Hi Susam, I managed to do some better tests. I wrote a test app based on httpclient 3.1 to try figure out what's going on.
The app doesn't indeed auth through ntlm giving the same error. I forced the client to authenticate through Digest by excluding ntlm: List authPrefs = new ArrayList(2); authPrefs.add(AuthPolicy.DIGEST); authPrefs.add(AuthPolicy.BASIC); client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs); client.getState().setCredentials(AuthScope.ANY, defaultcreds); I checked the httpclient plugin code and realized that the only Credentials used there are NTCredentials. I don't understand the rationale behind the code: If i set the default scheme to Digest, it should not go through the ntlm,digest,basic chain as it does now. Could you explain please what's happening in the code? On 12/22/10 5:04 PM, Claudio Martella wrote: > Hi, > > I finally managed to get the logs out of httpclient. > > I attach the fresh hadoop.log. I believe here's the important part: > > 307 2010-12-22 16:58:30,115 DEBUG wire.header - << "Content-Length: > 1656[\r][\n]" > 308 2010-12-22 16:58:30,115 DEBUG wire.header - << "Content-Type: > text/html[\r][\n]" > 309 2010-12-22 16:58:30,115 DEBUG wire.header - << "Server: > Microsoft-IIS/6.0[\r][\n]" > 310 2010-12-22 16:58:30,115 DEBUG wire.header - << "WWW-Authenticate: > Negotiate[\r][\n]" > 311 2010-12-22 16:58:30,115 DEBUG wire.header - << "WWW-Authenticate: > NTLM[\r][\n]" > 312 2010-12-22 16:58:30,116 DEBUG wire.header - << "WWW-Authenticate: > Digest > qop="auth",algorithm=MD5-sess,nonce="+Upgraded+v1df768737f223ab92fea80a15 > > f1a1cb01b36de2a160917560fef25e974a2f927e3b48f6089202543684b20c887f3962bd",charset=utf-8,realm="Digest"[\r][\n]" > 313 2010-12-22 16:58:30,116 DEBUG wire.header - << "WWW-Authenticate: > Basic realm="192.168.10.210"[\r][\n]" > 314 2010-12-22 16:58:30,116 DEBUG wire.header - << "X-Powered-By: > ASP.NET[\r][\n]" 315 2010-12-22 16:58:30,116 DEBUG wire.header - << > "Date: Wed, 22 Dec 2010 15:58:32 GMT[\r][\n]" > 316 2010-12-22 16:58:30,116 DEBUG wire.header - << "Connection: > close[\r][\n]" > 317 2010-12-22 16:58:30,116 DEBUG wire.header - << "[\r][\n]" > 318 2010-12-22 16:58:30,117 DEBUG httpclient.HttpMethodDirector - > Authorization required > 319 2010-12-22 16:58:30,124 DEBUG auth.AuthChallengeProcessor - > Supported authentication schemes in the order of preference: [ntlm, > digest, basic] > 320 2010-12-22 16:58:30,125 INFO auth.AuthChallengeProcessor - ntlm > authentication scheme selected > 321 2010-12-22 16:58:30,125 DEBUG auth.AuthChallengeProcessor - Using > authentication scheme: ntlm > 322 2010-12-22 16:58:30,125 DEBUG auth.AuthChallengeProcessor - > Authorization challenge processed > 323 2010-12-22 16:58:30,125 DEBUG httpclient.HttpMethodDirector - > Authentication scope: NTLM <any realm>@192.168.10.210:8090 > 324 2010-12-22 16:58:30,125 DEBUG httpclient.HttpMethodDirector - Retry > authentication > ... > 37 2010-12-22 16:58:30,126 DEBUG wire.content - << "<h1>You are not > authorized to view this page</h1>[\r][\n]" > 338 2010-12-22 16:58:30,126 DEBUG wire.content - << "You do not have > permission to view this directory or page using the credentials that you > supplied because your Web browser is sending a WWW-Authenticate > header field that the Web server is not configured to accept.[\r][\n]" > 339 2010-12-22 16:58:30,126 DEBUG wire.content - << "<hr>[\r][\n]" > 340 2010-12-22 16:58:30,126 DEBUG wire.content - << "<p>Please try the > following:</p>[\r][\n]" > 341 2010-12-22 16:58:30,127 DEBUG wire.content - << "<ul>[\r][\n]" > 342 2010-12-22 16:58:30,127 DEBUG wire.content - << "<li>Contact the > Web site administrator if you believe you should be able to view this > directory o r page.