
2018-03-22 11:32:15,617 WARN [qtp765284253-19] HttpAuthenticator:207 - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt))
2018-03-22 11:32:15,617 WARN [qtp765284253-19] HttpAuthenticator:207 - NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials
2018-03-22 11:32:15,621 INFO [qtp765284253-19] HTTPSProvider:110 - ----------------------------------------
2018-03-22 11:32:15,621 INFO [qtp765284253-19] HTTPSProvider:111 - HTTP/1.1 407 authenticationrequired
2018-03-22 11:32:15,623 WARN [qtp765284253-19] ServletHandler:514 - /api/v1/upload/bundle
com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 10

I'm thinking I have hst-gateway.ini configured incorrectly and not using NTLM, but not sure how to do that.

Here is my hst-gateway.ini:

# Copyright (c) 2011-2017, Hortonworks Inc. All rights reserved.
# Except as expressly permitted in a written agreement between you
# or your company and Hortonworks, Inc, any use, reproduction,
# modification, redistribution, sharing, lending or other exploitation
# of all or any part of the contents of this file is strictly prohibited. language governing permissions and
# limitations under the License
[security]
; supported digest commands are md2,md5,mdc2,rmd160,sha,sha1,sha224,sha256,sha384,sha512
openssl.digest.algorithms=sha256,sha384,sha512,sha,sha1,md5
gateway.home.dir = /var/lib/smartsense/hst-gateway
; one way ssl enabled for registration
gateway.registration.port=9450
; two ssl enabled for accessing gateway api
gateway.port=9451
[java]
home=/usr/java/jdk1.8.0_121/jre/bin/
[gateway]
; Warning: The following details should be changed only if directed by documentation or Hortonworks Support
; Transfer protocol for SmartSense environment
smartsense.upload.provider.type=HTTPS
; Hosted SmartSense environment SFTP username
smartsense.sftp.username=upload
; Hosted SmartSense environment SFTP password
smartsense.sftp.password=password
; Hosted SmartSense environment SFTP host
smartsense.sftp.server.host=10.92.160.111
; Hosted SmartSense environment SFTP port
smartsense.sftp.server.port=2222
; remote landing directory for bundle upload. Please do not change this
smartsense.sftp.remotedir=landing/
; timeout for sftp session (milliseconds)
; default is 10 seconds or 10000 milliseconds
smartsense.sftp.timeout=10000
start.validation.enabled=false
; Hosted SmartSense environment HTTPS username
smartsense.https.username=upload
; Hosted SmartSense environment HTTPS password
smartsense.https.password=password
; Hosted SmartSense environment HTTPS host
smartsense.https.server.host=10.92.160.111
; Hosted SmartSense environment HTTPS port
smartsense.https.server.port=443
; All proxy configurations are applicable only for HTTPS provider type
; set to true to set up a proxy between gateway and SmartSense environment
provider.https.proxy.enabled=true
; fully qualified proxy hostname
provider.https.proxy.hostname=myproxyserver.net
; proxy port that will be used by gateway for outbound access
provider.https.proxy.port=8080
; supported proxy types : HTTP / HTTPS [default:HTTP]
provider.https.proxy.type=HTTP
; supported proxy authentication types : NONE / BASIC / DIGEST [default:NONE]
provider.https.proxy.auth.type=BASIC
; proxy username for identified auth.type
provider.https.proxy.auth.username=user
; proxy password for identified auth.type
provider.https.proxy.auth.password=password
; [optional] any additional proxy setup parameters
; use "|" to separate multiple parameters
; for example: digest requires parameters such as
; realm=default|nonce=12GHtqeZA!7Ke43
provider.https.proxy.auth.parameters=
; buffer size in bytes used for following transfers
; hst-server to gateway
; gateway to SmartSense
data.transfer.buffer.size=4096
; thread pool size for the gateway server's API endpoint
; if not provided then server automatically calculates based on cpu cores
;thread.pool.size=20
[ulimit]
; linux open-file limit
open.files=10000
1 ACCEPTED SOLUTION

avatar
Rising Star

@Joe Walton,

SmartSense Gateway does not support NTLM auth. NTLM is Microsoft proprietary. Gateway supports BASIC and DIGEST for proxy authentication. We can provide assistance if you can have one of the supported auth methods.

View solution in original post

1 REPLY 1

avatar
Rising Star

@Joe Walton,

SmartSense Gateway does not support NTLM auth. NTLM is Microsoft proprietary. Gateway supports BASIC and DIGEST for proxy authentication. We can provide assistance if you can have one of the supported auth methods.