You need to use the --data option, not -X. Karl
On Tue, Nov 27, 2012 at 11:37 AM, Luigi D'Addario < luigi.dadda...@googlemail.com> wrote: > Karl, > > via curl in POST i get a HTTP/1.1 *411 Length Required* > * > * > It meand that POST is blocked ? > > > curl -X POST --ntlm -u vm-shpt2k7\\administrator http://vm-s > hpt2k7/KireyRep/_vti_bin/MCPermissions.asmx -v > Enter host password for user 'vm-shpt2k7\\administrator': > * About to connect() to vm-shpt2k7 port 80 (#0) > * Trying 192.168.30.42... > * connected > * Connected to vm-shpt2k7 (192.168.30.42) port 80 (#0) > * Server auth using NTLM with user 'vm-shpt2k7\\administrator' > > POST /KireyRep/_vti_bin/MCPermissions.asmx HTTP/1.1 > > Authorization: NTLM > TlRMTVNTUAABAAAAt4II4gAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw== > > User-Agent: curl/7.25.0 (i386-pc-win32) libcurl/7.25.0 OpenSSL/0.9.8u > zlib/1.2 > .6 libssh2/1.4.0 > > Host: vm-shpt2k7 > > Accept: */* > > > < HTTP/1.1 *411 Length Required* > < Content-Type: text/html > < Date: Tue, 27 Nov 2012 16:32:06 GMT > < Connection: close > < Content-Length: 24 > < > <h1>Length Required</h1>* Closing connection #0 > > > > 2012/11/27 Karl Wright <daddy...@gmail.com> > >> Just on a whim, can you try POST with curl also? It is possible that >> POSTs are blocked in some way. >> >> If that doesn't work, then your security settings are prohibiting post. >> >> If that DOES work, then I'd like you to download a ManifoldCF 1.1-dev >> image from http://people.apache.org/~kwright/apache-manifoldcf-1.1-dev , >> and try that. This uses httpcomponents rather than our special >> commons-httpclient version. >> >> If none of this helps, getting a packet capture of both a curl POST and >> the comparable ManifoldCF attempt may well show us what the key issue is. >> It's possible that there is a header or something your IIS is rejecting, >> for instance. >> >> Thanks, >> Karl >> >> >> >> On Tue, Nov 27, 2012 at 11:06 AM, Luigi D'Addario < >> luigi.dadda...@googlemail.com> wrote: >> >>> Karl, >>> >>> I tried many credential combination .. always 401 .. >>> >>> From server log, >>> with ManifoldCF UI interface (in POST), 401 error: >>> >>> #Software: Microsoft Internet Information Services 6.0 >>> #Version: 1.0 >>> #Date: 2012-11-27 15:38:37 >>> #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query >>> s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus >>> sc-win32-status >>> 2012-11-27 15:38:37 W3SVC662429156 192.168.30.42 >>> *POST*/KireyRep/_vti_bin/lists.asmx - 80 - 192.168.49.62 Axis/1.4 >>> *401* 2 2148074254 >>> 2012-11-27 15:38:37 W3SVC662429156 192.168.30.42 *POST >>> */KireyRep/_vti_bin/lists.asmx >>> - 80 - 192.168.49.62 Axis/1.4 *401* 1 0 >>> 2012-11-27 15:38:37 W3SVC662429156 192.168.30.42 *POST >>> */KireyRep/_vti_bin/lists.asmx >>> - 80 - 192.168.49.62 Axis/1.4 *401* 1 2148074252 >>> >>> >>> With direct call via http ( >>> http://vm-shpt2k7/KireyRep/_vti_bin/lists.asmx), (in GET): >>> >>> 2012-11-27 15:43:48 W3SVC662429156 192.168.30.42 GET >>> /KireyRep/_vti_bin/lists.asmx - 80 - 192.168.49.62 >>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) >>> *401* 2 2148074254 >>> 2012-11-27 15:43:48 W3SVC662429156 192.168.30.42 GET >>> /KireyRep/_vti_bin/lists.asmx - 80 - 192.168.49.62 >>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) >>> *401 *1 0 >>> 2012-11-27 15:43:48 W3SVC662429156 192.168.30.42 GET >>> /KireyRep/_vti_bin/lists.asmx - 80 vm-shpt2k7\administrator 192.168.49.62 >>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) >>> *200* 0 0 >>> >>> It's quite a conundrum ... >>> >>> >>> >>> 2012/11/27 Karl Wright <daddy...