</li>[\r][\n]" > > what do you think? > > > > > On 12/16/10 6:06 AM, Susam Pal wrote: >> Do you have the following lines in your conf/log4j.properties file? >> >> log4j.logger.org.apache.nutch.protocol.httpclient=DEBUG,cmdstdout >> log4j.logger.org.apache.commons.httpclient.auth=DEBUG,cmdstdout >> >> We need to enable the DEBUG logs for httpclient in this manner. Could >> you please do this and send me a new hadoop.log file? >> >> Regards, >> Susam Pal >> >> On Thu, Dec 16, 2010 at 5:14 AM, Claudio Martella >> <[email protected]> wrote: >>> Hi susam, >>> >>> i attach here a tar.gz of my hadoop.log, nutch-site.xml and >>> httpclient-auth.xml. >>> >>> On 12/15/10 6:21 PM, Susam Pal wrote: >>>> Could you please set the scheme to "NTLM" and realm to your domain? For >>>> example, if you log into your Windows network as: EXAMPLE\admin, your realm >>>> would be "EXAMPLE". >>>> >>>> It would help if you delete any existing hadoop.log file, perform a fresh >>>> crawl and attach the complete hadoop.log file so that we can have a look at >>>> the complete log file ourselves. >>>> >>>> Regards, >>>> Susam Pal >>>> >>>> On Wed, Dec 15, 2010 at 10:47 PM, Claudio Martella < >>>> [email protected]> wrote: >>>> >>>>> Hi Susam, >>>>> >>>>> thanks for your answer. >>>>> >>>>> 1) yes I've overridden the plugin.includes property and added the >>>>> protocol-httpclient >>>>> 2) doesn't apply to me >>>>> 3) I have configured httpclient-auth.xml like in my last email. >>>>> 4) Yes, the page is fetched >>>>> 5) The only thing i see in the logs is the thing i pasted. There's no >>>>> "Credentials - username ... set". This is tricky. >>>>> 6) I saw what I showed in the last email about the selected credentials. >>>>> >>>>> even if the webserver was expecting ntlm, why wouldn't it authenticate >>>>> anyways? >>>>> >>>>> On 12/15/10 6:06 PM, Susam Pal wrote: >>>>>> From the logs, it looks like your server requires NTLM authentication. >>>>> Could >>>>>> you please go through the "Need Help?" section of >>>>>> http://wiki.apache.org/nutch/HttpAuthenticationSchemes and provide all >>>>> the >>>>>> information requested there? >>>>>> >>>>>> Regards, >>>>>> Susam Pal >>>>>> >>>>>> On Wed, Dec 15, 2010 at 10:30 PM, Claudio Martella < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hello list, >>>>>>> >>>>>>> I'm trying to crawl an intranet site which is behind authentication. The >>>>>>> webserver is behind Digest authentication. >>>>>>> My plugin.includes has the protocol-httpclient specified and I have >>>>>>> httpclient-auth.xml set like this: >>>>>>> >>>>>>> <auth-configuration> >>>>>>> <credentials username="user" password="password"> >>>>>>> <default scheme="digest"/> >>>>>>> </credentials> >>>>>>> </auth-configuration> >>>>>>> >>>>>>> I've also tried without specifying the scheme. Here's what comes out of >>>>>>> the httpclient logs: >>>>>>> >>>>>>> Supported authentication schemes in the order of preference: [ntlm, >>>>>>> digest, basic] >>>>>>> ntlm authentication scheme selected >>>>>>> Using authentication scheme: ntlm >>>>>>> Authorization challenge processed >>>>>>> Supported authentication schemes in the order of preference: [ntlm, >>>>>>> digest, basic] >>>>>>> ntlm authentication scheme selected >>>>>>> Using authentication scheme: ntlm >>>>>>> Authorization challenge processed >>>>>>> >>>>>>> Here's a like from hadoop.log >>>>>>> >>>>>>> 2010-12-15 17:51:29,853 INFO httpclient.HttpMethodDirector - No >>>>>>> credentials available for NTLM <any realm>@192.168.10.210:8090 >>>>>>> >>>>>>> I've also tried an <authscope host="192.168.10.210" port="8090" >>>>>>> scheme="digest"/> but nothings changes. >>>>>>> >>>>>>> Does anybody have an idea of what's going on? I'm using nutch 1.2 in >>>>>>> standalone mode. >>>>>>> >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> -- >>>>>>> Claudio Martella >>>>>>> Digital Technologies >>>>>>> Unit Research & Development - Analyst >>>>>>> >>>>>>> TIS innovation park >>>>>>> Via Siemens 19 | Siemensstr. 19 >>>>>>> 39100 Bolzano | 39100 Bozen >>>>>>> Tel. +39 0471 068 123 >>>>>>> Fax +39 0471 068 129 >>>>>>> [email protected] http://www.tis.bz.it >>>>>>> >>>>>>> Short information regarding use of personal data. According to Section >>>>> 13 >>>>>>> of Italian Legislative Decree no. 196 of 30 June 2003, we inform you >>>>> that we >>>>>>> process your personal data in order to fulfil contractual and fiscal >>>>>>> obligations and also to send you information regarding our services and >>>>>>> events. Your personal data are processed with and without electronic >>>>> means >>>>>>> and by respecting data subjects' rights, fundamental freedoms and >>>>> dignity, >>>>>>> particularly with regard to confidentiality, personal identity and the >>>>> right >>>>>>> to personal data protection. At any time and without formalities you can >>>>>>> write an e-mail to [email protected] in order to object the processing >>>>> of >>>>>>> your personal data for the purpose of sending advertising materials and >>>>> also >>>>>>> to exercise the right to access personal data and other rights referred >>>>> to >>>>>>> in Section 7 of Decree 196/2003. The data controller is TIS Techno >>>>>>> Innovation Alto Adige, Siemens Street n. 19, Bolzano. You can find the >>>>>>> complete information on the web site www.tis.bz.it. >>>>>>> >>>>>>> >>>>>>> >>>>> -- >>>>> Claudio Martella >>>>> Digital Technologies >>>>> Unit Research & Development - Analyst >>>>> >>>>> TIS innovation park >>>>> Via Siemens 19 | Siemensstr. 