NTLM authentication should be supported #2835
Comments
Even with 6a4e6ed it does not work. It now really tries NTLM but it does not succeed even if I abuse the path field to enter the domain. I always get a 401 response. |
Now I get a 404 response after some 401 respones, which is what I expect, because the domain is an invalid path. Why must we specify the domain? Isn't it sent in the NTLM challenge? If I use SeaMonkey composer with WebDAV to publish I never specify a domain even if asked in a three text field dialog asking for domain, username and password even there I leave the domain empty. Probably SeaMonkey then takes it from the NTLM challange. The server response contains the domain within the base64 encoded data. From there you can take it. It is not necessary to abuse the path for this purpose. After decoding the base64 encoded response you find the domain beginning somewhere about byte 20. |
Replying to [comment:4 anonymous]: I have now changed the implementation in 8808fbd to send an empty string for the domain. It can be overwritten by the property The default path setting is no longer misused. I am no expert for NTLM but I assume the client has to send the credentials first before the server ever responding with a domain. |
There is now a new problem with e7f84e0: As result of this request:
I got this response, which I read as "Object /beeprm/documents is a collection (folder) last modified at 2008-12-19T14:59:39 with status 200 OK", but Cyberduck looks at the 404 status below and therefor thinks that this does not exist.
Next Cyberduck appends the path a second time to the request URI
This is nonsence an now it correctly gets the response
I also see in this response that the Microsoft IIS/6.0 has a bug in the naming of the Expires HTTP header because the "p" is missing. A stupid typo! Shame on Microsoft. ;-) |
Very interesting: when I use an existing subdirectory as path "/beeprm/documents/externaldebug" it works well. So there seems to be a little bit fine tuning necessary. The WebDAV root on this server is "/beeprm/documents" if a path above is specified it is outside the WebDAV enabled application. This is probably the reason for the confusing response on the request which contains a 200 status and a 404 status. |
Just a wild guess. Maybe you have to reference the trailing slash like /beeprm/documents/`. |
No, the slash does not make a difference. The log contains only the HTTP headers, so I can not find the error message text there, even in wireshark I do not find the error message text. Here the last request / response in the log: This is a part of the response body taken from wireshark and partially formatted nice for better readability: I do not understand why this response results in this error messages: The English error message text is not part of the communication between Cyberduck and the Server. So this seems to be an internal error inside Cyberduck. Is Cyberduck confused by the collection /beeprm/documents having no properties called "DAV::getcontentlength" and "DAV::getcontenttype"? |
Thanks for the detailed transcript. To catch the transcript from Cyberduck in console.log, set the defaults property The issue seems to be that the |
Would a virtual machine help you to do your own tests with Microsoft Sharepoint Services 3.0 as WebDAV server? |
Replying to [comment:11 georgmaass]:
Yes, that would help a lot! Preferably a VMWare or VirtualBox image. |
I now download this VM provided by Microsoft and check it, whether I can launch it using Parallels Desktop. If this does not work or does not reproduce a useful test case, I try to setup a VM from the scratch using Parallels Desktop. I don't know whether VMWare Fusion can convert virtual machines created with Parallels Desktop. An other problem might be the Size, if it is too big I can not upload it to my webserver. Also it my require reregistration at Microsoft, when you change the VM engine. (If I convert a Windows VM from VMWare to Parallels or clone a real computer it requires new registration at Microsoft). So if the VM provided by Microsoft does not fit our needs I probably have to open a port in my firewall and run a self made VM locally at times negotiated with you before. At the moment I'm downloading the Microsoft stuff, which will take some hours. |
I have found a problem related with that. For a propfind operation of a directory, using Depth = infinity. It works OK and the property getcontenttype is returned. As you see the property getcontenttype is returned. But in the same response, the information of a file shows like this: So, the propfind of a file doesn't return the getcontenttype property. Even if I try to do propfind with Depth = 0 using the URL of the file. Is that normal? Is there any other way to get the Content Type using SharePoint's webdav? Thanks! |
To use Cyberduck with Microsoft Sharepoint Services it should support NTLM authentication. To support only BASIC authentication, if the server requires NTLM, is not enough.
Also the error message simply saying "login failed" is not user friendly, because this gives no idea to the user, why it fails. The reason, why it fails is simple and can be detected easily by the software. The authentication method requested by the server using the WWW-Authenticate HTTP header is not in the list of implememnted authentication methods, so the error message in such a case should not simply say "Login failed" but should say the reason why it failed: Could not negotiate authentication method.
I used wireshark to see, why it failed. What I see is: Cyberduck tries BASIC but the server wants NTLM.
The text was updated successfully, but these errors were encountered: