Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-7784

HTTP Check based on NTLM authentication doesn't support challenge authentication (like: negotiate -> fallback -> ntlm) and only first 401 is catched

XMLWordPrintable

    • Icon: Incident report Incident report
    • Resolution: Won't fix
    • Icon: Critical Critical
    • None
    • 2.0.10
    • Proxy (P), Server (S)
    • curl 7.15.3 (x86_64-unknown-linux-gnu) libcurl/7.15.3 OpenSSL/0.9.8w
      Protocols: tftp ftp telnet dict ldap http file https ftps
      Features: GSS-Negotiate Largefile NTLM SSL

      Zabbix http test doesn't works against web server with challenge authentication enabled (all modern sharepoint site). Web Server ask for negotiate authentication, rise a 401 then fallback with ntlm authentication. Zabbix catch only first 401 and exit.

      Test login with curl via command line works fine. Check the curl challenge authentication:

      • About to connect() to sharepoint.domain.com port 80
      • Trying 192.168.10.22... connected
      • Connected to sharepoint.domain.com (192.168.10.22) port 80
      • Server auth using NTLM with user 'domain\zabbixusr'
        > GET /default.aspx HTTP/1.1
        > Authorization: NTLM TlRMTVNTUAABAAAAAgIAAAAAAAAgAAAAAAAAACAAAAA=
        > User-Agent: curl/7.15.3 (x86_64-unknown-linux-gnu) libcurl/7.15.3 OpenSSL/0.9.8w
        > Host: sharepoint.domain.com
        > Accept: /
        >
        < HTTP/1.1 401 Unauthorized
        < Server: Microsoft-IIS/7.5
        < SPRequestGuid: ba4974ab-5d3c-4d7f-960f-9463784ea074
        < WWW-Authenticate: NTLM TlRMTVNTUAACAAAABwAHADgAAAAGAoECkPi1LQAnQhAAAAAAAAAAAJ4AngA/AAAABgGxHQAAAA9DUklGTkVUAgAOAEMAUgBJAEYATgBFAFQAAQAUAFMAUABJAE4AVABQAFIARAAwADEABAAWAGMAcgBpAGYAbgBlAHQALgBjAG8AbQADACwAUwBQAEkATgBUAFAAUgBEADAAMQAuAGMAcgBpAGYAbgBlAHQALgBjAG8AbQAFABYAYwByAGkAZgBuAGUAdAAuAGMAbwBtAAcACADGSKUCfybPAQAAAAA=
        < WWW-Authenticate: Negotiate
        < X-Powered-By: ASP.NET
        < MicrosoftSharePointTeamServices: 14.0.0.6123
        < X-MS-InvokeApp: 1; RequireReadOnly
        < Date: Mon, 10 Feb 2014 16:41:56 GMT
        < Content-Length: 0
      • Connection #0 to host sharepoint.domain.com left intact
      • Issue another request to this URL: 'http://sharepoint.domain.com/default.aspx'
      • Re-using existing connection! (#0) with host sharepoint.domain.com
      • Connected to sharepoint.domain.com (192.168.10.22) port 80
      • Server auth using NTLM with user 'domain\zabbixusr'
        > GET /default.aspx HTTP/1.1
        > Authorization: NTLM TlRMTVNTUAADAAAAGAAYAFcAAAAYABgAbwAAAAcABwBAAAAAEAAQAEcAAAAAAAAAVwAAAAAAAACHAAAAAYIAAGNyaWZuZXR6YWJiaXh1c3JjcmlmbmV03y3hJz8rHzE31htWl6cezJ9JlW0mUjbIIAhzvteHruuyzJaKFpjlKrA309j5xHsL
        > User-Agent: curl/7.15.3 (x86_64-unknown-linux-gnu) libcurl/7.15.3 OpenSSL/0.9.8w
        > Host: sharepoint.domain.com
        > Accept: /
        >
        < HTTP/1.1 200 OK
        < Cache-Control: private, max-age=0
        < Content-Type: text/html; charset=utf-8
        < Expires: Sun, 26 Jan 2014 16:41:56 GMT
        < Last-Modified: Mon, 10 Feb 2014 16:41:56 GMT
        < Server: Microsoft-IIS/7.5
        < SPRequestGuid: eae7adfe-d0f9-4116-8d48-b30e0e8eb6d8
        < X-SharePointHealthScore: 0
        < X-AspNet-Version: 2.0.50727
        < Set-Cookie: 6e9a6995ab344b25b19e0963e0c99a2ci%3A0%23%2Ew%7Cdomain%5Czabbixusr=0; expires=Tue, 11-Feb-2014 16:41:56 GMT; path=/; HttpOnly
        < Set-Cookie: WebAnalyticsSessionId2=b0cfd857-b0c6-4fec-9a29-346c8eb24acc; path=/
        < Persistent-Auth: true
        < X-Powered-By: ASP.NET
        < MicrosoftSharePointTeamServices: 14.0.0.6123
        < X-MS-InvokeApp: 1; RequireReadOnly
        < Date: Mon, 10 Feb 2014 16:41:56 GMT
        < Content-Length: 62504

            Unassigned Unassigned
            yayo yayo
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: