PowerScale: Isilon: OneFS: Swift authentication with NTLMv2 does not work.
Summary: On Isilon OneFS and PowerScale, Swift authentication with NTLMv2 does not work. It does work with NTLMv1. For use of TLS/SSL with NTLM authentication, any system must use NTLMv2. NTLMv1 is older and plain text only. The Swift implementation does not support NTLMv2 presently, and would require substantial rearchitecture to implement. As the third-party Swift utility as an Isilon component is set for end of life and will be removed in a future release, there are no present plans to redesign our platform and modify third-party OpenStack Swift code to support NTLMv2. This article applies to all versions of Isilon OneFS and PowerScale as of and through 9.x and going forward. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
By its nature, there is no convenient or practical way to examine the encrypted (New Technology Lan Manager) NTLMv2 traffic to/from your authentication provider, such as Active Directory, and the Isilon.
If you have an otherwise functional Swift implementation on Isilon working fine with NTLMv1, enabling and switching your authentication provider to running off of NTLMv2 will fail, presenting on the Isilon side as password errors (LW_ERROR_INVALID_PASSWORD). There is no other practical way to examine this.
If you have an otherwise functional Swift implementation on Isilon working fine with NTLMv1, enabling and switching your authentication provider to running off of NTLMv2 will fail, presenting on the Isilon side as password errors (LW_ERROR_INVALID_PASSWORD). There is no other practical way to examine this.
Cause
This is due to limitations in how the OpenStack Swift implementation interacts with Apache and Isilon.
Resolution
There is no present workaround and none is expected due to Swift being slated as end-of-life on Isilon and PowerScale.
Swift (lwswift) incompatible with NTLMv2
Swift (lwswift) incompatible with NTLMv2
Affected Products
Isilon, Data Migration for Isilon, Isilon Platform APIArticle Properties
Article Number: 000199438
Article Type: Solution
Last Modified: 16 Nov 2023
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.