从 RHEL 6.8 运行 git 1.7.1 通过 https 获取 401 未经授权的克隆 TFS 2017 git 回购
Getting 401 Unauthorized cloning TFS 2017 git repo over https from RHEL 6.8 running git 1.7.1
我最近从本地 TFS 2013 升级到 TFS 2017(更新 3)。作为升级/迁移到新服务器的一部分,我们从使用端口 8080 切换到端口 443 (https)。
我们有一台旧的 RHEL 6.8 机器,我们一直将其用作少量使用 Git 的 Java 项目的构建服务器。服务器是 运行 git 1.7.1(RHEL 6 附带),我们无法再克隆\拉取\推送 TFS 中托管的 Git 存储库。
仅供参考 - 我正在使用导出 GIT_CURL_VERBOSE=1 来加强日志记录。
我最初的问题是 Git 不信任来自我公司内部 CA 的证书。 (无法识别同行的证书颁发者)我通过将内部证书添加到我的 ca-bundle.crt.
来解决这个问题
解决了这个问题后,我现在收到一个 401 Unauthorized 错误,我无法弄清楚。只要提供 --ntlm 开关,我就可以使用 cURL 对完全相同的 URL 进行身份验证。 Git 似乎在使用 NTLM,但出于某种原因它拒绝工作。
-sh-4.1$ curl -k -u 'DOMAIN\username' --ntlm https://tfs.mycompany.com/tfs/TeamProjectCollection/TeamProjectName/_git/reponame/info/refs?service=git-upload-pack
Enter host password for user 'DOMAIN\username':
001e# service=git-upload-pack
000000a5d9f0c36ca42f5a65fc80bd39162b40b472e06c1b HEAD multi_ack thin-pack side-band side-band-64k no-progress multi_ack_detailed no-done shallow allow-tip-sha1-in-want
003fd9f0c36ca42f5a65fc80bd39162b40b472e06c1b refs/heads/master
0000
-sh-4.1$ curl -k -u 'DOMAIN\username' --ntlm https://tfs.mycompany.com/tfs/TeamProjectCollection/TeamProjectName/_git/reponame/info/refs
Enter host password for user 'DOMAIN\username':
d9f0c36ca42f5a65fc80bd39162b40b472e06c1b refs/heads/master
但是当尝试使用以下命令进行克隆时,我得到了 401。在使用 TFS 2013 升级之前,我们使用的是 http://DOMAIN\username@tfs.mycompany.com:8080 语法并且它正在运行。我记得我们必须为此打开 Basic Auth。但是,升级到 TFS 2017 后,无论是否启用基本身份验证,它都不再有效。
-sh-4.1$ git clone 'https://DOMAIN\username@tfs.mycompany.com/tfs/TeamProjectCollection/TeamProject/_git/reponame'
Initialized empty Git repository in /home/username/git/reponame/.git/
Password:
* Couldn't find host tfs.mycompany.com in the .netrc file; using defaults
* About to connect() to tfs.mycompany.com port 443 (#0)
* Trying 10.131.44.190... * Connected to tfs.mycompany.com (10.131.44.190) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /home/username/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=tfs.mycompany.com,OU=IT,O=Company Name,L=Chicago,ST=IL,C=US
* start date: Jun 05 18:12:59 2018 GMT
* expire date: Jun 04 18:12:59 2020 GMT
* common name: tfs.mycompany.com
* issuer: CN=MYCOMPANY-ADIssuingCA01,DC=ad,DC=mycompany,DC=org
> GET /tfs/TeamProjectCollection/TeamProject/_git/reponame/info/refs?service=git-upload-pack HTTP/1.1
User-Agent: git/1.7.1
Host: tfs.mycompany.com
Accept: */*
Pragma: no-cache
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/8.5
< X-TFS-ProcessId: 624831c6-b5e1-4f34-a100-404f077c0fbe
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< ActivityId: b38e342d-14ed-4c62-9718-a96c8d5fe14c
< X-TFS-Session: b38e342d-14ed-4c62-9718-a96c8d5fe14c
< X-VSS-E2EID: b38e342d-14ed-4c62-9718-a96c8d5fe14c
< X-FRAME-OPTIONS: SAMEORIGIN
