cURL / Mailing Lists / curl-users / Single Mail

curl-users

Using Curl against SharePoint 2010, authentication fails, NTLM vs. GSS?

From: Derek Atkins <warlord_at_MIT.EDU>
Date: Fri, 01 Apr 2011 15:26:39 -0400

Hi,

I'm trying to use curl (curl-7.19.7-13.fc12.x86_64) to contact a
SharePoint 2010 server, but authentication is failing no matter whether
I tell curl to use NTLM or anyauth. The command I'd like to use:

curl --trace-ascii /tmp/sharepoint.ascii --ntlm -D /tmp/sharepoint \
-u administrator --retry 1 -L http://172.16.64.20/

Curl's build state:

curl -V
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

And here's the ascii trace from the above curl run:

== Info: About to connect() to 172.16.64.20 port 80 (#0)
== Info: Trying 172.16.64.20... == Info: connected
== Info: Connected to 172.16.64.20 (172.16.64.20) port 80 (#0)
== Info: Initializing NSS with certpath: /etc/pki/nssdb
== Info: Server auth using NTLM with user 'administrator'
=> Send header, 232 bytes (0xe8)
0000: GET / HTTP/1.1
0010: Authorization: NTLM ....
0052: User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7
0092: NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4
00c5: Host: 172.16.64.20
00d9: Accept: */*
00e6:
<= Recv header, 27 bytes (0x1b)
0000: HTTP/1.1 401 Unauthorized
<= Recv header, 27 bytes (0x1b)
0000: Server: Microsoft-IIS/7.5
<= Recv header, 53 bytes (0x35)
0000: SPRequestGuid: 37759272-a8e0-414c-b20b-379f24fbba00
<= Recv header, 325 bytes (0x145)
0000: WWW-Authenticate: NTLM ....
...
0140: A==
== Info: gss_init_sec_context() failed: : Cannot determine realm for numeric host address<= Recv header, 29 bytes (0x1d)
0000: WWW-Authenticate: Negotiate
<= Recv header, 23 bytes (0x17)
0000: X-Powered-By: ASP.NET
<= Recv header, 46 bytes (0x2e)
0000: MicrosoftSharePointTeamServices: 14.0.0.4762
<= Recv header, 37 bytes (0x25)
0000: Date: Fri, 01 Apr 2011 19:08:40 GMT
<= Recv header, 19 bytes (0x13)
0000: Content-Length: 0
<= Recv header, 2 bytes (0x2)
0000:
== Info: Connection #0 to host 172.16.64.20 left intact
== Info: Closing connection #0

Note the gss_init_sec_context failure, even though I specified --ntlm on
the command line? I'm guessing that's related to the problem. Is there
some way I can get curl to disable the GSS Negotiation, without
recompiling curl? Is there some runtime way to disable this? Is there
some issue curl has with the multiple WWW-Authenticate headers?

I'll note that if I try to contact my SharePoint 2007 server it works
just fine, however that server only returns a single WWW-Authenticate
header (which is just NTLM).

Is this a curl bug?

Any help would be appreciated.

THANKS!

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord_at_MIT.EDU                        PGP key available
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2011-04-01

This message: [ Message body ]
Next message: Ralph Mitchell: "Re: Using Curl against SharePoint 2010, authentication fails, NTLM vs. GSS?"
Next in thread: Ralph Mitchell: "Re: Using Curl against SharePoint 2010, authentication fails, NTLM vs. GSS?"
Reply: Ralph Mitchell: "Re: Using Curl against SharePoint 2010, authentication fails, NTLM vs. GSS?"
Reply: Daniel Stenberg: "Re: Using Curl against SharePoint 2010, authentication fails, NTLM vs. GSS?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]