| 2010-11-16 12:14:56 |
Bob Clough |
description |
Binary package hint: libcurl3
On a fully updated version of Ubuntu 10.10 amd64, under both curl and php5-curl, we were unable to use NTLM authentication to talk to our exchange server. Regressing libcurl3 from 7.21.0 to 7.19.5 from karmic fixed the problem for both applications.
Curl verbose log (broken, 7.21.0):
# curl --insecure --ntlm -v -u 2008Dev.internal\\test1:test1 https://10.0.0.17/EWS/Exchange.asmx
* About to connect() to 10.0.0.17 port 443 (#0)
* Trying 10.0.0.17... connected
* Connected to 10.0.0.17 (10.0.0.17) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
* subject: CN=2008Exc07
* start date: 2010-09-19 23:27:30 GMT
* expire date: 2011-09-19 23:27:30 GMT
* common name: 2008Exc07 (does not match '10.0.0.17')
* issuer: CN=2008Exc07
* SSL certificate verify result: unable to get local issuer
certificate (20), continuing anyway.
* Server auth using NTLM with user '2008Dev.internal\test1'
> GET /EWS/Exchange.asmx HTTP/1.1
> Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 10.0.0.17
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Server: Microsoft-IIS/7.0
< WWW-Authenticate: NTLM TlRMTVNTUAACAAAABwAHADgAAAAGgokC/XqDA0P38r0AAAAAAAAAALgAuAA/AAAABgByFwAAAA8yMDA4REVWAgAOADIAMAAwADgARABFAFYAAQASADIAMAAwADgARQBYAEMAMAA3AAQAIAAyADAAMAA4AGQAZQB2AC4AaQBuAHQAZQByAG4AYQBsAAMANAAyADAAMAA4AEUAeABjADAANwAuADIAMAAwADgAZABlAHYALgBpAG4AdABlAHIAbgBhAGwABQAgADIAMAAwADgAZABlAHYALgBpAG4AdABlAHIAbgBhAGwABwAIAAm9m+t+hcsBAAAAAA==
* gss_init_sec_context() failed: : Cannot determine realm for numeric host address
< WWW-Authenticate: Negotiate
< X-Powered-By: ASP.NET
< Date: Tue, 16 Nov 2010 11:10:46 GMT
< Content-Length: 0
<
* Connection #0 to host 10.0.0.17 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Curl verbose log (7.19.5, working version)
# curl --insecure --ntlm -v -u 2008Dev.internal\\test1:test1 https://10.0.0.17/EWS/Exchange.asmx
* About to connect() to 10.0.0.17 port 443 (#0)
* Trying 10.0.0.17... connected
* Connected to 10.0.0.17 (10.0.0.17) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
* subject: CN=2008Exc07
* start date: 2010-09-19 23:27:30 GMT
* expire date: 2011-09-19 23:27:30 GMT
* common name: 2008Exc07 (does not match '10.0.0.17')
* issuer: CN=2008Exc07
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using NTLM with user '2008Dev.internal\test1'
> GET /EWS/Exchange.asmx HTTP/1.1
> Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: curl/7.19.5 (x86_64-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 10.0.0.17
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Server: Microsoft-IIS/7.0
< WWW-Authenticate: NTLM
TlRMTVNTUAACAAAABwAHADgAAAAGgokC5tMN7bhBbsAAAAAAAAAAALgAuAA/AAAABgByFwAAAA8yMDA4REVWAgAOADIAMAAwADgARABFAFYAAQASADIAMAAwADgARQBYAEMAMAA3AAQAIAAyADAAMAA4AGQAZQB2AC4AaQBuAHQAZQByAG4AYQBsAAMANAAyADAAMAA4AEUAeABjADAANwAuADIAMAAwADgAZABlAHYALgBpAG4AdABlAHIAbgBhAGwABQAgADIAMAAwADgAZABlAHYALgBpAG4AdABlAHIAbgBhAGwABwAIACUNUIqFhcsBAAAAAA==
* gss_init_sec_context() failed: : Credentials cache file '/tmp/krb5cc_1000' not found
< WWW-Authenticate: Negotiate
< X-Powered-By: ASP.NET
< Date: Tue, 16 Nov 2010 11:58:10 GMT
< Content-Length: 0
<
* Connection #0 to host 10.0.0.17 left intact
* Issue another request to this URL: 'https://10.0.0.17/EWS/Exchange.asmx'
* Re-using existing connection! (#0) with host 10.0.0.17
* Connected to 10.0.0.17 (10.0.0.17) port 443 (#0)
* Server auth using NTLM with user '2008Dev.internal\test1'
> GET /EWS/Exchange.asmx HTTP/1.1
> Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAABAAEABwAAAABQAFAIAAAAANAA0AhQAAAAAAAAAAAAAABoKJAqEGJrSulZ+8AAAAAAAAAAAAAAAAAAAAACxk4WklyuRftTIFrxWQy3VJi7znhmcDezIwMDhEZXYuaW50ZXJuYWx0ZXN0MXBtY25hbGx5LWlNYWM=
> User-Agent: curl/7.19.5 (x86_64-pc-linux-gnu) libcurl/7.19.5
OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 10.0.0.17
> Accept: */*
>
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html
< Location: /EWS/Services.wsdl
< Server: Microsoft-IIS/7.0
< X-AspNet-Version: 2.0.50727
< X-Powered-By: ASP.NET
< Date: Tue, 16 Nov 2010 11:58:10 GMT
< Connection: close
<
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fEWS%2fServices.wsdl">here</a>.</h2>
</body></html>
* Closing connection #0
* SSLv3, TLS alert, Client hello (1): |
Binary package hint: libcurl3
On a fully updated version of Ubuntu 10.10 amd64, under both curl and php5-curl, we were unable to use NTLM authentication to talk to our exchange server. Regressing libcurl3 from 7.21.0 to 7.19.5 from karmic fixed the problem for both applications.