< X-TFS-SoapException: %3c%3fxml+version%3d%221.0%22+encoding%3d%22utf-8%22%3f%3e%3csoap%3aEnvelope+xmlns%3asoap%3d%22http%3a%2f%2fwww.w3.org%2f2003%2f05%2fsoap-envelope%22%3e%3csoap%3aBody%3e%3csoap%3aFault%3e%3csoap%3aCode%3e%3csoap%3aValue%3esoap%3aReceiver%3c%2fsoap%3aValue%3e%3csoap%3aSubcode%3e%3csoap%3aValue%3eUnauthorizedRequestException%3c%2fsoap%3aValue%3e%3c%2fsoap%3aSubcode%3e%3c%2fsoap%3aCode%3e%3csoap%3aReason%3e%3csoap%3aText+xml%3alang%3d%22en%22%3eTF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.%3c%2fsoap%3aText%3e%3c%2fsoap%3aReason%3e%3c%2fsoap%3aFault%3e%3c%2fsoap%3aBody%3e%3c%2fsoap%3aEnvelope%3e
< X-TFS-ServiceError: TF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.
< WWW-Authenticate: Bearer
< WWW-Authenticate: Basic realm="https://tfs.mycompany.com/tfs"
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Powered-By: ASP.NET
< P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
< Lfs-Authenticate: NTLM
< X-Content-Type-Options: nosniff
< Date: Tue, 19 Jun 2018 15:21:16 GMT
< Content-Length: 20181
<
* Ignoring the response-body
* Connection #0 to host tfs.mycompany.com left intact
* Issue another request to this URL: 'https://DOMAIN\username@tfs.mycompany.com/tfs/TeamProjectCollection/TeamProject/_git/reponame/info/refs?service=git-upload-pack'
* Couldn't find host tfs.mycompany.com in the .netrc file; using defaults
* Re-using existing connection! (#0) with host tfs.mycompany.com
* Connected to tfs.mycompany.com (10.131.44.190) port 443 (#0)
> GET /tfs/TeamProjectCollection/TeamProject/_git/reponame/info/refs?service=git-upload-pack HTTP/1.1
User-Agent: git/1.7.1
Host: tfs.mycompany.com
Accept: */*
Pragma: no-cache
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/8.5
< X-TFS-ProcessId: 624831c6-b5e1-4f34-a100-404f077c0fbe
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< ActivityId: b38e34c0-14ed-4c62-9718-a96c8d5fe14c
< X-TFS-Session: b38e34c0-14ed-4c62-9718-a96c8d5fe14c
< X-VSS-E2EID: b38e34c0-14ed-4c62-9718-a96c8d5fe14c
< X-FRAME-OPTIONS: SAMEORIGIN
< X-TFS-SoapException: %3c%3fxml+version%3d%221.0%22+encoding%3d%22utf-8%22%3f%3e%3csoap%3aEnvelope+xmlns%3asoap%3d%22http%3a%2f%2fwww.w3.org%2f2003%2f05%2fsoap-envelope%22%3e%3csoap%3aBody%3e%3csoap%3aFault%3e%3csoap%3aCode%3e%3csoap%3aValue%3esoap%3aReceiver%3c%2fsoap%3aValue%3e%3csoap%3aSubcode%3e%3csoap%3aValue%3eUnauthorizedRequestException%3c%2fsoap%3aValue%3e%3c%2fsoap%3aSubcode%3e%3c%2fsoap%3aCode%3e%3csoap%3aReason%3e%3csoap%3aText+xml%3alang%3d%22en%22%3eTF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.%3c%2fsoap%3aText%3e%3c%2fsoap%3aReason%3e%3c%2fsoap%3aFault%3e%3c%2fsoap%3aBody%3e%3c%2fsoap%3aEnvelope%3e
< X-TFS-ServiceError: TF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.
