My goal is to authenticate my client that uses the requests library (2.11.1) in Python 3.5.2 through NTLM with SSPI so that the user does not have to manually enter her domain credentials (used to login to the PC).

I have found the following possibilities, but none work for me:

• HttpNtlmSspiAuth provokes an exception in requests:

  import requests from requests_ntlm import HttpNtlmAuth, HttpNtlmSspiAuth

  requests.get(site_url, auth=HttpNtlmSspiAuth())

• requests-sspi-ntlm always gets a 401:

  import requests from requests_sspi_ntlm import HttpNtlmAuth

  session = requests.Session() session.auth = HttpNtlmAuth() session.get("http://ntlm_protected_site.com")

• And requests-negotiate-sspi also triggers an exception in requests:

  import requests from requests_negotiate_sspi import HttpNegotiateAuth

  r = requests.get('https://iis.contoso.com', auth=HttpNegotiateAuth())

Am I doing something wrong?

I figured it out myself.

I adapted to requests and python 3 this code and this module that interacts with Windows SSPI. You can get it here.

The package requests-negotiate-sspi works for me.

I probably had the same issue with PO, but I was too lazy to try PO's solution and integrate PO's code into mine. And Google helped me out. In case anyone encounters the same exception raised from sspi.py ValueError: year 30828 is out of range, it's a known issue for python 3.6 of requests-negotiate-sspi. See here: Github-Issue

I solved this by creating a new conda environment with python 3.4. Then reinstall some dependencies as well as requests-negotiate-sspi, boom, all works.