EWS NTLM auth not working

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

EWS NTLM auth not working

j2ev
Hello,
 
ever since we forced the use of NTLMv2 in our domain, NTLM auth in Evolution EWS fails. I am able to successfully authenticate through browser and even curl with use of NTLM against the webservice. Keberos auth works also. Could anybody give me a hint, please?
 
evolution 3.22.6-1 amd64
libsoup2.4-1 2.56.0-2 amd64
 
 
EWS_DEBUG=2 evolution

(evolution:5512): Gtk-WARNING **: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Method "RegisterClient" with signature "ss" on interface "org.xfce.Session.Manager" doesn't exist

> POST /EWS/Exchange.asmx HTTP/1.1
> Soup-Debug-Timestamp: 1498993712
> Soup-Debug: SoupSessionAsync 1 (0x5644342e3c40), ESoapMessage 1 (0x564434fdaa90), SoupSocket 1 (0x7f6e8c0036c0)
> Host: exchange.company.com
> User-Agent: Evolution/3.22.6
> Connection: Keep-Alive
> Content-Type: text/xml; charset=utf-8
> Authorization: NTLM <56 chars>
>
> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><types:RequestServerVersion xmlns:types="http://schemas.microsoft.com/exchange/services/2006/types" Version="Exchange2007_SP1"/></SOAP-ENV:Header><SOAP-ENV:Body xmlns:messages="http://schemas.microsoft.com/exchange/services/2006/messages"><messages:SyncFolderHierarchy xmlns="http://schemas.microsoft.com/exchange/services/2006/types"><messages:FolderShape><BaseShape>AllProperties</BaseShape></messages:FolderShape></messages:SyncFolderHierarchy></SOAP-ENV:Body></SOAP-ENV:Envelope>
 
< HTTP/1.1 401 Unauthorized
< Soup-Debug-Timestamp: 1498993712
< Soup-Debug: ESoapMessage 1 (0x564434fdaa90)
< Server: Microsoft-IIS/8.5
< request-id: 36559bae-06bd-400f-992f-79f7a199e145
< Set-Cookie: ClientId=RUOD0ONYYBAOFBTG; expires=Mon, 02-Jul-2018 11:08:32 GMT; path=/; HttpOnly
< WWW-Authenticate: NTLM <256 chars>
< WWW-Authenticate: Negotiate
< X-Powered-By: ASP.NET
< X-FEServer: EXCHANGE
< Date: Sun, 02 Jul 2017 11:08:32 GMT
< Content-Length: 0
 

> POST /EWS/Exchange.asmx HTTP/1.1
> Soup-Debug-Timestamp: 1498993713
> Soup-Debug: SoupSessionAsync 1 (0x5644342e3d60), ESoapMessage 1 (0x564434fdac20), SoupSocket 1 (0x7f6ef4003460)
> Host: exchange.company.com
> User-Agent: Evolution/3.22.6
> Connection: Keep-Alive
> Content-Type: text/xml; charset=utf-8
> Authorization: NTLM <56 chars>
>
> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><types:RequestServerVersion xmlns:types="http://schemas.microsoft.com/exchange/services/2006/types" Version="Exchange2007_SP1"/></SOAP-ENV:Header><SOAP-ENV:Body xmlns:messages="http://schemas.microsoft.com/exchange/services/2006/messages"><messages:SyncFolderHierarchy xmlns="http://schemas.microsoft.com/exchange/services/2006/types"><messages:FolderShape><BaseShape>AllProperties</BaseShape></messages:FolderShape></messages:SyncFolderHierarchy></SOAP-ENV:Body></SOAP-ENV:Envelope>
 
< HTTP/1.1 401 Unauthorized
< Soup-Debug-Timestamp: 1498993713
< Soup-Debug: ESoapMessage 1 (0x564434fdac20)
< Server: Microsoft-IIS/8.5
< request-id: a1289cd0-549d-4a2e-9f41-6523e50b4fd5
< Set-Cookie: ClientId=WTDUZJXO0GDCOUSIGG; expires=Mon, 02-Jul-2018 11:08:32 GMT; path=/; HttpOnly
< WWW-Authenticate: NTLM <256 chars>
< WWW-Authenticate: Negotiate
< X-Powered-By: ASP.NET
< X-FEServer: EXCHANGE
< Date: Sun, 02 Jul 2017 11:08:32 GMT
< Content-Length: 0
 

