Comments (10)
igmar
commented on July 17, 2024
1
Ok, the issue is clear :
What davfs sends :
$ ntlm_decoder "TlRMTVNTUAABAAAAAgIAAAAAAAAgAAAAAAAAACAAAAA="
Type 1 message
Flags :
Negotiate OEM
Negotiate NTLM
What curl sends :
$ ntlm_decoder "TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA="
Type 1 message
Flags :
Negotiate OEM
Request Target
Negotiate NTLM
Negotiate Always Sign
Negotiate NTLM2 Key
Recent IIS security setups require NTLMv2 and signing, and that is also a requirement if you have password > 14 chars.
I'll cook up a patch for this in the next weeks.
from neon.
notroj
commented on July 17, 2024
If the server requires authentication, are you providing it somehow? I don't know how davfs works, I'd recommend starting by talking to the community of that project.
from neon.
tobwen
commented on July 17, 2024
WinSCP suffers from the same issue and also uses neon - even with the same error message.
Since the WinSCP community is way more "easy to handle" than the Debian one (which seems to maintain a fork a davfs), I'll report a bug over there. Closed for now.
from neon.
martinprikryl
commented on July 17, 2024
You know that the problem is between neon and the server. So why would you report the bug on WinSCP?
from neon.
tobwen
commented on July 17, 2024
You know that the problem is between neon and the server. So why would you report the bug on WinSCP?
Since they (you) are capable to analyse and discuss the problem, I'm not. I'm a user only, I can report it, do some tests, etc.
from neon.
notroj
commented on July 17, 2024
If you want to move this forward I suggest you configure current versions of cadaver and neon built with --enable-debugging and provide debug output with set debug http,httpauth in cadaver. Otherwise there's not much anybody can do to help.
from neon.
tobwen
commented on July 17, 2024
Here we go:
MYLOGINNAME and BASE64_TOKEN_113_CHARS are censored.
BASE64_TOKEN_113_CHARS starts with NTLMSSP => https://en.wikipedia.org/wiki/NTLMSSP
# ./cadaver
dav:!> set debug http,httpauth
dav:!> open https://fsstud.ruhr-uni-bochum.de/MYLOGINNAME
HTTP session to https://fsstud.ruhr-uni-bochum.de:443 begins.
auth: Create for WWW-Authenticate
Running pre_send hooks
Sending request headers:
OPTIONS /MYLOGINNAME/ HTTP/1.1
User-Agent: cadaver/0.24 neon/0.32.4
Keep-Alive:
Connection: TE, Keep-Alive
TE: trailers
Host: fsstud.ruhr-uni-bochum.de
Sending request-line and headers:
Doing DNS lookup on fsstud.ruhr-uni-bochum.de...
req: Connecting to 134.147.64.4:443
Request sent; retry is 0.
[status-line] < HTTP/1.1 200 OK
[hdr] Allow: OPTIONS, TRACE, GET, HEAD, POST, LOCK, UNLOCK
Header Name: [allow], Value: [OPTIONS, TRACE, GET, HEAD, POST, LOCK, UNLOCK]
[hdr] Server: Microsoft-IIS/10.0
Header Name: [server], Value: [Microsoft-IIS/10.0]
[hdr] Public: OPTIONS, TRACE, GET, HEAD, POST, PROPFIND, PROPPATCH, MKCOL, PUT, DELETE, COPY, MOVE, LOCK, UNLOCK
Header Name: [public], Value: [OPTIONS, TRACE, GET, HEAD, POST, PROPFIND, PROPPATCH, MKCOL, PUT, DELETE, COPY, MOVE, LOCK, UNLOCK]
[hdr] DAV: 1,2,3
Header Name: [dav], Value: [1,2,3]
[hdr] MS-Author-Via: DAV
Header Name: [ms-author-via], Value: [DAV]
[hdr] Date: Wed, 11 Jan 2023 18:07:25 GMT
Header Name: [date], Value: [Wed, 11 Jan 2023 18:07:25 GMT]
[hdr] Content-Length: 0
Header Name: [content-length], Value: [0]
[hdr]
End of headers.
Running post_headers hooks
Running post_send hooks
auth: Post-send (#0), code is 200 (want 401), WWW-Authenticate is (none)
Request ends, status 200 class 2xx, error line:
200 OK
Running destroy hooks.
Request ends.
auth: Create for WWW-Authenticate
Running pre_send hooks
Sending request headers:
PROPFIND /MYLOGINNAME/ HTTP/1.1
User-Agent: cadaver/0.24 neon/0.32.4
Connection: TE
TE: trailers
Host: fsstud.ruhr-uni-bochum.de
Depth: 0
Content-Length: 288
Content-Type: application/xml
Sending request-line and headers:
Sending request body:
Request sent; retry is 1.
