Menu

#41 NTLM auth fails

1.4.0-pre
invalid
nobody
NTLM (1) auth (2) mechanism (1)
unknown
5
2018-07-02
2018-06-26
Dan C
No

Failure to authenticate using NTLM mechanism

 12:06 PM Tue Jun 26$ src/mbsync -c my_mbsyncrc -Dn -l work
Reading configuration file my_mbsyncrc
No channel or group named 'testaccount-work' defined.
Channel testaccount-inbox
Opening master store testaccount-remote...
Resolving mail.cisco.com... ok
Connecting to mail.cisco.com (173.37.102.6:143)... 
Opening slave store testaccount-local...

* OK The Microsoft Exchange IMAP4 service is ready.
>>> 1 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 LOGINDISABLED STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
>>> 2 STARTTLS
2 OK Begin TLS negotiation now.
Connection is now encrypted
>>> 3 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=NTLM AUTH=GSSAPI UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
3 OK CAPABILITY completed.
Logging in...
Authenticating with SASL mechanism NTLM...
>>> 4 AUTHENTICATE NTLM
+
>+> TlRMTVNTUAABAAAABwIAAAAAAAAgAAAAAAAAACAAAAA=
4 NO AUTHENTICATE failed.
IMAP command 'AUTHENTICATE NTLM' returned an error: NO AUTHENTICATE failed.

Config file:

Create Both
Expunge Both
SyncState *

IMAPAccount testaccount
Host mail.mailserver.com
User domain\\username
PassCmd "cat ~/bin/.company.pwd"
SSLVersions TLSv1.2
SSLType STARTTLS

IMAPStore testaccount-remote
Account testaccount

MaildirStore testaccount-local
SubFolders Verbatim
Path ~/Mail/testaccount/
Inbox ~/Mail/testaccount/Inbox

Channel testaccount-inbox
Master :testaccount-remote:
Slave :testaccount-local:
Patterns INBOX
Create Both 
CopyArrivalDate yes
SyncState *

Group work
Channel testaccount-inbox
Channel testaccount-work

I've tested all branches up to 1.1 and it looks like this functionality is broken starting with 1.2 up to the latest.

Discussion

  • Dan C

    Dan C - 2018-06-26

    ... and thank you for great work on isync :-)

     

  • Oswald Buddenhagen

    Oswald Buddenhagen - 2018-07-01

    1.2 is the version SASL support was introduced, which means that NTLM just never worked for you.
    by extension that means that you can work it around by using AuthMech LOGIN.

    as to why it doesn't work, it might be that the client supports only NTLMv1, while the server (reasonably) rejects anything below NTLMv2, but that's pure speculation.

     

    • Dan C

      Dan C - 2018-07-01

      Thank you ! I will try the setting you recommended and upload the outputs to the ticket for future generations.

       

  • Dan C

    Dan C - 2018-07-02

    Config change as per recommendation fixed the problem. Could you please close the ticket ?

     

    Last edit: Dan C 2018-07-02

  • Oswald Buddenhagen

    Oswald Buddenhagen - 2018-07-02
    • status: reported --> invalid
     

Log in to post a comment.

MongoDB Logo MongoDB