can't connect to secure host

Help
ejulien
2008-06-11
2013-11-25
  • ejulien
    ejulien
    2008-06-11

    Hi,

    I am trying to mount some secure webdav share with mount.davfs. I get the following error message:

    Could not authenticate to server: ignored NTLM challenge, GSSAPI authentication error: Unspecified GSS failure. Minor code may provide more information: No credentials cache found

    I tried a few things including compiling davfs2 and libneon from source. My current config is : davfs2-1.2.2 (from src) and neon-0.28.2 (from source) on ubuntu 8.04.

    I get the same message with davfs2 and libneon26 from ubuntu's repositories.

    Full output of mount.davfs is

    sudo mount -t davfs https://some.server/some_share /media/dav_share
    Please enter the username to authenticate with server
    https://some.server/some_share or hit enter for none.
    Username: (username)
    Please enter the password to authenticate user (username) with server
    https://some.server/some_share or hit enter for none.
    Password:
    /sbin/mount.davfs: the server certificate does not match the server name
    /sbin/mount.davfs: the server certificate is not trusted
    issuer: some.server
    subject: some.server
    identity: some.server
    fingerprint: 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00 :11:22:33
    You only should accept this certificate, if you can
    verify the fingerprint! The server might be faked
    or there might be a man-in-the-middle-attack.
    Accept certificate for this session? [y,N] y
    /sbin/mount.davfs: Mounting failed.
    Could not authenticate to server: ignored NTLM challenge, GSSAPI authentication error: Unspecified GSS failure. Minor code may provide more information: No credentials cache found

    Any help on how to get past this error message and how to remove the certificate warning would be appreciated!

    Thanks
    Eric

     
    • Werner Baumann
      Werner Baumann
      2008-06-12

      Hello Eric.

      SSL:
      - If the server certificate is not signed by one of the CAs known to your SSL-library, but selfsigned, you must configure davfs2 accordingly. Please see the man pages.
      - The server certificate must belong to the server. The subject-alt-name or the common name in the certificate must be equal to the server name. Please read the davfs2 error message again.
      - Why do people believe, they must be able to set up a "secure server" without knowing anything about TLS and certificates? This does not work.

      NTLM:
      - username and password asked for by davfs2 are only intended for HTTP-Basic and HTTP-Digest authentication. They are not used for NTLM and other GSSAPI negotioated authentication protocols. Though the Neon-library includes support for GSSAPI and NTLM, davfs2 only cares about HTTP-authentication (Basic and Digest). To get NTLM working, you probably have to set up your system accordingly and patch davfs2. As this is not very high in my TODO-list, somebody else will have to do it. But you might as well reconsider, whether you really need NTLM.

      Cheers
      Werner

       
  • Erlon R. Cruz
    Erlon R. Cruz
    2013-11-13

    Hi Werner, I had the same NTLM/GSSAPI failure. Did anything changed in davfs since this last post??

    Cheers,
    Erlon