notroj
commented
1 year ago If the server requires authentication, are you providing it somehow? I don't know how davfs works, I'd recommend starting by talking to the community of that project.
Open tobwen opened 1 year ago
notroj
commented
1 year ago If the server requires authentication, are you providing it somehow? I don't know how davfs works, I'd recommend starting by talking to the community of that project.
tobwen
commented
1 year ago WinSCP suffers from the same issue and also uses neon - even with the same error message.
Since the WinSCP community is way more "easy to handle" than the Debian one (which seems to maintain a fork a davfs), I'll report a bug over there. Closed for now.
martinprikryl
commented
1 year ago You know that the problem is between neon and the server. So why would you report the bug on WinSCP?
tobwen
commented
1 year ago You know that the problem is between neon and the server. So why would you report the bug on WinSCP?
Since they (you) are capable to analyse and discuss the problem, I'm not. I'm a user only, I can report it, do some tests, etc.
notroj
commented
1 year ago If you want to move this forward I suggest you configure current versions of cadaver and neon built with --enable-debugging and provide debug output with set debug http,httpauth in cadaver. Otherwise there's not much anybody can do to help.
tobwen
commented
1 year ago Here we go:
MYLOGINNAME and BASE64_TOKEN_113_CHARS are censored.
BASE64_TOKEN_113_CHARS starts with NTLMSSP => https://en.wikipedia.org/wiki/NTLMSSP
# ./cadaver
dav:!> set debug http,httpauth
dav:!> open https://fsstud.ruhr-uni-bochum.de/MYLOGINNAME
HTTP session to https://fsstud.ruhr-uni-bochum.de:443 begins.
auth: Create for WWW-Authenticate
Running pre_send hooks
Sending request headers:
OPTIONS /MYLOGINNAME/ HTTP/1.1
User-Agent: cadaver/0.24 neon/0.32.4
Keep-Alive:
Connection: TE, Keep-Alive
TE: trailers
Host: fsstud.ruhr-uni-bochum.de
Sending request-line and headers:
Doing DNS lookup on fsstud.ruhr-uni-bochum.de...
req: Connecting to 134.147.64.4:443
Request sent; retry is 0.
[status-line] < HTTP/1.1 200 OK
[hdr] Allow: OPTIONS, TRACE, GET, HEAD, POST, LOCK, UNLOCK
Header Name: [allow], Value: [OPTIONS, TRACE, GET, HEAD, POST, LOCK, UNLOCK]
[hdr] Server: Microsoft-IIS/10.0
Header Name: [server], Value: [Microsoft-IIS/10.0]
[hdr] Public: OPTIONS, TRACE, GET, HEAD, POST, PROPFIND, PROPPATCH, MKCOL, PUT, DELETE, COPY, MOVE, LOCK, UNLOCK
Header Name: [public], Value: [OPTIONS, TRACE, GET, HEAD, POST, PROPFIND, PROPPATCH, MKCOL, PUT, DELETE, COPY, MOVE, LOCK, UNLOCK]
[hdr] DAV: 1,2,3
Header Name: [dav], Value: [1,2,3]
[hdr] MS-Author-Via: DAV
Header Name: [ms-author-via], Value: [DAV]
[hdr] Date: Wed, 11 Jan 2023 18:07:25 GMT
Header Name: [date], Value: [Wed, 11 Jan 2023 18:07:25 GMT]
[hdr] Content-Length: 0
Header Name: [content-length], Value: [0]
[hdr]
End of headers.
Running post_headers hooks
Running post_send hooks
auth: Post-send (#0), code is 200 (want 401), WWW-Authenticate is (none)
Request ends, status 200 class 2xx, error line:
200 OK
Running destroy hooks.
Request ends.
auth: Create for WWW-Authenticate
Running pre_send hooks
Sending request headers:
PROPFIND /MYLOGINNAME/ HTTP/1.1
User-Agent: cadaver/0.24 neon/0.32.4
Connection: TE
TE: trailers
Host: fsstud.ruhr-uni-bochum.de
Depth: 0
Content-Length: 288
Content-Type: application/xml
Sending request-line and headers:
Sending request body:
Request sent; retry is 1.
[status-line] < HTTP/1.1 401 Unauthorized
[hdr] Content-Type: text/html
Header Name: [content-type], Value: [text/html]
[hdr] Server: Microsoft-IIS/10.0
Header Name: [server], Value: [Microsoft-IIS/10.0]
[hdr] WWW-Authenticate: Negotiate
Header Name: [www-authenticate], Value: [Negotiate]
[hdr] WWW-Authenticate: NTLM
Header Name: [www-authenticate], Value: [NTLM]
[hdr] Date: Wed, 11 Jan 2023 18:07:25 GMT
Header Name: [date], Value: [Wed, 11 Jan 2023 18:07:25 GMT]
[hdr] Content-Length: 1293
Header Name: [content-length], Value: [1293]
[hdr]
End of headers.
