[jcifs] Only the first login is successful
Michael B Allen
mba2000 at ioplex.com
Mon Dec 12 20:11:17 GMT 2005
Load balancing (and thus preauthentication) will only be used if the
jcifs.http.domainController is NOT specified.
An easier fix is probably to just change the code to perform
preauthentiction without load balancing. I *think* all you need to do
is apply the following changes to src/jcifs/smb/SmbSession.java:
--- SmbSession.java 2005-10-07 19:56:56.000000000 -0400
+++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
@@ -67,8 +67,7 @@
static long dc_list_expiration;
static int dc_list_counter;
- private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
- UniAddress dc = new UniAddress( addr );
+ private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
if (USERNAME == null) {
trans.connect();
@@ -108,7 +107,7 @@
int i = dc_list_counter++ % max;
if (dc_list[i] != null) {
try {
- return interrogate( dc_list[i] );
+ return interrogate( new UniAddress( dc_list[i] ));
} catch (SmbException se) {
if (SmbTransport.log.level > 1) {
SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
@@ -129,7 +128,7 @@
public static byte[] getChallenge( UniAddress dc )
throws SmbException, UnknownHostException {
- return getChallenge(dc, 0);
+ return interrogate( dc );
}
public static byte[] getChallenge( UniAddress dc, int port )
I don't know why this wasn't done in the first place. Just an oversight
I guess. It happends.
The patchfile is also attached. On unix systems (at least) you can apply
this patch like:
$ cd src/jcifs/smb
$ patch -p0 < /tmp/PreauthWithoutLoadBal.patch
This is all TOTALLY untested though. Please let us know if it doesn't
compile and/or work.
Mike
On Mon, 12 Dec 2005 12:15:39 -0700
Mike Bennett <mkb137 at gmail.com> wrote:
> Enabling load balancing (which the documenation says is on by default) via :
> <init-param>
> <param-name>jcifs.http.loadBalance</param-name>
> <param-value>true</param-value>
> </init-param>
>
> Didn't fix the problem. I only specified the one domain controller,
> anyway, so there was nothing to balance against.
>
> On 12/6/05, Andrew Miller <pulazzo at gmail.com> wrote:
> > I had a similar problem. I don't have time right now for a more
> > thorough response, but you might want to see the thread from Nov 10th
> > called "Load balancing required for preauthentication?"
> >
> > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> >
> > I don't think anything has changed in the source since that
> > discussion. You might just try turning on load balancing if it's not
> > already.
> >
> > -Andy
> >
> > On 12/6/05, Mike Bennett <mkb137 at gmail.com> wrote:
> > > If I put a valid normal user account in those parameters, then no
> > > login works. If this requires a special user account on the domain
> > > then I don't think it's viable for my situation, where the app will
> > > reside on another corporation's server.
> > >
> > > Thanks for the suggestion, though.
> > >
> > > On 12/6/05, Yannick <yannick at smellyfrog.com> wrote:
> > > > Hi Mike,
> > > >
> > > > You probably need to use pre-authentication. So you need to setup a user
> > > > account on the domain that you can use to do so, then add the following
> > > > parameters in your web.xml file:
> > > >
> > > > <init-param>
> > > > <param-name>jcifs.smb.client.username</param-name>
> > > > <param-value>UserAccountName</param-value>
> > > > </init-param>
> > > >
> > > > <init-param>
> > > > <param-name>jcifs.smb.client.password</param-name>
> > > > <param-value>PasswordOfTheUserAccount</param-value>
> > > > </init-param>
> > > >
> > > > Hope this helps
> > > > Regards
> > > > Yannick
> > > >
> > > > Mike Bennett wrote:
> > > >
> > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > >NTLM login through jcifs. Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > >The first login goes through correctly and the user can access the
> > > > >app. Any login thereafter (from a different machine, from a different
> > > > >user, from the same user on the same computer but with a different
> > > > >browser) fails with no error message just as if the user or password
> > > > >were invalid. I have not had this problem with jcifs-1.1.8.jar, which
> > > > >I've been using for quite a while. I was hoping to upgrade to take
> > > > >advantage of some of the other fixes.
> > > > >
> > > > >Is this a configuration problem or something else? My web.xml section
> > > > >is pretty plain :
> > > > >
> > > > ><filter>
> > > > > <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > > <init-param>
> > > > > <param-name>jcifs.smb.client.domain</param-name>
> > > > > <param-value>MYDOMAIN</param-value>
> > > > > </init-param>
> > > > > <init-param>
> > > > > <param-name>jcifs.http.domainController</param-name>
> > > > > <param-value>mydc</param-value>
> > > > > </init-param>
> > > > ></filter>
> > > > ><filter-mapping>
> > > > > <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > <url-pattern>/*</url-pattern>
> > > > ></filter-mapping>
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> >
>
More information about the jcifs
mailing list