Hi all,
I've created a flexshare web and a dedicated user to access this share.
When I test using : https://[user]:[Password]@website/URL
It's OK on both Browser and postman
However when I call the same url : https://website/URL
and provide Autorization in header :
Autorization = Basic [user]:[Password]
I get a 401
When I look to ssl_error_log (with LogLevel set to Debug) I found :
[Sun Feb 14 14:41:27.379045 2021] [authnz_external:error] [pid 5998] [client 10.x.x.xx:62909] AuthExtern pwauth [/usr/bin/pwauth]: Failed (1) for user \xd7m
[Sun Feb 14 14:41:27.379105 2021] [auth_basic:error] [pid 5998] [client 10.x.x.xx:62909] AH01617: user : authentication failure for "/flexshare/yyyy/xxxx.pdf": Password Mismatch
so dispite the "password" is wrong it seams that the user is wrong too : \xd7m
How to fix that ?
As each time I look to apache basic auth it ends with the same answer : header => Autorization = Basic [User]:[Password]
I've tried with very simple user and password as 123:456 but I never get user 123 in the log....
I've created a flexshare web and a dedicated user to access this share.
When I test using : https://[user]:[Password]@website/URL
It's OK on both Browser and postman
However when I call the same url : https://website/URL
and provide Autorization in header :
Autorization = Basic [user]:[Password]
I get a 401
When I look to ssl_error_log (with LogLevel set to Debug) I found :
[Sun Feb 14 14:41:27.379045 2021] [authnz_external:error] [pid 5998] [client 10.x.x.xx:62909] AuthExtern pwauth [/usr/bin/pwauth]: Failed (1) for user \xd7m
[Sun Feb 14 14:41:27.379105 2021] [auth_basic:error] [pid 5998] [client 10.x.x.xx:62909] AH01617: user : authentication failure for "/flexshare/yyyy/xxxx.pdf": Password Mismatch
so dispite the "password" is wrong it seams that the user is wrong too : \xd7m
How to fix that ?
As each time I look to apache basic auth it ends with the same answer : header => Autorization = Basic [User]:[Password]
I've tried with very simple user and password as 123:456 but I never get user 123 in the log....
In Flexshare
Share this post:
Accepted Answer
Reading about it (roughly), if you use "Authorization:Basic", it looks like you need to base64 encode the userass. https://stackoverflow.com/questions/20803339/basic-authorization-command-for-curl
Responses (5)
-
Accepted Answer
-
Accepted Answer
So it looks like curl works setting an Authorization:Basic header. I have never used Postman and don't know how to. Can you try verifying with curl first?[root@server ~]# curl -H 'Authorization:Basic dGVzdDE6dGVzdDE=' https://testofhostnames.microserver.howitts.test -k
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
<h1>Index of /</h1>
<table>
<tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="/?C=N;O=D">Name</a></th><th><a href="/?C=M;O=A">Last modified</a></th><th><a href="/?C=S;O=A">Size</a></th><th><a href="/?C=D;O=A">Description</a></th></tr>
<tr><th colspan="5"><hr></th></tr>
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="/cgi-bin/">cgi-bin/</a> </td><td align="right">2017-09-26 19:32 </td><td align="right"> - </td><td></td></tr>
<tr><th colspan="5"><hr></th></tr>
</table>
</body></html>
-
Accepted Answer
Hi,
Thanks for the answers. I'll look to curl.
However I could understand an access error with bad password. Or Bad user as the encoded 64 is about the : in the Authorization Basic.
When I use Postman with an encode 64 (or not) I get failure while when I do use Authorization It fails.
What ever I use postman or other API request tools I get a failure
Could you test : https://test1:test1@testofhostnames.microserver.howitts.test/
It should be OK on a browser
And try with postman with Authorization = Basic test1:test1
or if you want to encode it : Basic dGVzdDE6dGVzdDE=
I'll have a look to the encoded field value. I guess I've missed somthing -
Accepted Answer
You can check with curl and this works:
Not a good test as the user and pass are the same, but it worked.[root@server ~]# curl --user test1:test1 https://testofhostnames.microserver.howitts.test -k
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
<h1>Index of /</h1>
<table>
<tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="/?C=N;O=D">Name</a></th><th><a href="/?C=M;O=A">Last modified</a></th><th><a href="/?C=S;O=A">Size</a></th><th><a href="/?C=D;O=A">Description</a></th></tr>
<tr><th colspan="5"><hr></th></tr>
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="/cgi-bin/">cgi-bin/</a> </td><td align="right">2017-09-26 19:32 </td><td align="right"> - </td><td></td></tr>
<tr><th colspan="5"><hr></th></tr>
</table>
</body></html>
-
Accepted Answer
My test one works for a basic login, but there is a bit of a but. The flexshare assumes the LAN domain, so, in the flexshare settings I see:
This is for a server on my LAN. Clearly in my case the domain is fictitious. If I change it to my own LAN domain, so:
Server URL https://microserver.howitts.test/flexshare/testofhostnames
Alternative Server URL https://testofhostnames.microserver.howitts.test
The first form works but the alternative form does not.
Server URL https://microserver.howitts..co.uk/flexshare/testofhostnames
Alternative Server URL https://testofhostnames.microserver.howitts.co.uk
I have no idea about putting an authorisation into a header. I have never done it before and I'm not sure how to even test. With a curl command?
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »