FYI, this ended up being a limitation in libsoup. I've submitted a patch there; looks like it just got a response:
https://bugzilla.gnome.org/show_bug.cgi?id=739192 The issue occurs when a server is configured to require NTLMv2 Session Security support. ("NTLMv2 Session Security" is, despite the name, an extension to regular NTLM.) Adam On Sun, Oct 12, 2014 at 11:39 AM, Adam Seering <aseer...@gmail.com> wrote: > Update: I've opened things up in gdb and poked around a bit. This > code is using some glib async API's that I'm not familiar with, but > I've traced things to the following possibly-interesting point in > execution: > > """ evolution-data-server-3.12.6/libebackend/e-authentication-mediator.c > 851 if (mediator->priv->client_cancelled) { > (gdb) p mediator->priv->client_cancelled > $4 = 0 > (gdb) n > 854 "%s", _("Client cancelled the operation")); > """ > > (At this point, I've entered a password into the UI, but the dialog > hasn't yet closed.) > > This is Evolution 3.12 as currently distributed with Ubuntu 14.10 > ("apt-get install" for the binary, "apt-get source" for the source > code). I've tried 3.13 from the 'fta1' PPA on launchpad.net; it > didn't fix the issue, I could debug that version further if you think > there are relevant changes. > > If anyone has any thoughts or pointers, let me know. > > Thanks, > Adam > > > > On Sun, Oct 12, 2014 at 11:25 AM, Adam Seering <aseer...@gmail.com> wrote: >> Oops, I forgot to reply-all. Re-sending: >> >> Hi Milan, >> >> Thanks for the reply, and for the curl command. I tried running the >> command and it had no trouble authenticating -- it made an initial >> request, got a HTTP 401 asking for NTLM auth, then re-used the same >> connection and made a second request, successfully authenticating and >> returning a blob of XML containing (among other things) the string "No >> mailbox with such guid." >> >> Is there anything else I can check? >> >> I'd be glad to download and poke at the source code to any of these >> components if that would be useful, but I've never worked with this >> codebase so I don't know what to look at. I'm also glad to run other >> debugging commands, etc. >> >> Thanks, >> Adam >> >> On Fri, Oct 10, 2014 at 1:43 AM, Milan Crha <mc...@redhat.com> wrote: >>> On Thu, 2014-10-09 at 19:13 -0400, Adam Seering wrote: >>>> Hi all, >>>> I have access to two Exchange (EWS) accounts. One of them works >>>> great. The other one won't accept my password, so I can't log in. >>>> It >>>> worked great earlier this year, but something in the server's >>>> configuration seems to have changed. (I don't know what.) >>>> >>>> If I run with EWS_DEBUG=2, I get the following request/response >>>> pair every time I enter my password: >>> >>> Hi, >>> this handshake pair is usual. libsoup tries to connect to the server, >>> it responds that authorization is needed, then libsoup asks an >>> application for a password and re-sends the message to the server with >>> given credentials. >>> >>>> < WWW-Authenticate: Negotiate >>>> < WWW-Authenticate: NTLM >>>> ... >>>> Looks like it's never trying to re-connect using NTLM? Anyone have >>>> any guesses as to what's going on, or suggestions for things to try >>>> to do to improve it? >>> >>> So your server supports either GSSAPI/Kerberos authentication or NTLM. >>> I would verify that you have set the NTLM in account preferences and >>> that the address of the host (Host URL) begins with https://. There >>> are servers which require Basic authentication, but that is not >>> advertised by your server. I'm not aware of any server which would >>> allow http:// (insecure) connection. >>> >>> Maybe you can try to connect to the server with curl, and if it'll >>> work, then there can be some glitch either in evolution-ews or in >>> libsoup. The curl command looks like this: >>> >>> curl -v -k --user USERNAME:PASSWORD -X POST -d @e.xml --ntlm \ >>> https://exchange.example.com/EWS/Exchange.asmx \ >>> --header 'Content-Type: text/xml; charset=utf-8' >>> >>> Run it in a folder which contains the attached e.xml file. The request >>> as such will fail, because you won't have the requested item in your >>> account, but that's fine, because we are only trying to authenticate >>> and connect to the server. >>> Bye, >>> Milan >>> _______________________________________________ >>> evolution-list mailing list >>> evolution-list@gnome.org >>> To change your list options or unsubscribe, visit ... >>> https://mail.gnome.org/mailman/listinfo/evolution-list >>> _______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