@gmail.com> >>> >>>> Ok, can you try a fully-qualified domain name, rather than the >>>> abbreviated one you have given, for the credentials? Also, you might want >>>> to look at the server-side event logs for the reason for the authentication >>>> failure. >>>> >>>> Thanks, >>>> Karl >>>> >>>> >>>> >>>> On Tue, Nov 27, 2012 at 9:04 AM, Luigi D'Addario < >>>> luigi.dadda...@googlemail.com> wrote: >>>> >>>>> well, >>>>> >>>>> on SharePoint Server: >>>>> >>>>> *NTAuthenticationProviders="NTLM"* >>>>> >>>>> * >>>>> * >>>>> on ManifoldCF UI interface, error: >>>>> >>>>> Parameters: serverLocation=/KireyRep >>>>> serverPort=80 >>>>> serverVersion=3.0 >>>>> userName=VM-SHPT2K7\Administrator >>>>> serverProtocol=http >>>>> serverName=vm-shpt2k7.services-kirey.lan >>>>> password=******** >>>>> >>>>> Connection status:Crawl user did not authenticate properly, or has >>>>> insufficient permissions to access >>>>> http://vm-shpt2k7.services-kirey.lan/KireyRep: *(401)HTTP/1.1 401 >>>>> Unauthorized* >>>>> >>>>> on manifoldcf.log >>>>> >>>>> *no error trace !* >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> 2012/11/27 Karl Wright <daddy...@gmail.com> >>>>> >>>>>> Hi Luigi, >>>>>> >>>>>> The "Negotiate" is clearly part of the problem; please leave that out. >>>>>> >>>>>> The log entries you mention are indeed harmless warnings that we >>>>>> don't have an Italian localization yet. >>>>>> >>>>>> When you view the connection in the UI, what do you see now? >>>>>> >>>>>> >>>>>> Karl >>>>>> >>>>>> >>>>>> On Tue, Nov 27, 2012 at 8:25 AM, Luigi D'Addario < >>>>>> luigi.dadda...@googlemail.com> wrote: >>>>>> >>>>>>> hi Karl, >>>>>>> thanks for your reply. >>>>>>> >>>>>>> *(1) Are you sure that your SharePoint IIS is not configured to use* >>>>>>> *Kerberos auth?* >>>>>>> >>>>>>> >>>>>>> On Sharepoint Server, in the MetaBase.xml i have >>>>>>> >>>>>>> <IIsWebVirtualDir Location ="/LM/W3SVC/662429156/Root" >>>>>>> AccessFlags="AccessExecute | AccessRead | AccessWrite | >>>>>>> AccessScript" >>>>>>> AppFriendlyName="Root" >>>>>>> AppIsolated="2" >>>>>>> AppPoolId="SharePoint - 80" >>>>>>> AppRoot="/LM/W3SVC/662429156/Root" >>>>>>> AuthFlags="*AuthNTLM*" >>>>>>> ContentIndexed="FALSE" >>>>>>> DefaultLogonDomain="services-kirey.lan" >>>>>>> DoDynamicCompression="TRUE" >>>>>>> DoStaticCompression="TRUE" >>>>>>> HttpCustomHeaders="X-Powered-By: ASP.NET >>>>>>> MicrosoftSharePointTeamServices: 12.0.0.6421" >>>>>>> *NTAuthenticationProviders="Negotiate,NTLM"* >>>>>>> Path="C:\Inetpub\wwwroot\wss\VirtualDirectories\80" >>>>>>> >>>>>>> >>>>>>> Ok, i have first "Negotiate", but if I force only NTLM (* >>>>>>> NTAuthenticationProviders="NTLM"*), manifoldcf.log *not recorder >>>>>>> any messages* !! >>>>>>> >>>>>>> >>>>>>> With a simply asp script running on my Sharepoint Server page i >>>>>>> tried to get authentication mode via http and this is the result: >>>>>>> >>>>>>> with *NTAuthenticationProviders="NTLM":* >>>>>>> >>>>>>> *User Id = VM-SHPT2K7\Administrator The user was logged in using >>>>>>> the NTLM authentication method.