manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luigi D'Addario" <luigi.dadda...@googlemail.com>
Subject Re: SharePoint 2007 Connector - (401)HTTP/1.1 401 Unauthorized
Date Tue, 27 Nov 2012 16:06:57 GMT
Karl,

I tried many credential combination .. always 401 ..

>From server log,
with ManifoldCF UI interface (in POST), 401 error:

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2012-11-27 15:38:37
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus
sc-win32-status
2012-11-27 15:38:37 W3SVC662429156 192.168.30.42
*POST*/KireyRep/_vti_bin/lists.asmx - 80 - 192.168.49.62 Axis/1.4
*401* 2 2148074254
2012-11-27 15:38:37 W3SVC662429156 192.168.30.42 *POST
*/KireyRep/_vti_bin/lists.asmx
- 80 - 192.168.49.62 Axis/1.4 *401* 1 0
2012-11-27 15:38:37 W3SVC662429156 192.168.30.42 *POST
*/KireyRep/_vti_bin/lists.asmx
- 80 - 192.168.49.62 Axis/1.4 *401* 1 2148074252


With direct call via http (http://vm-shpt2k7/KireyRep/_vti_bin/lists.asmx),
(in GET):

2012-11-27 15:43:48 W3SVC662429156 192.168.30.42 GET
/KireyRep/_vti_bin/lists.asmx - 80 - 192.168.49.62
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729)
*401* 2 2148074254
2012-11-27 15:43:48 W3SVC662429156 192.168.30.42 GET
/KireyRep/_vti_bin/lists.asmx - 80 - 192.168.49.62
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729)
*401 *1 0
2012-11-27 15:43:48 W3SVC662429156 192.168.30.42 GET
/KireyRep/_vti_bin/lists.asmx - 80 vm-shpt2k7\administrator 192.168.49.62
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729)
*200* 0 0

It's quite a conundrum ...