[status-line] < HTTP/1.1 401 Unauthorized
[hdr] Content-Type: text/html
Header Name: [content-type], Value: [text/html]
[hdr] Server: Microsoft-IIS/10.0
Header Name: [server], Value: [Microsoft-IIS/10.0]
[hdr] WWW-Authenticate: Negotiate
Header Name: [www-authenticate], Value: [Negotiate]
[hdr] WWW-Authenticate: NTLM
Header Name: [www-authenticate], Value: [NTLM]
[hdr] Date: Wed, 11 Jan 2023 18:07:25 GMT
Header Name: [date], Value: [Wed, 11 Jan 2023 18:07:25 GMT]
[hdr] Content-Length: 1293
Header Name: [content-length], Value: [1293]
[hdr]
End of headers.
Running post_headers hooks
Reading 1293 bytes of response body.
Got 1293 bytes.
Running post_send hooks
auth: Post-send (#0), code is 401 (want 401), WWW-Authenticate is Negotiate, NTLM
auth: Got challenge (code 401).
auth: Got 'Negotiate' challenge.
auth: Got 'NTLM' challenge.
auth: Trying Negotiate challenge...
auth: Trying NTLM challenge...
auth: NTLM challenge.
Authentication required for (null) on server `fsstud.ruhr-uni-bochum.de':
Username: [email protected]
Password:
auth: Accepted NTLM challenge.
Running pre_send hooks
auth: Sending 'NTLM' response.
Sending request headers:
PROPFIND /MYLOGINNAME/ HTTP/1.1
User-Agent: cadaver/0.24 neon/0.32.4
Connection: TE
TE: trailers
Host: fsstud.ruhr-uni-bochum.de
Depth: 0
Content-Length: 288
Content-Type: application/xml
Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sending request-line and headers:
Sending request body:
Request sent; retry is 1.
[status-line] < HTTP/1.1 401 Unauthorized
[hdr] Content-Type: text/html; charset=us-ascii
Header Name: [content-type], Value: [text/html; charset=us-ascii]
[hdr] Server: Microsoft-HTTPAPI/2.0
Header Name: [server], Value: [Microsoft-HTTPAPI/2.0]
[hdr] WWW-Authenticate: NTLM BASE64_TOKEN_113_CHARS
Header Name: [www-authenticate], Value: [NTLM BASE64_TOKEN_113_CHARS]
[hdr] Date: Wed, 11 Jan 2023 18:07:34 GMT
Header Name: [date], Value: [Wed, 11 Jan 2023 18:07:34 GMT]
[hdr] Content-Length: 341
Header Name: [content-length], Value: [341]
[hdr]
End of headers.
Running post_headers hooks
Reading 341 bytes of response body.
Got 341 bytes.
Running post_send hooks
auth: Post-send (#1), code is 401 (want 401), WWW-Authenticate is NTLM BASE64_TOKEN_113_CHARS
auth: Got challenge (code 401).
auth: Got 'NTLM' challenge.
auth: NTLM opaque parameter 'BASE64_TOKEN_113_CHARS'
auth: Trying NTLM challenge...
auth: NTLM challenge.
auth: Accepted NTLM challenge.
Running pre_send hooks
auth: Sending 'NTLM' response.
Sending request headers:
PROPFIND /MYLOGINNAME/ HTTP/1.1
User-Agent: cadaver/0.24 neon/0.32.4
Connection: TE
TE: trailers
Host: fsstud.ruhr-uni-bochum.de
Depth: 0
Content-Length: 288
Content-Type: application/xml
Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sending request-line and headers:
Sending request body:
Request sent; retry is 1.
[status-line] < HTTP/1.1 401 Unauthorized
[hdr] Content-Type: text/html
Header Name: [content-type], Value: [text/html]
[hdr] Server: Microsoft-IIS/10.0
Header Name: [server], Value: [Microsoft-IIS/10.0]
[hdr] WWW-Authenticate: Negotiate
Header Name: [www-authenticate], Value: [Negotiate]
[hdr] WWW-Authenticate: NTLM
Header Name: [www-authenticate], Value: [NTLM]
[hdr] Date: Wed, 11 Jan 2023 18:07:34 GMT
Header Name: [date], Value: [Wed, 11 Jan 2023 18:07:34 GMT]
[hdr] Content-Length: 1293
Header Name: [content-length], Value: [1293]
[hdr]
End of headers.
Running post_headers hooks
Reading 1293 bytes of response body.
Got 1293 bytes.
Running post_send hooks
auth: Post-send (#2), code is 401 (want 401), WWW-Authenticate is Negotiate, NTLM
auth: Got challenge (code 401).
auth: Got 'Negotiate' challenge.
auth: Got 'NTLM' challenge.
auth: Trying Negotiate challenge...
auth: Trying NTLM challenge...
auth: NTLM challenge.
Authentication required for (null) on server `fsstud.ruhr-uni-bochum.de':
Username: [email protected]
Password:
auth: Accepted NTLM challenge.
Running pre_send hooks
auth: Sending 'NTLM' response.
Sending request headers:
PROPFIND /MYLOGINNAME/ HTTP/1.1
User-Agent: cadaver/0.24 neon/0.32.4
Connection: TE
TE: trailers
Host: fsstud.ruhr-uni-bochum.de
Depth: 0
Content-Length: 288
Content-Type: application/xml
Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sending request-line and headers:
Sending request body:
Request sent; retry is 1.