< WWW-Authenticate: Bearer
< WWW-Authenticate: Basic realm="https://tfs.mycompany.com/tfs"
* gss_init_sec_context() failed: : Server not found in Kerberos database< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Powered-By: ASP.NET
< P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
< Lfs-Authenticate: NTLM
< X-Content-Type-Options: nosniff
< Date: Tue, 19 Jun 2018 15:21:16 GMT
< Content-Length: 20181
* The requested URL returned error: 401
* Closing connection #0
* Couldn't find host tfs.mycompany.com in the .netrc file; using defaults
* About to connect() to tfs.mycompany.com port 443 (#0)
* Trying 10.131.44.190... * Connected to tfs.mycompany.com (10.131.44.190) port 443 (#0)
* CAfile: /home/username/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=tfs.mycompany.com,OU=IT,O=Company Name,L=Chicago,ST=IL,C=US
* start date: Jun 05 18:12:59 2018 GMT
* expire date: Jun 04 18:12:59 2020 GMT
* common name: tfs.mycompany.com
* issuer: CN=MYCOMPANY-ADIssuingCA01,DC=ad,DC=mycompany,DC=org
> GET /tfs/TeamProjectCollection/TeamProject/_git/reponame/info/refs HTTP/1.1
User-Agent: git/1.7.1
Host: tfs.mycompany.com
Accept: */*
Pragma: no-cache
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/8.5
< X-TFS-ProcessId: 624831c6-b5e1-4f34-a100-404f077c0fbe
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< ActivityId: b38fcb66-14ed-4c62-9718-a96c8d5fe14c
< X-TFS-Session: b38fcb66-14ed-4c62-9718-a96c8d5fe14c
< X-VSS-E2EID: b38fcb66-14ed-4c62-9718-a96c8d5fe14c
< X-FRAME-OPTIONS: SAMEORIGIN
< X-TFS-SoapException: %3c%3fxml+version%3d%221.0%22+encoding%3d%22utf-8%22%3f%3e%3csoap%3aEnvelope+xmlns%3asoap%3d%22http%3a%2f%2fwww.w3.org%2f2003%2f05%2fsoap-envelope%22%3e%3csoap%3aBody%3e%3csoap%3aFault%3e%3csoap%3aCode%3e%3csoap%3aValue%3esoap%3aReceiver%3c%2fsoap%3aValue%3e%3csoap%3aSubcode%3e%3csoap%3aValue%3eUnauthorizedRequestException%3c%2fsoap%3aValue%3e%3c%2fsoap%3aSubcode%3e%3c%2fsoap%3aCode%3e%3csoap%3aReason%3e%3csoap%3aText+xml%3alang%3d%22en%22%3eTF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.%3c%2fsoap%3aText%3e%3c%2fsoap%3aReason%3e%3c%2fsoap%3aFault%3e%3c%2fsoap%3aBody%3e%3c%2fsoap%3aEnvelope%3e
< X-TFS-ServiceError: TF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.
< WWW-Authenticate: Bearer
< WWW-Authenticate: Basic realm="https://tfs.mycompany.com/tfs"
* gss_init_sec_context() failed: : Server not found in Kerberos database< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Powered-By: ASP.NET
< P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
< Lfs-Authenticate: NTLM
< X-Content-Type-Options: nosniff
< Date: Tue, 19 Jun 2018 15:21:16 GMT
< Content-Length: 20153
* The requested URL returned error: 401
* Closing connection #0
error: The requested URL returned error: 401 while accessing https://DOMAIN\username@tfs.mycompany.com/tfs/TeamProjectCollection/TeamProject/_git/reponame/info/refs
fatal: HTTP request failed
我将让我们的 linux 管理员升级此服务器上 Git 的版本,因为我知道它真的已经过时了。我希望这会解决这个问题...但除此之外,我基本上陷入了这个问题并且不知道如何解决它。
这个问题的解决方案是通过 Yum 从授权的 RHEL 发行版升级 Git 到最新版本。 Git 1.7.1 无法通过 HTTPS 与 TFS git repos 通信,即使我们将内部根证书添加到 ca-bundle.crt.