2012/11/27 Karl Wright <daddywri@gmail.com>

> Ok, can you try a fully-qualified domain name, rather than the abbreviated
> one you have given, for the credentials?  Also, you might want to look at
> the server-side event logs for the reason for the authentication failure.
>
> Thanks,
> Karl
>
>
>
> On Tue, Nov 27, 2012 at 9:04 AM, Luigi D'Addario <
> luigi.daddario@googlemail.com> wrote:
>
>> well,
>>
>> on SharePoint Server:
>>
>> *NTAuthenticationProviders="NTLM"*
>>
>> *
>> *
>> on ManifoldCF UI interface, error:
>>
>> Parameters: serverLocation=/KireyRep
>> serverPort=80
>> serverVersion=3.0
>> userName=VM-SHPT2K7\Administrator
>> serverProtocol=http
>> serverName=vm-shpt2k7.services-kirey.lan
>> password=********
>>
>> Connection status:Crawl user did not authenticate properly, or has
>> insufficient permissions to access
>> http://vm-shpt2k7.services-kirey.lan/KireyRep: *(401)HTTP/1.1 401
>> Unauthorized*
>>
>> on manifoldcf.log
>>
>> *no error trace !*
>>
>>
>>
>>
>>
>> 2012/11/27 Karl Wright <daddywri@gmail.com>
>>
>>> Hi Luigi,
>>>
>>> The "Negotiate" is clearly part of the problem; please leave that out.
>>>
>>> The log entries you mention are indeed harmless warnings that we don't
>>> have an Italian localization yet.
>>>
>>> When you view the connection in the UI, what do you see now?
>>>
>>>
>>> Karl
>>>
>>>
>>> On Tue, Nov 27, 2012 at 8:25 AM, Luigi D'Addario <
>>> luigi.daddario@googlemail.com> wrote:
>>>
>>>> hi Karl,
>>>> thanks for your reply.
>>>>
>>>> *(1) Are you sure that your SharePoint IIS is not configured to use*
>>>> *Kerberos auth?*
>>>>
>>>>
>>>> On Sharepoint Server, in the MetaBase.xml  i have
>>>>
>>>> <IIsWebVirtualDir Location ="/LM/W3SVC/662429156/Root"
>>>>  AccessFlags="AccessExecute | AccessRead | AccessWrite | AccessScript"
>>>> AppFriendlyName="Root"
>>>>  AppIsolated="2"
>>>> AppPoolId="SharePoint - 80"
>>>> AppRoot="/LM/W3SVC/662429156/Root"
>>>>  AuthFlags="*AuthNTLM*"
>>>> ContentIndexed="FALSE"
>>>> DefaultLogonDomain="services-kirey.lan"
>>>>  DoDynamicCompression="TRUE"
>>>> DoStaticCompression="TRUE"
>>>>  HttpCustomHeaders="X-Powered-By: ASP.NET
>>>> MicrosoftSharePointTeamServices: 12.0.0.6421"
>>>>  *NTAuthenticationProviders="Negotiate,NTLM"*
>>>> Path="C:\Inetpub\wwwroot\wss\VirtualDirectories\80"
>>>>
>>>>
>>>> Ok, i have first "Negotiate", but  if I force only NTLM  (*
>>>> NTAuthenticationProviders="NTLM"*), manifoldcf.log *not recorder any
>>>> messages* !!
>>>>
>>>>
>>>> With a simply asp script running on my Sharepoint Server page i tried
>>>> to get authentication mode via http and this is the result:
>>>>
>>>> with *NTAuthenticationProviders="NTLM":*
>>>>
>>>> *User Id = VM-SHPT2K7\Administrator The user was logged in using the
>>>> NTLM authentication method.*
>>>>
>>>>
>>>> with *NTAuthenticationProviders="Negotiate,NTLM":*
>>>> *
>>>> *
>>>> *User Id = VM-SHPT2K7\Administrator The Negotiate method was used!
>>>> The user was logged on using NTLM*
>>>>
>>>>
>>>>
>>>>
>>>> In  manifoldcf.log i founded this error but i think is not related with
>>>> 401:
>>>>
>>>> ERROR 2012-11-27 10:56:49,828 (qtp17632942-166) - Missing resource
>>>> bundle 'org.apache.manifoldcf.crawler.connectors.sharepoint.common' for
>>>> locale 'it': Can't find bundle for base name
>>>> org.apache.manifoldcf.crawler.connectors.sharepoint.common, locale it;
>>>> trying it
>>>> java.util.MissingResourceException: Can't find bundle for base name
>>>> org.apache.manifoldcf.crawler.connectors.sharepoint.common, locale it
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> 2012/11/27 Karl Wright <daddywri@gmail.com>
>>>>
>>>>> Hi Luigi,
>>>>>
>>>>> The warning is coming from the part of commons-httpclient that is
>>>>> trying to set up communication with your SharePoint instance.  It
>>>>> thinks it needs to use SPNEGO to figure out the authentication
>>>>> mechanism, and it seems to be trying to load kerberos 5 configuration
>>>>> information, which means that  it thinks Kerberos is the
>>>>> authentication mechanism of choice.
>>>>>
>>>>> (1) Are you sure that your SharePoint IIS is not configured to use
>>>>> Kerberos auth?
>>>>>
>>>>> (2) What command-line arguments are you giving to the JVM that is
>>>>> running ManifoldCF?
>>>>>
>>>>> Karl
>>>>>
>>>>> On Tue, Nov 27, 2012 at 7:44 AM, Luigi D'Addario
