Linux client - windows (w2k3) server GSS negotiatefails

Venkatraman_S@Dell.com Venkatraman_S at Dell.com
Wed Dec 26 23:58:03 EST 2007


Hi,
	I have been working in the following project (openWSMAN),

I tried the following,
SLES 10 X86_64 Linux openwsman client ->winrm server using gss negotiate
but I get 401 error from the server side.


The connection between Linux server and windows client works fine using
GSS Negotiate.

The architecture is as follows,
1.OpenWSMAN uses curl for GSS-Negotiate.


The following steps were done,
1. Kinit with the windows box as the server was done.
2. A Kerberos ticket has also been generated.
3. Curl has been compiled with gss support.

Adding more information to the same,
I had debugged the curl code and found that the call stack was,

1. wsmc_action_enumerate (wsman-client.c:1379) calls 2.
wsman_send_request (wsman-client-transport.c:88) calls 3. wsmc_handler
(wsman-curl-client-transport.c:433) calls 4. curl_easy_getinfo  which
returns 401.


In case you want to see the openwsman code snippet, it is an open source
code, it is available in the following link,
http://sourceforge.net/project/showfiles.php?group_id=151841&package_id=
167997&release_id=553088



The client tries to connect to a windows box which is listening on a
https port (443).

If I try to make the server (winrm) listen on http port (80) I get an
authentication error.
It says that the password supplied is wrong.
But the password is wrong.


Attached find the request and response flow between the linux client and
the windows server(Windows 2003 server SP2)

Tips to interpret the attached file,

Writing data start & Writing data end -> printf before writing the
request on to the server socket in Curl_write function of sendf.c.

reading data start & reading data end -> printf before reading the
response from the server socket in Curl_read function of sendf.c. 

reading buffer data start: & reading buffer end -> read header info from
server socket in Curl_readwrite function of sendf.c:1475.

reading uploadbuffer data start & end -> reading the data sent from
server socket in Curl_readwrite function of sendf.c:1475.


I would like to know if someone has already tried this mechanism (Linux
client to windows server using GSS-Negotiate).
If yes, what is it that has to be done to enable negotiate between linux
and windows.

Venkat




More information about the Kerberos mailing list