[status-line] < HTTP/1.1 401 Unauthorized
[hdr] Content-Type: text/html; charset=us-ascii
Header Name: [content-type], Value: [text/html; charset=us-ascii]
[hdr] Server: Microsoft-HTTPAPI/2.0
Header Name: [server], Value: [Microsoft-HTTPAPI/2.0]
[hdr] WWW-Authenticate: NTLM BASE64_TOKEN_113_CHARS
Header Name: [www-authenticate], Value: [NTLM BASE64_TOKEN_113_CHARS]
[hdr] Date: Wed, 11 Jan 2023 18:07:44 GMT
Header Name: [date], Value: [Wed, 11 Jan 2023 18:07:44 GMT]
[hdr] Content-Length: 341
Header Name: [content-length], Value: [341]
[hdr]
End of headers.
Running post_headers hooks
Reading 341 bytes of response body.
Got 341 bytes.
Running post_send hooks
auth: Post-send (#3), code is 401 (want 401), WWW-Authenticate is NTLM BASE64_TOKEN_113_CHARS
auth: Got challenge (code 401).
auth: Got 'NTLM' challenge.
auth: NTLM opaque parameter 'BASE64_TOKEN_113_CHARS'
auth: Trying NTLM challenge...
auth: NTLM challenge.
auth: Accepted NTLM challenge.
Running pre_send hooks
auth: Sending 'NTLM' response.
Sending request headers:
PROPFIND /MYLOGINNAME/ HTTP/1.1
User-Agent: cadaver/0.24 neon/0.32.4
Connection: TE
TE: trailers
Host: fsstud.ruhr-uni-bochum.de
Depth: 0
Content-Length: 288
Content-Type: application/xml
Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sending request-line and headers:
Sending request body:
Request sent; retry is 1.
[status-line] < HTTP/1.1 401 Unauthorized
[hdr] Content-Type: text/html
Header Name: [content-type], Value: [text/html]
[hdr] Server: Microsoft-IIS/10.0
Header Name: [server], Value: [Microsoft-IIS/10.0]
[hdr] WWW-Authenticate: Negotiate
Header Name: [www-authenticate], Value: [Negotiate]
[hdr] WWW-Authenticate: NTLM
Header Name: [www-authenticate], Value: [NTLM]
[hdr] Date: Wed, 11 Jan 2023 18:07:44 GMT
Header Name: [date], Value: [Wed, 11 Jan 2023 18:07:44 GMT]
[hdr] Content-Length: 1293
Header Name: [content-length], Value: [1293]
[hdr]
End of headers.
Running post_headers hooks
Reading 1293 bytes of response body.
Got 1293 bytes.
Running post_send hooks
auth: Post-send (#4), code is 401 (want 401), WWW-Authenticate is Negotiate, NTLM
auth: Got challenge (code 401).
auth: Got 'Negotiate' challenge.
auth: Got 'NTLM' challenge.
auth: Trying Negotiate challenge...
auth: Trying NTLM challenge...
auth: NTLM challenge.
auth: No challenges accepted.
Request ends, status 401 class 4xx, error line:
Could not authenticate to server: ignoring empty Negotiate continuation, rejected NTLM challenge
Running destroy hooks.
Request ends.
Could not access /MYLOGINNAME/ (not WebDAV-enabled?):
Could not authenticate to server: ignoring empty Negotiate continuation, rejected NTLM challenge
sess: Destroying session.
Connection to `fsstud.ruhr-uni-bochum.de' closed.
from neon.
igmar
commented on July 17, 2024
Was this issue ever resolved ? I have a similar setup failing.
from neon.
igmar
commented on July 17, 2024
I suspect this rejection is due to MS doing some things. I've asked the admin of the Sharepoint service to have a look at the IIS logs to see if it tells why it gets rejected. That might provide some additional info where to start looking.
from neon.
notroj
commented on July 17, 2024
Thanks @igmar for the detailed analysis.
from neon.
Related Issues (20)
- sudo make install fails '/usr/bin/install: cannot stat 'doc/man/*.3': No such file or directory' HOT 5
- Neon skipping Negotiate authentication challenges HOT 3
- 0.32.5: missing doc/ files HOT 3
- Build on windows failed
- non-ascii character in html body response HOT 1
- How am I able to read the documentation? HOT 2
- Whether files more than 4G can be transferred successfully HOT 1
- Crash in ne_path_escapef HOT 6
- so`make install` tries to install po/*.gmo, but those files haven't been created HOT 8
- Authentication for SSL-via-proxy (CONNECT request) regressed HOT 1
- document pls~
- NLS not detected: implicit declaration in ./configure HOT 2
- [regression] 0.31.2 -> 0.32.1, install fails since docs are regerated HOT 5
- How to build on non-windows platform? HOT 2
- Test ssl:pkcs11 fails with GnuTLS and enabled support for PKCS#11 HOT 1
- Build neon with WebDAV support? HOT 1
- Could not authenticate to server: legacy Digest challenge not supported HOT 9
- The "algorithm" parameter of Digest challenge is no longer optional HOT 6
- Configurable max interim response count HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from neon.