我最近从本地 TFS 2013 升级到 TFS 2017(更新 3)。作为升级/迁移到新服务器的一部分,我们从使用端口 8080 切换到端口 443 (https)。
我们有一台旧的 RHEL 6.8 机器,我们一直将其用作少量使用 Git 的 Java 项目的构建服务器。服务器是 运行 git 1.7.1(RHEL 6 附带),我们无法再克隆\拉取\推送 TFS 中托管的 Git 存储库。
仅供参考 - 我正在使用导出 GIT_CURL_VERBOSE=1 来加强日志记录。
我最初的问题是 Git 不信任来自我公司内部 CA 的证书。 (无法识别同行的证书颁发者)我通过将内部证书添加到我的 ca-bundle.crt.
来解决这个问题解决了这个问题后,我现在收到一个 401 Unauthorized 错误,我无法弄清楚。只要提供 --ntlm 开关,我就可以使用 cURL 对完全相同的 URL 进行身份验证。 Git 似乎在使用 NTLM,但出于某种原因它拒绝工作。
-sh-4.1$ curl -k -u 'DOMAIN\username' --ntlm https://tfs.mycompany.com/tfs/TeamProjectCollection/TeamProjectName/_git/reponame/info/refs?service=git-upload-pack
Enter host password for user 'DOMAIN\username':
001e# service=git-upload-pack
000000a5d9f0c36ca42f5a65fc80bd39162b40b472e06c1b HEAD multi_ack thin-pack side-band side-band-64k no-progress multi_ack_detailed no-done shallow allow-tip-sha1-in-want
003fd9f0c36ca42f5a65fc80bd39162b40b472e06c1b refs/heads/master
0000
-sh-4.1$ curl -k -u 'DOMAIN\username' --ntlm https://tfs.mycompany.com/tfs/TeamProjectCollection/TeamProjectName/_git/reponame/info/refs
Enter host password for user 'DOMAIN\username':
d9f0c36ca42f5a65fc80bd39162b40b472e06c1b refs/heads/master
但是当尝试使用以下命令进行克隆时,我得到了 401。在使用 TFS 2013 升级之前,我们使用的是 http://DOMAIN\username@tfs.mycompany.com:8080 语法并且它正在运行。我记得我们必须为此打开 Basic Auth。但是,升级到 TFS 2017 后,无论是否启用基本身份验证,它都不再有效。
-sh-4.1$ git clone 'https://DOMAIN\username@tfs.mycompany.com/tfs/TeamProjectCollection/TeamProject/_git/reponame'
Initialized empty Git repository in /home/username/git/reponame/.git/
Password:
* Couldn't find host tfs.mycompany.com in the .netrc file; using defaults
* About to connect() to tfs.mycompany.com port 443 (#0)
* Trying 10.131.44.190... * Connected to tfs.mycompany.com (10.131.44.190) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /home/username/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=tfs.mycompany.com,OU=IT,O=Company Name,L=Chicago,ST=IL,C=US
* start date: Jun 05 18:12:59 2018 GMT
* expire date: Jun 04 18:12:59 2020 GMT
* common name: tfs.mycompany.com
* issuer: CN=MYCOMPANY-ADIssuingCA01,DC=ad,DC=mycompany,DC=org
> GET /tfs/TeamProjectCollection/TeamProject/_git/reponame/info/refs?service=git-upload-pack HTTP/1.1
User-Agent: git/1.7.1
Host: tfs.mycompany.com
Accept: */*
Pragma: no-cache
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/8.5
< X-TFS-ProcessId: 624831c6-b5e1-4f34-a100-404f077c0fbe
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< ActivityId: b38e342d-14ed-4c62-9718-a96c8d5fe14c
< X-TFS-Session: b38e342d-14ed-4c62-9718-a96c8d5fe14c
< X-VSS-E2EID: b38e342d-14ed-4c62-9718-a96c8d5fe14c
< X-FRAME-OPTIONS: SAMEORIGIN
< X-TFS-SoapException: %3c%3fxml+version%3d%221.0%22+encoding%3d%22utf-8%22%3f%3e%3csoap%3aEnvelope+xmlns%3asoap%3d%22http%3a%2f%2fwww.w3.org%2f2003%2f05%2fsoap-envelope%22%3e%3csoap%3aBody%3e%3csoap%3aFault%3e%3csoap%3aCode%3e%3csoap%3aValue%3esoap%3aReceiver%3c%2fsoap%3aValue%3e%3csoap%3aSubcode%3e%3csoap%3aValue%3eUnauthorizedRequestException%3c%2fsoap%3aValue%3e%3c%2fsoap%3aSubcode%3e%3c%2fsoap%3aCode%3e%3csoap%3aReason%3e%3csoap%3aText+xml%3alang%3d%22en%22%3eTF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.%3c%2fsoap%3aText%3e%3c%2fsoap%3aReason%3e%3c%2fsoap%3aFault%3e%3c%2fsoap%3aBody%3e%3c%2fsoap%3aEnvelope%3e
< X-TFS-ServiceError: TF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.
