rroller
commented
2 years ago This is a weird one. Not sure what I can do to help here. I assume you are still facing this issue?
Open DanielNagy opened 2 years ago
rroller
commented
2 years ago This is a weird one. Not sure what I can do to help here. I assume you are still facing this issue?
DanielNagy
commented
2 years ago @rroller Yeah I am.. My guess is authentication credentials isn't being presented properly?
Testing my NVR with postman. Basic Get request to the following url fails, with a 401. http://192.168.1.10:80/cgi-bin/configManager.cgi?action=getConfig&name=General
Enable "Basic Auth" with the same username and password, works with the following response.
table.General.MachineName=NVR table.General.LocalNo=8 table.General.MachineAddress= table.General.LockLoginEnable=true table.General.LockLoginTimes=5 table.General.LoginFailLockTime=300
UPDATE Enabling "Digest Auth" in Postman as per the code in client.py, fails with the same 401
So, my NVR doesnt support Digest Auth? only Basic Auth? Unless i'm doing something wrong in Postman when enabling Digest Auth?
DanielNagy
commented
2 years ago danny@utils:~$ wget -Sv 'http://homeassistant:password@192.168.1.10:80/cgi-bin/configManager.cgi?action=getConfig&name=General'
--2021-10-04 11:58:10-- http://homeassistant:*password*@192.168.1.10/cgi-bin/configManager.cgi?action=getConfig&name=General
Connecting to 192.168.1.10:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="Device_CGI"
Set-Cookie:secure; HttpOnly
CONNECTION: close
Syntax error in Set-Cookie: secure; HttpOnly at position 7.
Authentication selected: Basic realm="Device_CGI"
Connecting to 192.168.1.10:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
X-XSS-Protection: 1;mode=block
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security: max-age=604800; includeSubDomains
Content-type: text/plain;charset=utf-8
CONNECTION: close
Set-Cookie:secure; HttpOnly
CONTENT-LENGTH: 192
Syntax error in Set-Cookie: secure; HttpOnly at position 7.
Length: 192 [text/plain]
Saving to: 'configManager.cgi?action=getConfig&name=General.2’
curl -v 'http://homeassistant:password@192.168.1.10:80/cgi-bin/configManager.cgi?action=getConfig&name=General'
* Trying 192.168.1.10...
* TCP_NODELAY set
* Connected to 192.168.1.10 (192.168.1.10) port 80 (#0)
* Server auth using Basic with user 'homeassistant'
> GET /cgi-bin/configManager.cgi?action=getConfig&name=General HTTP/1.1
> Host: 192.168.1.10
> Authorization: Basic aG9tZWFzc2lzdGFudDpIQXBhc3N3b3JkNA==
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
< X-XSS-Protection: 1;mode=block
< X-Frame-Options: SAMEORIGIN
< Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'
< Strict-Transport-Security: max-age=604800; includeSubDomains
< Content-type: text/plain;charset=utf-8
< CONNECTION: close
< Set-Cookie:secure; HttpOnly
< CONTENT-LENGTH: 192
<
table.General.MachineName=NVR
table.General.LocalNo=8
table.General.MachineAddress=
table.General.LockLoginEnable=true
table.General.LockLoginTimes=5
table.General.LoginFailLockTime=300
* Closing connection 0
Without passing authentication user / pass.. It is clear my NVR is wanting Basic Auth. I wonder if that is a setting i can change? Strange because I am running current v4 firmware build 27th Aug 2021.
curl -v 'http://192.168.1.10:80/cgi-bin/configManager.cgi?action=getConfig&name=General'
* Trying 192.168.1.10...
* TCP_NODELAY set
* Connected to 192.168.1.10 (192.168.1.10) port 80 (#0)
> GET /cgi-bin/configManager.cgi?action=getConfig&name=General HTTP/1.1
> Host: 192.168.1.10
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Basic realm="Device_CGI"
< Set-Cookie:secure; HttpOnly
< CONNECTION: close
<
* Closing connection 0
GaryOkie
commented
2 years ago I was having similar issues connecting to my Dahua NVR via curl and the Dahua custom integration. Tracked the problem down to having https/ssl enabled and not having the cert locally installed. Disabled SSL and all is well. Since I have all cameras and NVR blocked to the Internet, local http should be fine.
DanielNagy
commented
2 years ago @GaryOkie, I did try enabling and disabling https based on the original issue I quoted. (You will see my logs above are straight http / port 80.) Curl shows that it requests "Basic" Auth regardless of HTTP or HTTPS
For clarification, I've enabled HTTPS, and this is the result of the curl test. It still shows WWW-Authenticate as Basic
curl -vk 'https://192.168.1.10/cgi-bin/magicBox.cgi?action=getSystemInfo'
* Trying 192.168.1.10...
