[jcifs] Problems with certain clients using NTLM filter

eglass1 at comcast.net eglass1 at comcast.net
Tue Feb 17 12:44:42 GMT 2004 

The failing client appears to be set up to use NTLMv2 authentication; there
are two ways to fix this situation:

1) On the affected client, look at the registry value:

      HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel

   it's probably set to 3, 4, or 5.  Set it to 0, 1, or 2.  This setting is
   described in detail at:

      http://support.microsoft.com/default.aspx?scid=KB;en-us;239869

   Setting it to 0 or 1 will do LM/NTLM (version 1); 2 will just do NTLM.

2) Set the jCIFS property "jcifs.smb.lmCompatibility" to 3.  This will cause
   jCIFS to use LMv2 (which is kind of a "stripped down" NTLMv2).


Either of the above should allow the client to authenticate properly.


Eric
> I posted a problem I was having a while back authenticating at all with
> WinXP/IE6. Mike you started to help me track it down but I've been
> distracted by other work. I had a chance to do some more digging today
> and can confirm a couple of things. This is using 0.8.0b1, and the
> filter in web.xml using the following settings:
> 
>     <filter>
>         <filter-name>NTLM HTTP Authentication Filter</filter-name>
>  
> <filter-class>com.akirkpatrick.ontowiki.web.ActionFilter</filter-class>
> 
>         <init-param>
>             <param-name>jcifs.smb.client.domain</param-name>
>             <param-value>IOKO365</param-value>
>         </init-param>
> 
>         <init-param>
>             <param-name>jcifs.netbios.wins</param-name>
>             <param-value>x.x.x.x</param-value>
>         </init-param>
>     </filter>
> 
> (my ActionFilter is the same as the standard one just with more logging)
> 
> - Got someone else in our office with Win2k/IE5.5 and they couldn't
> authenticate
> 

> - Tested access from clean build Win2k/IE5.5 client and it authenticated
> fine
> 
> - Patched to Win2k SP4, still ok
> 
> - Installed IE6 (from Windows Update) plus all critical updates, still
> ok
> 
> - Tried on three other XP machines in office and all authenticated fine
> 
> I'm struggling to find a pattern in this...! I attach the following:
> 
> failure.libpcap
> 	Trace from a failed Win2k/IE5.5 conversation - displays login
> box, no attempt made to login
> 
> success.libpcap
> 	Trace from a successful conversation - displays homepage
> 
> Any help much appreciated, let me know if I can help with any more
> traces.
> 
> Best regards, Alfie.
> 
> ioko
> M: +44 (0) 7810 552466
> E: alfie.kirkpatrick at ioko.com
> 
>  
>

More information about the jcifs mailing list