< WWW-Authenticate: Bearer
< WWW-Authenticate: Basic realm="https://tfs.mycompany.com/tfs"
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Powered-By: ASP.NET
< P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
< Lfs-Authenticate: NTLM
< X-Content-Type-Options: nosniff
< Date: Tue, 19 Jun 2018 15:21:16 GMT
< Content-Length: 20181
<
* Ignoring the response-body
* Connection #0 to host tfs.mycompany.com left intact
* Issue another request to this URL: 'https://DOMAIN\username@tfs.mycompany.com/tfs/TeamProjectCollection/TeamProject/_git/reponame/info/refs?service=git-upload-pack'
* Couldn't find host tfs.mycompany.com in the .netrc file; using defaults
* Re-using existing connection! (#0) with host tfs.mycompany.com
* Connected to tfs.mycompany.com (10.131.44.190) port 443 (#0)
> GET /tfs/TeamProjectCollection/TeamProject/_git/reponame/info/refs?service=git-upload-pack HTTP/1.1
User-Agent: git/1.7.1
Host: tfs.mycompany.com
Accept: */*
Pragma: no-cache
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/8.5
< X-TFS-ProcessId: 624831c6-b5e1-4f34-a100-404f077c0fbe
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< ActivityId: b38e34c0-14ed-4c62-9718-a96c8d5fe14c
< X-TFS-Session: b38e34c0-14ed-4c62-9718-a96c8d5fe14c
< X-VSS-E2EID: b38e34c0-14ed-4c62-9718-a96c8d5fe14c
< X-FRAME-OPTIONS: SAMEORIGIN
< X-TFS-SoapException: %3c%3fxml+version%3d%221.0%22+encoding%3d%22utf-8%22%3f%3e%3csoap%3aEnvelope+xmlns%3asoap%3d%22http%3a%2f%2fwww.w3.org%2f2003%2f05%2fsoap-envelope%22%3e%3csoap%3aBody%3e%3csoap%3aFault%3e%3csoap%3aCode%3e%3csoap%3aValue%3esoap%3aReceiver%3c%2fsoap%3aValue%3e%3csoap%3aSubcode%3e%3csoap%3aValue%3eUnauthorizedRequestException%3c%2fsoap%3aValue%3e%3c%2fsoap%3aSubcode%3e%3c%2fsoap%3aCode%3e%3csoap%3aReason%3e%3csoap%3aText+xml%3alang%3d%22en%22%3eTF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.%3c%2fsoap%3aText%3e%3c%2fsoap%3aReason%3e%3c%2fsoap%3aFault%3e%3c%2fsoap%3aBody%3e%3c%2fsoap%3aEnvelope%3e
< X-TFS-ServiceError: TF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.