* TCP_NODELAY set
* Connected to 192.168.1.10 (192.168.1.10) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=192.168.1.10; C=CN
* start date: Jul 2 15:30:06 2021 GMT
* expire date: Jun 26 15:30:06 2051 GMT
* issuer: CN=NVR
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET /cgi-bin/magicBox.cgi?action=getSystemInfo HTTP/1.1
> Host: 192.168.1.10
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Basic realm="Device_CGI"
< Set-Cookie:secure; HttpOnly
< CONNECTION: closeSo long story short, it seems there needs to be a option to be able to select Basic authentication, as well as the default Digest Authentication?
Can we make this happen please? :)
thetravellor
commented
2 years ago My Dahua NVR states that an RTSP feed is available as follows
rtsp://
The integration appears to not understand this.
pentti12
commented
2 years ago Hello
I end up into similar situation as DanielNagy and thetravellor, when I tried to access Dahua DHI-NVR4104-P-4KS2 unit with the latest Dahua Integration 0.9.39. When I expect to get this integration working?
thetravellor
commented
2 years ago I have since found that the integration only works with the 4.0 dahua UI, you need to update the firmware your model.
https://www.dahuasecurity.com/support/downloadCenter/firmware?child=171 Maybe this one DH_NVR4x-4KS2L_MultiLang_V4.002.0000000.2.R.220121
If no firmware, you are out of luck.
DanielNagy
commented
2 years ago @thetravellor I have a NVR5216-16P-4KS2, and I'm running the following System Version | V4.002.0000000.2.R, Build Date: 20-01-2022
And the Security -> System Service -> Basic Services -> Private Protocol Authentication mode is set to "Security Mode (recommended)" which according to the manual is Digest mode.
I have tried changing this setting, rebooting, changing back, rebooting.. to no avail.
thetravellor
commented
2 years ago I dont have crypto on at all, try turning this off.
The integration would not work with crypto on. probably because its using a "Private" protocol that nobody knows anything about.
DanielNagy
commented
2 years ago @thetravellor Yeh, i already have that disabled, as per your screenshot.
thetravellor
commented
2 years ago You need to add 1 channel per integration, so if you have 8 cameras for example, you will add the integration 8 times once for each of channels from 0 to 7
DanielNagy
commented
2 years ago It doesn't even allow me to select channel 0. I get a authentication 401 error. Refer back to my debug log in the original post of this issue.
adit1o
commented
4 months ago any update guys? this happen only on my NVR, DVR work properly
test:
# NVR -> WORK
wget --user admin --password admin -O video.dav 'http://192.168.2.190/cgi-bin/loadfile.cgi?action=startLoad&channel=1&startTime=2024-04-23%2012:01:00&endTime=2024-04-23%2012:02:00'
# NVR -> NOT WORK
wget --user admin --password admin -O video.dav 'http://192.168.2.190/cgi-bin/loadfile.cgi?action=startLoad&channel=1&startTime=2024-04-23%2012:00:00&endTime=2024-04-23%2013:00:00'output:
Connecting to 192.168.2.190:80... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Syntax error in Set-Cookie: secure; HttpOnly at position 7.
Authentication selected: Digest realm="Login to a7d673dd7e8e0028f88cbd54b5d324c1", qop="auth", nonce="374563367", opaque="d3a812d5923c1b13377d4162097492c7602018e1"
Connecting to 192.168.2.190:80... connected.
HTTP request sent, awaiting response... 200 OK
Syntax error in Set-Cookie: secure; HttpOnly at position 7.
Length: 3760128 (3.6M) [application/http]
Saving to: ‘video.dav’
video.dav 0%[ ] 0 --.-KB/s in 0s
2024-04-25 14:25:10 (0.00 B/s) - Connection closed at byte 0. Retrying.
Attempting to add my NVR5xxx-4KS2 series NVR, but fails with 401 Unauthorized errors.
Looked in issue #9 but it doesn't appear anyone has had this issue.
Version of the custom_component
latest 0.9.24
Describe the bug
Added the Integration with the username/password/ ip address, and it Successfully creates the integeration.
However, the Integration becomes "red", with "Retrying Setup". Checking the logs shows "integration not ready yet; Retrying in background", and "Failed to sync device state".
In log viewer, it shows that all the NVR's endpoints are failing with a 401, Unauthorized. If I manually browse to those cgi-bin based uri's, chrome prompts with username and password, and using the same credentials, successfully show valid responses.
Debug log