Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

401 - Unauthorized Blues

Mitch
2008-06-27
2013-04-16
  • Mitch
    Mitch
    2008-06-27

    I'm running davfs2 1.3.2, attempting to access a Window$ Web Folder.  I'm able to successfully access it via a browser on a Window$ box (after supplying credentials).  However when I access it via the mount, I receive a 401 return:

    xxxxxxxx@linux01:~/.davfs2> mount /mnt/cloud
    Please enter the password to authenticate user <user> with server
    http://<server>/share or hit enter for none.
    Password:<password>
    /sbin/mount.davfs: Mounting failed.
    401 Unauthorized

    I turned on httpauth debug -- here is what I got back:
    Debug Log

    Jun 27 11:40:12 linux01 mount.davfs: davfs2 1.3.2
    Jun 27 11:40:18 linux01 mount.davfs: Initializing webdav
    Jun 27 11:40:18 linux01 mount.davfs: ah_create, for WWW-Authenticate
    Jun 27 11:40:18 linux01 mount.davfs: Not handling session.
    Jun 27 11:40:18 linux01 mount.davfs: ah_post_send (#0), code is 401 (want 401), WWW-Authenticate is Negotiate, NTLM
    Jun 27 11:40:18 linux01 mount.davfs: Got challenge (code 401).
    Jun 27 11:40:18 linux01 mount.davfs: Got new auth challenge: Negotiate, NTLM
    Jun 27 11:40:18 linux01 mount.davfs: Ignoring challenge 'Negotiate'.
    Jun 27 11:40:18 linux01 mount.davfs: Ignoring challenge 'NTLM'.
    Jun 27 11:40:18 linux01 mount.davfs: Finished parsing parameters.

    Any ideas?

     
    • Werner Baumann
      Werner Baumann
      2008-06-29

      The credential in the secrets file and given on command line are for HTTP-Authentication (BASIC and DIGEST) only. Your server uses Windows-authentication (NTLM).

      The Neon-library, used by davfs2, supports GSSAPI and NTLM. But there are some problems to solve:

      - by default NTLM is only allowed over TLS/SSL-connections by Neon. davfs2 does not change this defaults.

      - when Neon tries to accept NTLM-authentication, it will use GSSAPI to find a "credentials cache". You probably have to set up GSSAPI on your system accordingly for this to succeed.

      - I never cared about Windows-authentication, so I am not of any help there. But if any user gets NTLM working, it should make it into the davfs2-documentation.

      Cheers
      Werner

      P.S.: Of course, the server could support HTTP-authentication, just assuming there might be some none-windows clients.