< WWW-Authenticate: Bearer
< WWW-Authenticate: Basic realm="https://tfs.mycompany.com/tfs"
* gss_init_sec_context() failed: : Server not found in Kerberos database< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Powered-By: ASP.NET
< P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
< Lfs-Authenticate: NTLM
< X-Content-Type-Options: nosniff
< Date: Tue, 19 Jun 2018 15:21:16 GMT
< Content-Length: 20181
* The requested URL returned error: 401
* Closing connection #0
* Couldn't find host tfs.mycompany.com in the .netrc file; using defaults
* About to connect() to tfs.mycompany.com port 443 (#0)
* Trying 10.131.44.190... * Connected to tfs.mycompany.com (10.131.44.190) port 443 (#0)
* CAfile: /home/username/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=tfs.mycompany.com,OU=IT,O=Company Name,L=Chicago,ST=IL,C=US
* start date: Jun 05 18:12:59 2018 GMT
* expire date: Jun 04 18:12:59 2020 GMT
* common name: tfs.mycompany.com
* issuer: CN=MYCOMPANY-ADIssuingCA01,DC=ad,DC=mycompany,DC=org
> GET /tfs/TeamProjectCollection/TeamProject/_git/reponame/info/refs HTTP/1.1
User-Agent: git/1.7.1
Host: tfs.mycompany.com
Accept: */*
Pragma: no-cache
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/8.5
< X-TFS-ProcessId: 624831c6-b5e1-4f34-a100-404f077c0fbe
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< ActivityId: b38fcb66-14ed-4c62-9718-a96c8d5fe14c
< X-TFS-Session: b38fcb66-14ed-4c62-9718-a96c8d5fe14c
< X-VSS-E2EID: b38fcb66-14ed-4c62-9718-a96c8d5fe14c
< X-FRAME-OPTIONS: SAMEORIGIN
< X-TFS-SoapException: %3c%3fxml+version%3d%221.0%22+encoding%3d%22utf-8%22%3f%3e%3csoap%3aEnvelope+xmlns%3asoap%3d%22http%3a%2f%2fwww.w3.org%2f2003%2f05%2fsoap-envelope%22%3e%3csoap%3aBody%3e%3csoap%3aFault%3e%3csoap%3aCode%3e%3csoap%3aValue%3esoap%3aReceiver%3c%2fsoap%3aValue%3e%3csoap%3aSubcode%3e%3csoap%3aValue%3eUnauthorizedRequestException%3c%2fsoap%3aValue%3e%3c%2fsoap%3aSubcode%3e%3c%2fsoap%3aCode%3e%3csoap%3aReason%3e%3csoap%3aText+xml%3alang%3d%22en%22%3eTF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.%3c%2fsoap%3aText%3e%3c%2fsoap%3aReason%3e%3c%2fsoap%3aFault%3e%3c%2fsoap%3aBody%3e%3c%2fsoap%3aEnvelope%3e
< X-TFS-ServiceError: TF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.
< WWW-Authenticate: Bearer
< WWW-Authenticate: Basic realm="https://tfs.mycompany.com/tfs"
* gss_init_sec_context() failed: : Server not found in Kerberos database< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Powered-By: ASP.NET
< P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
< Lfs-Authenticate: NTLM
< X-Content-Type-Options: nosniff
< Date: Tue, 19 Jun 2018 15:21:16 GMT
< Content-Length: 20153
* The requested URL returned error: 401
* Closing connection #0
error: The requested URL returned error: 401 while accessing https://DOMAIN\username@tfs.mycompany.com/tfs/TeamProjectCollection/TeamProject/_git/reponame/info/refs
fatal: HTTP request failed
我将让我们的 linux 管理员升级此服务器上 Git 的版本,因为我知道它真的已经过时了。我希望这会解决这个问题...但除此之外,我基本上陷入了这个问题并且不知道如何解决它。
这个问题的解决方案是通过 Yum 从授权的 RHEL 发行版升级 Git 到最新版本。 Git 1.7.1 无法通过 HTTPS 与 TFS git repos 通信,即使我们将内部根证书添加到 ca-bundle.crt.