[Evolution] EWS NTLM auth not working

David Woodhouse dwmw2 at infradead.org
Thu Feb 15 11:07:47 UTC 2018


On Tue, 2018-02-06 at 22:06 +0100, j2ev at centrum.cz wrote:
> Hello,
>  
> I spent a little more time investigating the issue. I took a look in
> to the source code of libsoup and I think it calls winbind's
> ntlm_auth binary without password with the --use-cached-creds option
> only. And if that does not work, it makes some own computations. I am
> no programmer, so I might be wrong. Nevertheless, I tried to join the
> domain and login with pam_winbind to be able to use the cached
> credentials. I tried to call ntlm_auth manually and it worked and so
> did login in Evolution. I think that libsoup itself might not
> actually support NTLMv2, maybe just NTLM2, or the implementation is
> broken. Anyway, I post it for information. If there would be anyone
> willing to take a look on this, I would appreciate. Using Thunderbird
> with EWS plugin for calendars is rather difficult.

Can you clarify please?

If you use ntlm_auth for single-sign-on, it works?
If you use Kerberos (which you should), it works?

The only case that doesn't work is when you *don't* use ntlm_auth
(because you've moved it out of the way or because winbindd does have
creds), and libsoup attempts to do the authentication for itself using
a password that you provide manually?

I'd like to see the NTLM exchanges in both working and failing cases,
please.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5213 bytes
Desc: not available
URL: <http://lists.osuosl.org/pipermail/evolution-users/attachments/20180215/d3c57807/attachment-0001.bin>


More information about the evolution-users mailing list