* >>>>>>> >>>>>>> >>>>>>> with *NTAuthenticationProviders="Negotiate,NTLM":* >>>>>>> * >>>>>>> * >>>>>>> *User Id = VM-SHPT2K7\Administrator The Negotiate method was used! >>>>>>> The user was logged on using NTLM* >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> In manifoldcf.log i founded this error but i think is not related >>>>>>> with 401: >>>>>>> >>>>>>> ERROR 2012-11-27 10:56:49,828 (qtp17632942-166) - Missing resource >>>>>>> bundle 'org.apache.manifoldcf.crawler.connectors.sharepoint.common' for >>>>>>> locale 'it': Can't find bundle for base name >>>>>>> org.apache.manifoldcf.crawler.connectors.sharepoint.common, locale it; >>>>>>> trying it >>>>>>> java.util.MissingResourceException: Can't find bundle for base name >>>>>>> org.apache.manifoldcf.crawler.connectors.sharepoint.common, locale it >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2012/11/27 Karl Wright <daddy...@gmail.com> >>>>>>> >>>>>>>> Hi Luigi, >>>>>>>> >>>>>>>> The warning is coming from the part of commons-httpclient that is >>>>>>>> trying to set up communication with your SharePoint instance. It >>>>>>>> thinks it needs to use SPNEGO to figure out the authentication >>>>>>>> mechanism, and it seems to be trying to load kerberos 5 >>>>>>>> configuration >>>>>>>> information, which means that it thinks Kerberos is the >>>>>>>> authentication mechanism of choice. >>>>>>>> >>>>>>>> (1) Are you sure that your SharePoint IIS is not configured to use >>>>>>>> Kerberos auth? >>>>>>>> >>>>>>>> (2) What command-line arguments are you giving to the JVM that is >>>>>>>> running ManifoldCF? >>>>>>>> >>>>>>>> Karl >>>>>>>> >>>>>>>> On Tue, Nov 27, 2012 at 7:44 AM, Luigi D'Addario >>>>>>>> <luigi.dadda...@googlemail.com> wrote: >>>>>>>> > Hello, >>>>>>>> > >>>>>>>> > I have installed apache-manifoldcf-1.0.1 on my Windows XP and >>>>>>>> > apache-manifoldcf-sharepoint-2007-plugin on my SharePoint 2007 >>>>>>>> server. >>>>>>>> > (a virtual machine). >>>>>>>> > >>>>>>>> > I can see the Permissions Page when I enter >>>>>>>> > http://xxxxx:xxxxx/sub_directory/_vti_bin/MCPermissions.asmx >>>>>>>> > in my browser. >>>>>>>> > When I try to make a "SharePoint Services 3.0 (2007)" >>>>>>>> > connection to my SharePoint 2007 server in the ManifoldCF >>>>>>>> > interface I get this error: >>>>>>>> > >>>>>>>> > Crawl user did not authenticate properly, or has insufficient >>>>>>>> permissions to >>>>>>>> > accesshttp://vm-shpt2k7/KireyRep: (401)HTTP/1.1 401 Unauthorized >>>>>>>> > >>>>>>>> > Via curl i get first a 401 and then a 200 status: >>>>>>>> > >>>>>>>> > curl --ntlm -u vm-shpt2k7\\administrator >>>>>>>> > http://vm-shpt2k7/KireyRep/_vti_bin/MCPermissions.asmx -v >>>>>>>> > Enter host password for user 'vm-shpt2k7\\administrator': >>>>>>>> > * About to connect() to vm-shpt2k7 port 80 (#0) >>>>>>>> > * Trying 192.168.30.42... >>>>>>>> > * connected >>>>>>>> > * Connected to vm-shpt2k7 (192.168.30.42) port 80 (#0) >>>>>>>> > * Server auth using NTLM with user 'vm-shpt2k7\\administrator' >>>>>>>> >> GET /KireyRep/_vti_bin/MCPermissions.asmx