cURL / Mailing Lists / curl-users / Single Mail


Using Curl against SharePoint 2010, authentication fails, NTLM vs. GSS?

From: Derek Atkins <warlord_at_MIT.EDU>
Date: Fri, 01 Apr 2011 15:26:39 -0400


I'm trying to use curl (curl-7.19.7-13.fc12.x86_64) to contact a
SharePoint 2010 server, but authentication is failing no matter whether
I tell curl to use NTLM or anyauth. The command I'd like to use:

curl --trace-ascii /tmp/sharepoint.ascii --ntlm -D /tmp/sharepoint \
   -u administrator --retry 1 -L

Curl's build state:

curl -V
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/ zlib/1.2.3 libidn/1.9 libssh2/1.2.4
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

And here's the ascii trace from the above curl run:

== Info: About to connect() to port 80 (#0)
== Info: Trying == Info: connected
== Info: Connected to ( port 80 (#0)
== Info: Initializing NSS with certpath: /etc/pki/nssdb
== Info: Server auth using NTLM with user 'administrator'
=> Send header, 232 bytes (0xe8)
0000: GET / HTTP/1.1
0010: Authorization: NTLM ....
0052: User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7
0092: NSS/ zlib/1.2.3 libidn/1.9 libssh2/1.2.4
00c5: Host:
00d9: Accept: */*
<= Recv header, 27 bytes (0x1b)
0000: HTTP/1.1 401 Unauthorized
<= Recv header, 27 bytes (0x1b)
0000: Server: Microsoft-IIS/7.5
<= Recv header, 53 bytes (0x35)
0000: SPRequestGuid: 37759272-a8e0-414c-b20b-379f24fbba00
<= Recv header, 325 bytes (0x145)
0000: WWW-Authenticate: NTLM ....
0140: A==
== Info: gss_init_sec_context() failed: : Cannot determine realm for numeric host address<= Recv header, 29 bytes (0x1d)
0000: WWW-Authenticate: Negotiate
<= Recv header, 23 bytes (0x17)
0000: X-Powered-By: ASP.NET
<= Recv header, 46 bytes (0x2e)
0000: MicrosoftSharePointTeamServices:
<= Recv header, 37 bytes (0x25)
0000: Date: Fri, 01 Apr 2011 19:08:40 GMT
<= Recv header, 19 bytes (0x13)
0000: Content-Length: 0
<= Recv header, 2 bytes (0x2)
== Info: Connection #0 to host left intact
== Info: Closing connection #0

Note the gss_init_sec_context failure, even though I specified --ntlm on
the command line? I'm guessing that's related to the problem. Is there
some way I can get curl to disable the GSS Negotiation, without
recompiling curl? Is there some runtime way to disable this? Is there
some issue curl has with the multiple WWW-Authenticate headers?

I'll note that if I try to contact my SharePoint 2007 server it works
just fine, however that server only returns a single WWW-Authenticate
header (which is just NTLM).

Is this a curl bug?

Any help would be appreciated.



       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord_at_MIT.EDU                        PGP key available
List admin:
Received on 2011-04-01