19 >>>>> 39100 Bolzano | 39100 Bozen >>>>> Tel. +39 0471 068 123 >>>>> Fax +39 0471 068 129 >>>>> [email protected] http://www.tis.bz.it >>>>> >>>>> Short information regarding use of personal data. According to Section 13 >>>>> of Italian Legislative Decree no. 196 of 30 June 2003, we inform you that >>>>> we >>>>> process your personal data in order to fulfil contractual and fiscal >>>>> obligations and also to send you information regarding our services and >>>>> events. Your personal data are processed with and without electronic means >>>>> and by respecting data subjects' rights, fundamental freedoms and dignity, >>>>> particularly with regard to confidentiality, personal identity and the >>>>> right >>>>> to personal data protection. At any time and without formalities you can >>>>> write an e-mail to [email protected] in order to object the processing of >>>>> your personal data for the purpose of sending advertising materials and >>>>> also >>>>> to exercise the right to access personal data and other rights referred to >>>>> in Section 7 of Decree 196/2003. The data controller is TIS Techno >>>>> Innovation Alto Adige, Siemens Street n. 19, Bolzano. You can find the >>>>> complete information on the web site www.tis.bz.it. >>>>> >>>>> >>>>> >>> -- >>> Claudio Martella >>> Digital Technologies >>> Unit Research & Development - Analyst >>> >>> TIS innovation park >>> Via Siemens 19 | Siemensstr. 19 >>> 39100 Bolzano | 39100 Bozen >>> Tel. +39 0471 068 123 >>> Fax +39 0471 068 129 >>> [email protected] http://www.tis.bz.it >>> >>> Short information regarding use of personal data. According to Section 13 >>> of Italian Legislative Decree no. 196 of 30 June 2003, we inform you that >>> we process your personal data in order to fulfil contractual and fiscal >>> obligations and also to send you information regarding our services and >>> events. Your personal data are processed with and without electronic means >>> and by respecting data subjects' rights, fundamental freedoms and dignity, >>> particularly with regard to confidentiality, personal identity and the >>> right to personal data protection. At any time and without formalities you >>> can write an e-mail to [email protected] in order to object the processing >>> of your personal data for the purpose of sending advertising materials and >>> also to exercise the right to access personal data and other rights >>> referred to in Section 7 of Decree 196/2003. The data controller is TIS >>> Techno Innovation Alto Adige, Siemens Street n. 19, Bolzano. You can find >>> the complete information on the web site www.tis.bz.it. >>> > -- Claudio Martella Digital Technologies Unit Research & Development - Analyst TIS innovation park Via Siemens 19 | Siemensstr. 19 39100 Bolzano | 39100 Bozen Tel. +39 0471 068 123 Fax +39 0471 068 129 [email protected] http://www.tis.bz.it Short information regarding use of personal data. According to Section 13 of Italian Legislative Decree no. 196 of 30 June 2003, we inform you that we process your personal data in order to fulfil contractual and fiscal obligations and also to send you information regarding our services and events. Your personal data are processed with and without electronic means and by respecting data subjects' rights, fundamental freedoms and dignity, particularly with regard to confidentiality, personal identity and the right to personal data protection. At any time and without formalities you can write an e-mail to [email protected] in order to object the processing of your personal data for the purpose of sending advertising materials and also to exercise the right to access personal data and other rights referred to in Section 7 of Decree 196/2003. The data controller is TIS Techno Innovation Alto Adige, Siemens Street n. 19, Bolzano. You can find the complete information on the web site www.tis.bz.it.