HTTP/1.1 >>>>>>>> >> Authorization: NTLM >>>>>>>> >> TlRMTVNTUAABAAAAt4II4gAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw== >>>>>>>> >> User-Agent: curl/7.25.0 (i386-pc-win32) libcurl/7.25.0 >>>>>>>> OpenSSL/0.9.8u >>>>>>>> >> zlib/1.2 >>>>>>>> > .6 libssh2/1.4.0 >>>>>>>> >> Host: vm-shpt2k7 >>>>>>>> >> Accept: */* >>>>>>>> >> >>>>>>>> > < HTTP/1.1 401 Unauthorized >>>>>>>> > < Content-Length: 1539 >>>>>>>> > < Content-Type: text/html >>>>>>>> > < Server: Microsoft-IIS/6.0 >>>>>>>> > < WWW-Authenticate: NTLM >>>>>>>> > TlRMTVNTUAACAAAAHAAcADgAAAA1goniwKcRCkDsTOwAAAAAAAAAAMo >>>>>>>> > >>>>>>>> AygBUAAAABQLODgAAAA9TAEUAUgBWAEkAQwBFAFMALQBLAEkAUgBFAFkAAgAcAFMARQBSAFYASQBDAEU >>>>>>>> > >>>>>>>> AUwAtAEsASQBSAEUAWQABABQAVgBNAC0AUwBIAFAAVAAyAEsANwAEACQAcwBlAHIAdgBpAGMAZQBzAC0 >>>>>>>> > >>>>>>>> AawBpAHIAZQB5AC4AbABhAG4AAwA6AHYAbQAtAHMAaABwAHQAMgBrADcALgBzAGUAcgB2AGkAYwBlAHM >>>>>>>> > >>>>>>>> ALQBrAGkAcgBlAHkALgBsAGEAbgAFACQAcwBlAHIAdgBpAGMAZQBzAC0AawBpAHIAZQB5AC4AbABhAG4 >>>>>>>> > AAAAAAA== >>>>>>>> > < X-Powered-By: ASP.NET >>>>>>>> > < MicrosoftSharePointTeamServices: 12.0.0.6421 >>>>>>>> > < Date: Mon, 26 Nov 2012 21:47:30 GMT >>>>>>>> > < >>>>>>>> > * Ignoring the response-body >>>>>>>> > * Connection #0 to host vm-shpt2k7 left intact >>>>>>>> > * Issue another request to this URL: >>>>>>>> > 'http://vm-shpt2k7/KireyRep/_vti_bin/MCPerm >>>>>>>> > issions.asmx' >>>>>>>> > * Re-using existing connection! (#0) with host (nil) >>>>>>>> > * Connected to (nil) (192.168.30.42) port 80 (#0) >>>>>>>> > * Server auth using NTLM with user 'vm-shpt2k7\\administrator' >>>>>>>> >> GET /KireyRep/_vti_bin/MCPermissions.asmx HTTP/1.1 >>>>>>>> >> Authorization: NTLM >>>>>>>> >> TlRMTVNTUAADAAAAGAAYAJAAAAAYABgAqAAAABQAFABIAAAAHAAcAFwAAA >>>>>>>> > >>>>>>>> AYABgAeAAAABAAEADAAAAANYKI4gUBKAoAAAAPdgBtAC0AcwBoAHAAdAAyAGsANwBcAGEAZABtAGkAbg >>>>>>>> > >>>>>>>> BpAHMAdAByAGEAdABvAHIAUgBNAC0ARABBAEQARABBAFIASQBPAEwAVl9uuLABbMoAAAAAAAAAAAAAAA >>>>>>>> > AAAAAAfxlYG/e4ds0BnEroh9Mto5NQBerxGktFfG5BOyKSh9Uth1nGuYbB3Q== >>>>>>>> >> User-Agent: curl/7.25.0 (i386-pc-win32) libcurl/7.25.0 >>>>>>>> OpenSSL/0.9.8u >>>>>>>> >> zlib/1.2 >>>>>>>> > .6 libssh2/1.4.0 >>>>>>>> >> Host: vm-shpt2k7 >>>>>>>> >> Accept: */* >>>>>>>> >> >>>>>>>> > < HTTP/1.1 200 OK >>>>>>>> > < Date: Mon, 26 Nov 2012 21:47:32 GMT >>>>>>>> > < Server: Microsoft-IIS/6.0 >>>>>>>> > < X-Powered-By: ASP.NET >>>>>>>> > < MicrosoftSharePointTeamServices: 12.0.0.6421 >>>>>>>> > < X-AspNet-Version: 2.0.50727 >>>>>>>> > < Set-Cookie: WSS_KeepSessionAuthenticated=80; path=/ >>>>>>>> > < Cache-Control: private, max-age=0 >>>>>>>> > < Content-Type: text/html; charset=utf-8 >>>>>>>> > < Content-Length: 3253 >>>>>>>> > < >>>>>>>> > >>>>>>>> > On virtual machine, IIS is using NTLM authentication, but in >>>>>>>> manifoldcf.log >>>>>>>> > I get this warning: >>>>>>>> > >>>>>>>> > WARN 2012-11-27 12:17:47,375 (Thread-6885) - NEGOTIATE >>>>>>>> authentication error: >>>>>>>> > Invalid name provided (Mechanism level: Could not load >>>>>>>> configuration file >>>>>>>> > C:\WINDOWS\krb5.ini (Impossibile trovare il file specificato)) >>>>>>>> > >>>>>>>> > >>>>>>>> > Any idea ? >>>>>>>> > >>>>>>>> > Thanks >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >