Using curl with NTLM auth to make a post is failing

Question

I can't seem to wrap my head around this. I'm trying to script automating an upload of a csv but the curl is failing with a 401.

curl -v --ntlm -u username --upload-file ~/galaxy/forums/pt_update.csv https://connect.example.com/11063/csv_import?op=add -k
Enter host password for user 'username:
* About to connect() to connect.example.com port 443 (#0)
*   Trying x.x.x.x... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-MD5
* Server certificate:
*    subject: C=US; ST=Washington; L=internetland; O=example.com Inc.; CN=connect.example.com
*    start date: 2012-06-11 14:53:47 GMT
*    expire date: 2013-06-11 14:53:47 GMT
*    common name: connect.example.com (matched)
*    issuer: DC=com; DC=example; DC=ant; CN=example.com Infosec CA G2
*    SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using NTLM with user 'username'
> PUT /11063/csv_import?op=add HTTP/1.1
> Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: connect.example.com
> Accept: */*
> Content-Length: 0
> Expect: 100-continue
> 
< HTTP/1.1 401 Authorization Required
< Date: Fri, 29 Mar 2013 03:47:00 GMT
< Server: Server
< WWW-Authenticate: Basic realm="ANT (Windows) Login"
< Content-Length: 401
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

I replaced example where my actual domain is and I'm most certainly using the right username/pw for my domain.

Daniel Antonio Nuñez Carhuayo · Answer 1 · 2014-01-29T23:46:11.370

52

You try this

If you have a page hosted in IIS and that work with NTLM then you should put:

(for example at Sharepoint page)

curl http://enterprisesharepoint -v --ntlm --negotiate -u USER123:PASSWORD123

It's work fine for me and you can see the headers message

--Edit--

if you put negotiate, this give the local account and log in with the server, if a user name and password are incorrect, that's no matter because negotiate do automatic autentication with windows account for the user local loged. If you don't like this behavior, you should be put only ntlm for correct ntlm login.

edited Jan 29 '14 at 23:46

answered Jan 29 '14 at 15:10

Daniel Antonio Nuñez Carhuayo

1,843
2
21
21

4

Removing "--negotiate" made it work for me. (to an ADFS integrated-windows-login end-point, authenticating to the Windows domain) – Curtis Yallop Dec 15 '17 at 19:36
You may remove :PASSWORD123 so that you don't have to type it in plain text. If removed, you will be prompted for the same. – Jithin Pavithran Apr 02 '20 at 06:38
Commonly yes, but assure of use https because in both cases the "challenge" will be send in text plain – Daniel Antonio Nuñez Carhuayo Apr 07 '20 at 17:37
1

Worked as is with no issues. Thanks Daniel. – z atef Sep 18 '20 at 20:50

score 20 · Accepted Answer · edited Jul 08 '15 at 15:49

20

The following works

curl -X POST -k -v --ntlm --negotiate -u usernamehere -F "csv=@pt_update.csv" -F "op=add" "https://google.com/csv_import"

edited Jul 08 '15 at 15:49

Luís Cruz

14,780
16
68
100

answered Apr 02 '13 at 21:52

Juddles

747
1
7
12

74

You should consider explaining *why* it works. People in a similar situation will have no clue what part was wrong. – andsens Sep 20 '13 at 10:42
2

Note that posters themselves might not know _why_ a solution works. It may be something they've found on the internet or through trial and error. Instead of complaining, you might want to appreciate that they took the time to try to help. Judging from the checkmark, it was valuable at least to OP. – aioobe Mar 29 '23 at 06:34
@aioobe 74 upvotes on comment lets me know a bit more information would have been helpful. Teaching users to give better answers is not judging, but you comment sure is. – FreeSoftwareServers Aug 24 '23 at 18:05

Using curl with NTLM auth to make a post is failing

2 Answers2

Linked