> POST /EWS/Exchange.asmx HTTP/1.1
> Soup-Debug-Timestamp: 1498993713
> Soup-Debug: SoupSessionAsync 1 (0x5644342e3d60), ESoapMessage 1 (0x564434fdac20), SoupSocket 1 (0x7f6ef4003460), restarted
> Host: exchange.company.com
> User-Agent: Evolution/3.22.6
> Connection: Keep-Alive
> Content-Type: text/xml; charset=utf-8
> Content-Length: 792
> Authorization: NTLM <56 chars>
>
> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><types:RequestServerVersion xmlns:types="http://schemas.microsoft.com/exchange/services/2006/types" Version="Exchange2007_SP1"/></SOAP-ENV:Header><SOAP-ENV:Body xmlns:messages="http://schemas.microsoft.com/exchange/services/2006/messages"><messages:SyncFolderHierarchy xmlns="http://schemas.microsoft.com/exchange/services/2006/types"><messages:FolderShape><BaseShape>AllProperties</BaseShape></messages:FolderShape></messages:SyncFolderHierarchy></SOAP-ENV:Body></SOAP-ENV:Envelope>
 
< HTTP/1.1 401 Unauthorized
< Soup-Debug-Timestamp: 1498993713
< Soup-Debug: ESoapMessage 1 (0x564434fdac20)
< Server: Microsoft-IIS/8.5
< request-id: 66f88679-8c59-42d5-b1d7-277b8aca79aa
< WWW-Authenticate: NTLM <256 chars>
< WWW-Authenticate: Negotiate
< X-Powered-By: ASP.NET
< X-FEServer: EXCHANGE
< Date: Sun, 02 Jul 2017 11:08:32 GMT
< Content-Length: 0
 

> POST /EWS/Exchange.asmx HTTP/1.1
> Soup-Debug-Timestamp: 1498993713
> Soup-Debug: SoupSessionAsync 1 (0x5644342e3d60), ESoapMessage 1 (0x564434fdac20), SoupSocket 1 (0x7f6ef4003460), restarted
> Host: exchange.company.com
> User-Agent: Evolution/3.22.6
> Connection: Keep-Alive
> Content-Type: text/xml; charset=utf-8
> Content-Length: 792
> Cookie: ClientId=WTDUZJXO0GDCOUSIGG
> Authorization: NTLM <176 chars>
>
> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><types:RequestServerVersion xmlns:types="http://schemas.microsoft.com/exchange/services/2006/types" Version="Exchange2007_SP1"/></SOAP-ENV:Header><SOAP-ENV:Body xmlns:messages="http://schemas.microsoft.com/exchange/services/2006/messages"><messages:SyncFolderHierarchy xmlns="http://schemas.microsoft.com/exchange/services/2006/types"><messages:FolderShape><BaseShape>AllProperties</BaseShape></messages:FolderShape></messages:SyncFolderHierarchy></SOAP-ENV:Body></SOAP-ENV:Envelope>
 

> POST /EWS/Exchange.asmx HTTP/1.1
> Soup-Debug-Timestamp: 1498993728
> Soup-Debug: SoupSessionAsync 1 (0x5644342e3e80), ESoapMessage 1 (0x564434fdadb0), SoupSocket 1 (0x564434fdc1a0)
> Host: exchange.company.com
> User-Agent: Evolution/3.22.6
> Connection: Keep-Alive
> Content-Type: text/xml; charset=utf-8
> Authorization: NTLM <56 chars>
>
> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><types:RequestServerVersion xmlns:types="http://schemas.microsoft.com/exchange/services/2006/types" Version="Exchange2007_SP1"/></SOAP-ENV:Header><SOAP-ENV:Body xmlns:messages="http://schemas.microsoft.com/exchange/services/2006/messages"><messages:SyncFolderHierarchy xmlns="http://schemas.microsoft.com/exchange/services/2006/types"><messages:FolderShape><BaseShape>AllProperties</BaseShape></messages:FolderShape></messages:SyncFolderHierarchy></SOAP-ENV:Body></SOAP-ENV:Envelope>
 
< HTTP/1.1 401 Unauthorized
< Soup-Debug-Timestamp: 1498993728
< Soup-Debug: ESoapMessage 1 (0x564434fdadb0)
< Server: Microsoft-IIS/8.5
< request-id: c170067f-17b8-47b3-98fd-b9a48bd2b5da
< Set-Cookie: ClientId=UPRBWRNBKEGKIYVIXSLIG; expires=Mon, 02-Jul-2018 11:08:48 GMT; path=/; HttpOnly
< WWW-Authenticate: NTLM <256 chars>
< WWW-Authenticate: Negotiate
< X-Powered-By: ASP.NET
< X-FEServer: EXCHANGE
< Date: Sun, 02 Jul 2017 11:08:47 GMT
< Content-Length: 0
 