Running post_headers hooks
Reading 1293 bytes of response body.
Got 1293 bytes.
Running post_send hooks
auth: Post-send (#0), code is 401 (want 401), WWW-Authenticate is Negotiate, NTLM
auth: Got challenge (code 401).
auth: Got 'Negotiate' challenge.
auth: Got 'NTLM' challenge.
auth: Trying Negotiate challenge...
auth: Trying NTLM challenge...
auth: NTLM challenge.
Authentication required for (null) on server `fsstud.ruhr-uni-bochum.de':
Username: MYLOGINNAME@ruhr-uni-bochum.de
Password:
auth: Accepted NTLM challenge.
Running pre_send hooks
auth: Sending 'NTLM' response.
Sending request headers:
PROPFIND /MYLOGINNAME/ HTTP/1.1
User-Agent: cadaver/0.24 neon/0.32.4
Connection: TE
TE: trailers
Host: fsstud.ruhr-uni-bochum.de
Depth: 0
Content-Length: 288
Content-Type: application/xml
Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sending request-line and headers:
Sending request body:
Request sent; retry is 1.
[status-line] < HTTP/1.1 401 Unauthorized
[hdr] Content-Type: text/html; charset=us-ascii
Header Name: [content-type], Value: [text/html; charset=us-ascii]
[hdr] Server: Microsoft-HTTPAPI/2.0
Header Name: [server], Value: [Microsoft-HTTPAPI/2.0]
[hdr] WWW-Authenticate: NTLM BASE64_TOKEN_113_CHARS
Header Name: [www-authenticate], Value: [NTLM BASE64_TOKEN_113_CHARS]
[hdr] Date: Wed, 11 Jan 2023 18:07:34 GMT
Header Name: [date], Value: [Wed, 11 Jan 2023 18:07:34 GMT]
[hdr] Content-Length: 341
Header Name: [content-length], Value: [341]
[hdr]
End of headers.
Running post_headers hooks
Reading 341 bytes of response body.
Got 341 bytes.
Running post_send hooks
auth: Post-send (#1), code is 401 (want 401), WWW-Authenticate is NTLM BASE64_TOKEN_113_CHARS
auth: Got challenge (code 401).
auth: Got 'NTLM' challenge.
auth: NTLM opaque parameter 'BASE64_TOKEN_113_CHARS'
auth: Trying NTLM challenge...
auth: NTLM challenge.
auth: Accepted NTLM challenge.
Running pre_send hooks
auth: Sending 'NTLM' response.
Sending request headers:
PROPFIND /MYLOGINNAME/ HTTP/1.1
User-Agent: cadaver/0.24 neon/0.32.4
Connection: TE
TE: trailers
Host: fsstud.ruhr-uni-bochum.de
Depth: 0
Content-Length: 288
Content-Type: application/xml
Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sending request-line and headers:
Sending request body:
Request sent; retry is 1.
[status-line] < HTTP/1.1 401 Unauthorized
[hdr] Content-Type: text/html
Header Name: [content-type], Value: [text/html]
[hdr] Server: Microsoft-IIS/10.0
Header Name: [server], Value: [Microsoft-IIS/10.0]
[hdr] WWW-Authenticate: Negotiate
Header Name: [www-authenticate], Value: [Negotiate]
[hdr] WWW-Authenticate: NTLM
Header Name: [www-authenticate], Value: [NTLM]
[hdr] Date: Wed, 11 Jan 2023 18:07:34 GMT
Header Name: [date], Value: [Wed, 11 Jan 2023 18:07:34 GMT]
[hdr] Content-Length: 1293
Header Name: [content-length], Value: [1293]
[hdr]
End of headers.
Running post_headers hooks
Reading 1293 bytes of response body.
Got 1293 bytes.
Running post_send hooks
auth: Post-send (#2), code is 401 (want 401), WWW-Authenticate is Negotiate, NTLM
auth: Got challenge (code 401).
auth: Got 'Negotiate' challenge.
auth: Got 'NTLM' challenge.
auth: Trying Negotiate challenge...
auth: Trying NTLM challenge...
auth: NTLM challenge.
Authentication required for (null) on server `fsstud.ruhr-uni-bochum.de':
Username: MYLOGINNAME@ruhr-uni-bochum.de
Password:
auth: Accepted NTLM challenge.
Running pre_send hooks
auth: Sending 'NTLM' response.
Sending request headers:
PROPFIND /MYLOGINNAME/ HTTP/1.1
User-Agent: cadaver/0.24 neon/0.32.4
Connection: TE
TE: trailers
Host: fsstud.ruhr-uni-bochum.de
Depth: 0
Content-Length: 288
Content-Type: application/xml
Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sending request-line and headers:
Sending request body:
Request sent; retry is 1.