>>>>> <luigi.daddario@googlemail.com> wrote:
>>>>> > Hello,
>>>>> >
>>>>> > I have installed apache-manifoldcf-1.0.1 on my Windows XP and
>>>>> > apache-manifoldcf-sharepoint-2007-plugin on my SharePoint 2007
>>>>> server.
>>>>> >  (a virtual machine).
>>>>> >
>>>>> > I can see the Permissions Page when I enter
>>>>> > http://xxxxx:xxxxx/sub_directory/_vti_bin/MCPermissions.asmx
>>>>> > in my browser.
>>>>> > When I try to make a "SharePoint Services 3.0 (2007)"
>>>>> > connection to my SharePoint 2007 server in the ManifoldCF
>>>>> > interface I get this error:
>>>>> >
>>>>> > Crawl user did not authenticate properly, or has insufficient
>>>>> permissions to
>>>>> > accesshttp://vm-shpt2k7/KireyRep: (401)HTTP/1.1 401 Unauthorized
>>>>> >
>>>>> > Via curl i get first a 401 and then a 200 status:
>>>>> >
>>>>> > curl --ntlm -u vm-shpt2k7\\administrator
>>>>> > http://vm-shpt2k7/KireyRep/_vti_bin/MCPermissions.asmx -v
>>>>> > Enter host password for user 'vm-shpt2k7\\administrator':
>>>>> > * About to connect() to vm-shpt2k7 port 80 (#0)
>>>>> > *   Trying 192.168.30.42...
>>>>> > * connected
>>>>> > * Connected to vm-shpt2k7 (192.168.30.42) port 80 (#0)
>>>>> > * Server auth using NTLM with user 'vm-shpt2k7\\administrator'
>>>>> >> GET /KireyRep/_vti_bin/MCPermissions.asmx HTTP/1.1
>>>>> >> Authorization: NTLM
>>>>> >> TlRMTVNTUAABAAAAt4II4gAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
>>>>> >> User-Agent: curl/7.25.0 (i386-pc-win32) libcurl/7.25.0
>>>>> OpenSSL/0.9.8u
>>>>> >> zlib/1.2
>>>>> > .6 libssh2/1.4.0
>>>>> >> Host: vm-shpt2k7
>>>>> >> Accept: */*
>>>>> >>
>>>>> > < HTTP/1.1 401 Unauthorized
>>>>> > < Content-Length: 1539
>>>>> > < Content-Type: text/html
>>>>> > < Server: Microsoft-IIS/6.0
>>>>> > < WWW-Authenticate: NTLM
>>>>> > TlRMTVNTUAACAAAAHAAcADgAAAA1goniwKcRCkDsTOwAAAAAAAAAAMo
>>>>> >
>>>>> AygBUAAAABQLODgAAAA9TAEUAUgBWAEkAQwBFAFMALQBLAEkAUgBFAFkAAgAcAFMARQBSAFYASQBDAEU
>>>>> >
>>>>> AUwAtAEsASQBSAEUAWQABABQAVgBNAC0AUwBIAFAAVAAyAEsANwAEACQAcwBlAHIAdgBpAGMAZQBzAC0
>>>>> >
>>>>> AawBpAHIAZQB5AC4AbABhAG4AAwA6AHYAbQAtAHMAaABwAHQAMgBrADcALgBzAGUAcgB2AGkAYwBlAHM
>>>>> >
>>>>> ALQBrAGkAcgBlAHkALgBsAGEAbgAFACQAcwBlAHIAdgBpAGMAZQBzAC0AawBpAHIAZQB5AC4AbABhAG4
>>>>> > AAAAAAA==
>>>>> > < X-Powered-By: ASP.NET
>>>>> > < MicrosoftSharePointTeamServices: 12.0.0.6421
>>>>> > < Date: Mon, 26 Nov 2012 21:47:30 GMT
>>>>> > <
>>>>> > * Ignoring the response-body
>>>>> > * Connection #0 to host vm-shpt2k7 left intact
>>>>> > * Issue another request to this URL:
>>>>> > 'http://vm-shpt2k7/KireyRep/_vti_bin/MCPerm
>>>>> > issions.asmx'
>>>>> > * Re-using existing connection! (#0) with host (nil)
>>>>> > * Connected to (nil) (192.168.30.42) port 80 (#0)
>>>>> > * Server auth using NTLM with user 'vm-shpt2k7\\administrator'
>>>>> >> GET /KireyRep/_vti_bin/MCPermissions.asmx HTTP/1.1
>>>>> >> Authorization: NTLM
>>>>> >> TlRMTVNTUAADAAAAGAAYAJAAAAAYABgAqAAAABQAFABIAAAAHAAcAFwAAA
>>>>> >
>>>>> AYABgAeAAAABAAEADAAAAANYKI4gUBKAoAAAAPdgBtAC0AcwBoAHAAdAAyAGsANwBcAGEAZABtAGkAbg
>>>>> >
>>>>> BpAHMAdAByAGEAdABvAHIAUgBNAC0ARABBAEQARABBAFIASQBPAEwAVl9uuLABbMoAAAAAAAAAAAAAAA
>>>>> > AAAAAAfxlYG/e4ds0BnEroh9Mto5NQBerxGktFfG5BOyKSh9Uth1nGuYbB3Q==
>>>>> >> User-Agent: curl/7.25.0 (i386-pc-win32) libcurl/7.25.0
>>>>> OpenSSL/0.9.8u
>>>>> >> zlib/1.2
>>>>> > .6 libssh2/1.4.0
>>>>> >> Host: vm-shpt2k7
>>>>> >> Accept: */*
>>>>> >>
>>>>> > < HTTP/1.1 200 OK
>>>>> > < Date: Mon, 26 Nov 2012 21:47:32 GMT
>>>>> > < Server: Microsoft-IIS/6.0
>>>>> > < X-Powered-By: ASP.NET
>>>>> > < MicrosoftSharePointTeamServices: 12.0.0.6421
>>>>> > < X-AspNet-Version: 2.0.50727
>>>>> > < Set-Cookie: WSS_KeepSessionAuthenticated=80; path=/
>>>>> > < Cache-Control: private, max-age=0
>>>>> > < Content-Type: text/html; charset=utf-8
>>>>> > < Content-Length: 3253
>>>>> > <
>>>>> >
>>>>> > On virtual machine, IIS is using NTLM authentication, but in
>>>>> manifoldcf.log
>>>>> > I get this warning:
>>>>> >
>>>>> > WARN 2012-11-27 12:17:47,375 (Thread-6885) - NEGOTIATE
>>>>> authentication error:
>>>>> > Invalid name provided (Mechanism level: Could not load configuration
>>>>> file
>>>>> > C:\WINDOWS\krb5.ini (Impossibile trovare il file specificato))
>>>>> >
>>>>> >
>>>>> > Any idea ?
>>>>> >
>>>>> > Thanks
>>>>>
>>>>
>>>>
>>>
>>
>

Mime
View raw message