> POST /EWS/Exchange.asmx HTTP/1.1
> Soup-Debug-Timestamp: 1498993728
> Soup-Debug: SoupSessionAsync 1 (0x5644342e3e80), ESoapMessage 1 (0x564434fdadb0), SoupSocket 1 (0x564434fdc1a0), restarted
> Host: exchange.company.com
> User-Agent: Evolution/3.22.6
> Connection: Keep-Alive
> Content-Type: text/xml; charset=utf-8
> Content-Length: 792
> Authorization: NTLM <64 chars>
>
> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><types:RequestServerVersion xmlns:types="http://schemas.microsoft.com/exchange/services/2006/types" Version="Exchange2007_SP1"/></SOAP-ENV:Header><SOAP-ENV:Body xmlns:messages="http://schemas.microsoft.com/exchange/services/2006/messages"><messages:SyncFolderHierarchy xmlns="http://schemas.microsoft.com/exchange/services/2006/types"><messages:FolderShape><BaseShape>AllProperties</BaseShape></messages:FolderShape></messages:SyncFolderHierarchy></SOAP-ENV:Body></SOAP-ENV:Envelope>
 
< HTTP/1.1 401 Unauthorized
< Soup-Debug-Timestamp: 1498993728
< Soup-Debug: ESoapMessage 1 (0x564434fdadb0)
< Server: Microsoft-IIS/8.5
< request-id: 1988a969-a0a3-4412-8274-66390925e536
< WWW-Authenticate: NTLM <256 chars>
< WWW-Authenticate: Negotiate
< X-Powered-By: ASP.NET
< X-FEServer: EXCHANGE
< Date: Sun, 02 Jul 2017 11:08:47 GMT
< Content-Length: 0
 

> POST /EWS/Exchange.asmx HTTP/1.1
> Soup-Debug-Timestamp: 1498993728
> Soup-Debug: SoupSessionAsync 1 (0x5644342e3e80), ESoapMessage 1 (0x564434fdadb0), SoupSocket 1 (0x564434fdc1a0), restarted
> Host: exchange.company.com
> User-Agent: Evolution/3.22.6
> Connection: Keep-Alive
> Content-Type: text/xml; charset=utf-8
> Content-Length: 792
> Cookie: ClientId=UPRBWRNBKEGKIYVIXSLIG
> Authorization: NTLM <176 chars>
>
> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header><types:RequestServerVersion xmlns:types="http://schemas.microsoft.com/exchange/services/2006/types" Version="Exchange2007_SP1"/></SOAP-ENV:Header><SOAP-ENV:Body xmlns:messages="http://schemas.microsoft.com/exchange/services/2006/messages"><messages:SyncFolderHierarchy xmlns="http://schemas.microsoft.com/exchange/services/2006/types"><messages:FolderShape><BaseShape>AllProperties</BaseShape></messages:FolderShape></messages:SyncFolderHierarchy></SOAP-ENV:Body></SOAP-ENV:Envelope>
 
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: EWS NTLM auth not working

Milan Crha
On Sun, 2017-07-02 at 14:40 +0200, [hidden email] wrote:
> ever since we forced the use of NTLMv2 in our domain, NTLM auth in
> Evolution EWS fails. I am able to successfully authenticate through
> browser and even curl with use of NTLM against the webservice.
> Keberos auth works also. Could anybody give me a hint, please?

        Hi,
does your system contain
   /usr/bin/ntlm_auth
binary, please? libsoup uses it when it's available, otherwise it does
some NTLM computation on its own. I would try to either move it away
(rename it is enough) or install it, depending on the current system
state, whether it'll change anything.

Otherwise this is a question on libsoup, eventually the Samba folks
(whom provide that ntlm_auth binary).
        Bye,
        Milan
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: EWS NTLM auth not working

j2ev
In reply to this post by j2ev

Hi Milan,

 

thanks for your input. Yes, I do have ntlm_auth binary. But I've already tried to rename it, even purge winbind from the system, which provides it. The behavior was still the same. Well, I will try libsoup list then.

 

Thanks

 

 

>  Hi,
> does your system contain
>    /usr/bin/ntlm_auth
> binary, please? libsoup uses it when it's available, otherwise it does
> some NTLM computation on its own. I would try to either move it away
> (rename it is enough) or install it, depending on the current system
> state, whether it'll change anything.
> 
> Otherwise this is a question on libsoup, eventually the Samba folks
> (whom provide that ntlm_auth binary).
>         Bye,
>         Milan

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list