Re: [Evolution] Trouble authenticating to Exchange account



FYI, this ended up being a limitation in libsoup.  I've submitted a
patch there; looks like it just got a response:

https://bugzilla.gnome.org/show_bug.cgi?id=739192

The issue occurs when a server is configured to require NTLMv2 Session
Security support.  ("NTLMv2 Session Security" is, despite the name, an
extension to regular NTLM.)

Adam

On Sun, Oct 12, 2014 at 11:39 AM, Adam Seering <aseering gmail com> wrote:
Update:  I've opened things up in gdb and poked around a bit.  This
code is using some glib async API's that I'm not familiar with, but
I've traced things to the following possibly-interesting point in
execution:

""" evolution-data-server-3.12.6/libebackend/e-authentication-mediator.c
851        if (mediator->priv->client_cancelled) {
(gdb) p mediator->priv->client_cancelled
$4 = 0
(gdb) n
854                "%s", _("Client cancelled the operation"));
"""

(At this point, I've entered a password into the UI, but the dialog
hasn't yet closed.)

This is Evolution 3.12 as currently distributed with Ubuntu 14.10
("apt-get install" for the binary, "apt-get source" for the source
code).  I've tried 3.13 from the 'fta1' PPA on launchpad.net; it
didn't fix the issue, I could debug that version further if you think
there are relevant changes.

If anyone has any thoughts or pointers, let me know.

Thanks,
Adam



On Sun, Oct 12, 2014 at 11:25 AM, Adam Seering <aseering gmail com> wrote:
Oops, I forgot to reply-all.  Re-sending:

Hi Milan,

Thanks for the reply, and for the curl command.  I tried running the
command and it had no trouble authenticating -- it made an initial
request, got a HTTP 401 asking for NTLM auth, then re-used the same
connection and made a second request, successfully authenticating and
returning a blob of XML containing (among other things) the string "No
mailbox with such guid."

Is there anything else I can check?

I'd be glad to download and poke at the source code to any of these
components if that would be useful, but I've never worked with this
codebase so I don't know what to look at.  I'm also glad to run other
debugging commands, etc.

Thanks,
Adam

On Fri, Oct 10, 2014 at 1:43 AM, Milan Crha <mcrha redhat com> wrote:
On Thu, 2014-10-09 at 19:13 -0400, Adam Seering wrote:
Hi all,
    I have access to two Exchange (EWS) accounts.  One of them works
great.  The other one won't accept my password, so I can't log in.
It
worked great earlier this year, but something in the server's
configuration seems to have changed.  (I don't know what.)

    If I run with EWS_DEBUG=2, I get the following request/response
pair every time I enter my password:

        Hi,
this handshake pair is usual. libsoup tries to connect to the server,
it responds that authorization is needed, then libsoup asks an
application for a password and re-sends the message to the server with
given credentials.

< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
...
Looks like it's never trying to re-connect using NTLM?  Anyone have
any guesses as to what's going on, or suggestions for things to try
to do to improve it?

So your server supports either GSSAPI/Kerberos authentication or NTLM.
I would verify that you have set the NTLM in account preferences and
that the address of the host (Host URL) begins with https://. There
are servers which require Basic authentication, but that is not
advertised by your server. I'm not aware of any server which would
allow http:// (insecure) connection.

Maybe you can try to connect to the server with curl, and if it'll
work, then there can be some glitch either in evolution-ews or in
libsoup. The curl command looks like this:

   curl -v -k --user USERNAME:PASSWORD -X POST -d @e.xml --ntlm \
      https://exchange.example.com/EWS/Exchange.asmx \
      --header 'Content-Type: text/xml; charset=utf-8'

Run it in a folder which contains the attached e.xml file. The request
as such will fail, because you won't have the requested item in your
account, but that's fine, because we are only trying to authenticate
and connect to the server.
        Bye,
        Milan
_______________________________________________
evolution-list mailing list
evolution-list gnome org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]