curl-users
Using Curl against SharePoint 2010, authentication fails, NTLM vs. GSS?
Date: Fri, 01 Apr 2011 15:26:39 -0400
Hi,
I'm trying to use curl (curl-7.19.7-13.fc12.x86_64) to contact a
SharePoint 2010 server, but authentication is failing no matter whether
I tell curl to use NTLM or anyauth. The command I'd like to use:
curl --trace-ascii /tmp/sharepoint.ascii --ntlm -D /tmp/sharepoint \
-u administrator --retry 1 -L http://172.16.64.20/
Curl's build state:
curl -V
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
And here's the ascii trace from the above curl run:
== Info: About to connect() to 172.16.64.20 port 80 (#0)
== Info: Trying 172.16.64.20... == Info: connected
== Info: Connected to 172.16.64.20 (172.16.64.20) port 80 (#0)
== Info: Initializing NSS with certpath: /etc/pki/nssdb
== Info: Server auth using NTLM with user 'administrator'
=> Send header, 232 bytes (0xe8)
0000: GET / HTTP/1.1
0010: Authorization: NTLM ....
0052: User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7
0092: NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4
00c5: Host: 172.16.64.20
00d9: Accept: */*
00e6:
<= Recv header, 27 bytes (0x1b)
0000: HTTP/1.1 401 Unauthorized
<= Recv header, 27 bytes (0x1b)
0000: Server: Microsoft-IIS/7.5
<= Recv header, 53 bytes (0x35)
0000: SPRequestGuid: 37759272-a8e0-414c-b20b-379f24fbba00
<= Recv header, 325 bytes (0x145)
0000: WWW-Authenticate: NTLM ....
...
0140: A==
== Info: gss_init_sec_context() failed: : Cannot determine realm for numeric host address<= Recv header, 29 bytes (0x1d)
0000: WWW-Authenticate: Negotiate
<= Recv header, 23 bytes (0x17)
0000: X-Powered-By: ASP.NET
<= Recv header, 46 bytes (0x2e)
0000: MicrosoftSharePointTeamServices: 14.0.0.4762
<= Recv header, 37 bytes (0x25)
0000: Date: Fri, 01 Apr 2011 19:08:40 GMT
<= Recv header, 19 bytes (0x13)
0000: Content-Length: 0
<= Recv header, 2 bytes (0x2)
0000:
== Info: Connection #0 to host 172.16.64.20 left intact
== Info: Closing connection #0
Note the gss_init_sec_context failure, even though I specified --ntlm on
the command line? I'm guessing that's related to the problem. Is there
some way I can get curl to disable the GSS Negotiation, without
recompiling curl? Is there some runtime way to disable this? Is there
some issue curl has with the multiple WWW-Authenticate headers?
I'll note that if I try to contact my SharePoint 2007 server it works
just fine, however that server only returns a single WWW-Authenticate
header (which is just NTLM).
Is this a curl bug?
Any help would be appreciated.
THANKS!
-derek
-- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord_at_MIT.EDU PGP key available ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-users FAQ: http://curl.haxx.se/docs/faq.html Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2011-04-01