[status-line] < HTTP/1.1 401 Unauthorized
[hdr] Content-Type: text/html; charset=us-ascii
Header Name: [content-type], Value: [text/html; charset=us-ascii]
[hdr] Server: Microsoft-HTTPAPI/2.0
Header Name: [server], Value: [Microsoft-HTTPAPI/2.0]
[hdr] WWW-Authenticate: NTLM BASE64_TOKEN_113_CHARS
Header Name: [www-authenticate], Value: [NTLM BASE64_TOKEN_113_CHARS]
[hdr] Date: Wed, 11 Jan 2023 18:07:44 GMT
Header Name: [date], Value: [Wed, 11 Jan 2023 18:07:44 GMT]
[hdr] Content-Length: 341
Header Name: [content-length], Value: [341]
[hdr]
End of headers.
Running post_headers hooks
Reading 341 bytes of response body.
Got 341 bytes.
Running post_send hooks
auth: Post-send (#3), code is 401 (want 401), WWW-Authenticate is NTLM BASE64_TOKEN_113_CHARS
auth: Got challenge (code 401).
auth: Got 'NTLM' challenge.
auth: NTLM opaque parameter 'BASE64_TOKEN_113_CHARS'
auth: Trying NTLM challenge...
auth: NTLM challenge.
auth: Accepted NTLM challenge.
Running pre_send hooks
auth: Sending 'NTLM' response.
Sending request headers:
PROPFIND /MYLOGINNAME/ HTTP/1.1
User-Agent: cadaver/0.24 neon/0.32.4
Connection: TE
TE: trailers
Host: fsstud.ruhr-uni-bochum.de
Depth: 0
Content-Length: 288
Content-Type: application/xml
Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sending request-line and headers:
Sending request body:
Request sent; retry is 1.
[status-line] < HTTP/1.1 401 Unauthorized
[hdr] Content-Type: text/html
Header Name: [content-type], Value: [text/html]
[hdr] Server: Microsoft-IIS/10.0
Header Name: [server], Value: [Microsoft-IIS/10.0]
[hdr] WWW-Authenticate: Negotiate
Header Name: [www-authenticate], Value: [Negotiate]
[hdr] WWW-Authenticate: NTLM
Header Name: [www-authenticate], Value: [NTLM]
[hdr] Date: Wed, 11 Jan 2023 18:07:44 GMT
Header Name: [date], Value: [Wed, 11 Jan 2023 18:07:44 GMT]
[hdr] Content-Length: 1293
Header Name: [content-length], Value: [1293]
[hdr]
End of headers.
Running post_headers hooks
Reading 1293 bytes of response body.
Got 1293 bytes.
Running post_send hooks
auth: Post-send (#4), code is 401 (want 401), WWW-Authenticate is Negotiate, NTLM
auth: Got challenge (code 401).
auth: Got 'Negotiate' challenge.
auth: Got 'NTLM' challenge.
auth: Trying Negotiate challenge...
auth: Trying NTLM challenge...
auth: NTLM challenge.
auth: No challenges accepted.
Request ends, status 401 class 4xx, error line:
Could not authenticate to server: ignoring empty Negotiate continuation, rejected NTLM challenge
Running destroy hooks.
Request ends.
Could not access /MYLOGINNAME/ (not WebDAV-enabled?):
Could not authenticate to server: ignoring empty Negotiate continuation, rejected NTLM challenge
sess: Destroying session.
Connection to `fsstud.ruhr-uni-bochum.de' closed.
igmar
commented
1 year ago Was this issue ever resolved ? I have a similar setup failing.
igmar
commented
1 year ago I suspect this rejection is due to MS doing some things. I've asked the admin of the Sharepoint service to have a look at the IIS logs to see if it tells why it gets rejected. That might provide some additional info where to start looking.
igmar
commented
1 year ago Ok, the issue is clear :
What davfs sends :
$ ntlm_decoder "TlRMTVNTUAABAAAAAgIAAAAAAAAgAAAAAAAAACAAAAA=" Type 1 message Flags : Negotiate OEM Negotiate NTLM
What curl sends :
$ ntlm_decoder "TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=" Type 1 message Flags : Negotiate OEM Request Target Negotiate NTLM Negotiate Always Sign Negotiate NTLM2 Key
Recent IIS security setups require NTLMv2 and signing, and that is also a requirement if you have password > 14 chars.
I'll cook up a patch for this in the next weeks.
notroj
commented
1 year ago Thanks @igmar for the detailed analysis.
Describe the bug While trying to connect to a WebDAV server, I'm getting this error message:
Environment
To Reproduce
Debugging output Please instruct me how to.