Curl verbose log (broken, 7.21.0):
# curl --insecure --ntlm -v -u 2008Dev.internal\\test1:test1 https://10.0.0.17/EWS/Exchange.asmx
* About to connect() to 10.0.0.17 port 443 (#0)
* Trying 10.0.0.17... connected
* Connected to 10.0.0.17 (10.0.0.17) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
* subject: CN=2008Exc07
* start date: 2010-09-19 23:27:30 GMT
* expire date: 2011-09-19 23:27:30 GMT
* common name: 2008Exc07 (does not match '10.0.0.17')
* issuer: CN=2008Exc07
* SSL certificate verify result: unable to get local issuer
certificate (20), continuing anyway.
* Server auth using NTLM with user '2008Dev.internal\test1'
> GET /EWS/Exchange.asmx HTTP/1.1
> Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 10.0.0.17
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Server: Microsoft-IIS/7.0
< WWW-Authenticate: NTLM TlRMTVNTUAACAAAABwAHADgAAAAGgokC/XqDA0P38r0AAAAAAAAAALgAuAA/AAAABgByFwAAAA8yMDA4REVWAgAOADIAMAAwADgARABFAFYAAQASADIAMAAwADgARQBYAEMAMAA3AAQAIAAyADAAMAA4AGQAZQB2AC4AaQBuAHQAZQByAG4AYQBsAAMANAAyADAAMAA4AEUAeABjADAANwAuADIAMAAwADgAZABlAHYALgBpAG4AdABlAHIAbgBhAGwABQAgADIAMAAwADgAZABlAHYALgBpAG4AdABlAHIAbgBhAGwABwAIAAm9m+t+hcsBAAAAAA==
* gss_init_sec_context() failed: : Cannot determine realm for numeric host address
< WWW-Authenticate: Negotiate
< X-Powered-By: ASP.NET
< Date: Tue, 16 Nov 2010 11:10:46 GMT
< Content-Length: 0
<
* Connection #0 to host 10.0.0.17 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Curl verbose log (7.19.5, working version)
# curl --insecure --ntlm -v -u 2008Dev.internal\\test1:test1 https://10.0.0.17/EWS/Exchange.asmx
* About to connect() to 10.0.0.17 port 443 (#0)
* Trying 10.0.0.17... connected
* Connected to 10.0.0.17 (10.0.0.17) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
* subject: CN=2008Exc07
* start date: 2010-09-19 23:27:30 GMT
* expire date: 2011-09-19 23:27:30 GMT
* common name: 2008Exc07 (does not match '10.0.0.17')
* issuer: CN=2008Exc07
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using NTLM with user '2008Dev.internal\test1'
> GET /EWS/Exchange.asmx HTTP/1.1
> Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: curl/7.19.5 (x86_64-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 10.0.0.17
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Server: Microsoft-IIS/7.0
< WWW-Authenticate: NTLM
TlRMTVNTUAACAAAABwAHADgAAAAGgokC5tMN7bhBbsAAAAAAAAAAALgAuAA/AAAABgByFwAAAA8yMDA4REVWAgAOADIAMAAwADgARABFAFYAAQASADIAMAAwADgARQBYAEMAMAA3AAQAIAAyADAAMAA4AGQAZQB2AC4AaQBuAHQAZQByAG4AYQBsAAMANAAyADAAMAA4AEUAeABjADAANwAuADIAMAAwADgAZABlAHYALgBpAG4AdABlAHIAbgBhAGwABQAgADIAMAAwADgAZABlAHYALgBpAG4AdABlAHIAbgBhAGwABwAIACUNUIqFhcsBAAAAAA==
* gss_init_sec_context() failed: : Credentials cache file '/tmp/krb5cc_1000' not found
< WWW-Authenticate: Negotiate
< X-Powered-By: ASP.NET
< Date: Tue, 16 Nov 2010 11:58:10 GMT
< Content-Length: 0
<
* Connection #0 to host 10.0.0.17 left intact
* Issue another request to this URL: 'https://10.0.0.17/EWS/Exchange.asmx'
* Re-using existing connection! (#0) with host 10.0.0.17
* Connected to 10.0.0.17 (10.0.0.17) port 443 (#0)
* Server auth using NTLM with user '2008Dev.internal\test1'
> GET /EWS/Exchange.asmx HTTP/1.1
> Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAABAAEABwAAAABQAFAIAAAAANAA0AhQAAAAAAAAAAAAAABoKJAqEGJrSulZ+8AAAAAAAAAAAAAAAAAAAAACxk4WklyuRftTIFrxWQy3VJi7znhmcDezIwMDhEZXYuaW50ZXJuYWx0ZXN0MXBtY25hbGx5LWlNYWM=
> User-Agent: curl/7.19.5 (x86_64-pc-linux-gnu) libcurl/7.19.5
OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 10.0.0.17
> Accept: */*
>
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html
< Location: /EWS/Services.wsdl
< Server: Microsoft-IIS/7.0
< X-AspNet-Version: 2.0.50727
< X-Powered-By: ASP.NET
< Date: Tue, 16 Nov 2010 11:58:10 GMT
< Connection: close
<
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fEWS%2fServices.wsdl">here</a>.</h2>
</body></html>
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
|
|
