[jcifs] NTLM handshake slow, and interruped after the 3rd GET
Balazs Szuecs
balazs.szuecs at wave-solutions.com
Tue Feb 8 12:07:25 GMT 2005
Hello,
I am new to jCIFS, and I wanted to test the NTLM negotiation with a tomcat
server. Here's my configuration:
jCIFS 1.1.7
Tomcat 4.1
IE 6.0
Win XP
As I understand it, the NTLM handshake should look like as follows:
REQ#1 (GET)
RESP#1 (401)
REQ#2 (GET)
RESP#2 (401)
REQ#3 (GET)
RESP#3 (200)
I installed and set up jCIFS, and tested with NtlmHttpAuthExample. I'm
experiencing the following problems:
1) tomcat returns RESP#1 immediately to the browser --> OK
2) the browser appears to wait exactly 60 seconds (!!!) between RESP#1 and
REQ#2 --> ???
3) tomcat and jcifs talk to the domain controller, and return RESP#2 in no
time --> OK
4) then again, the browser waits another 60 (!!!!!!!) seconds before
sending REQ#3, then at once it times out... --> ???
5) there is no response for REQ#3 --> ???
6) there are no exceptions, no errors or warnings in the tomcat log
There seems to be no problem with the communication between jcifs and the
domain conroller, since jcifs produces the log output below.
Does anyone have an idea, what it could be?
Thank you very much!
best Regards,
Balazs
================
Tue Feb 08 12:11:12 CET 2005:
LOGON_SHARE=null,LOOKUP_RESP_LIMIT=5,DOMAIN=EDIFACT,USERNAME=null,CACHE_POLICY=1200,dc_list.length=0,dc_list_range=1,dc_list_index=0
NameQueryRequest[nameTrnId=1,isResponse=false,opCode=QUERY,isAuthAnswer=false,isTruncated=false,isRecurAvailable=false,isRecurDesired=true,isBroadcast=false,resultCode=0,questionCount=1,answerCount=0,authorityCount=0,additionalCount=0,questionName=EDIFACT<1C>,questionType=0x0020,questionClass=IN,recordName=null,recordType=0x0000,recordClass=0x0000,ttl=0,rDataLength=0]
00000: 00 01 01 00 00 01 00 00 00 00 00 00 20 45 46 45 |............ EFE|
00010: 45 45 4A 45 47 45 42 45 44 46 45 43 41 43 41 43 |EEJEGEBEDFECACAC|
00020: 41 43 41 43 41 43 41 43 41 43 41 42 4D 00 00 20 |ACACACACACABM.. |
00030: 00 01 |.. |
NetBIOS: new data read from socket
NameQueryResponse[nameTrnId=1,isResponse=true,opCode=QUERY,isAuthAnswer=true,isTruncated=false,isRecurAvailable=true,isRecurDesired=true,isBroadcast=false,resultCode=0,questionCount=0,answerCount=1,authorityCount=0,additionalCount=0,questionName=null,questionType=0x0000,questionClass=IN,recordName=EDIFACT<1C>,recordType=0x0020,recordClass=IN,ttl=0,rDataLength=18,addrEntry=[Ljcifs.netbios.NbtAddress;@82d210]
00000: 00 01 85 80 00 00 00 01 00 00 00 00 20 45 46 45 |............ EFE|
00010: 45 45 4A 45 47 45 42 45 44 46 45 43 41 43 41 43 |EEJEGEBEDFECACAC|
00020: 41 43 41 43 41 43 41 43 41 43 41 42 4D 00 00 20 |ACACACACACABM.. |
00030: 00 01 00 00 00 00 00 12 80 00 0A E8 B5 47 80 00 |...........èµG..|
00040: 0A E8 B5 48 80 00 0A E8 B5 48 |.èµH...èµH |
Default credentials (jcifs.smb.client.username/password) not specified.
SMB signing may not work propertly. Skipping DC interrogation.
session established ok with EDIFACT<1C>/10.232.181.71
requesting negotiation with EDIFACT<1C>/10.232.181.71
SmbComNegotiate[command=SMB_COM_NEGOTIATE,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=9510,uid=0,mid=1,wordCount=0,byteCount=12,wordCount=0,dialects=NT
LM 0.12]
00000: 00 00 00 2F FF 53 4D 42 72 00 00 00 00 18 03 C0 |.../ÿSMBr......À|
00010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 25 |..............&%|
00020: 00 00 01 00 00 0C 00 02 4E 54 20 4C 4D 20 30 |........NT LM 0 |
new data read from socket: EDIFACT<1C>/10.232.181.71
byteCount=42 but readBytesWireFormat returned 22
SmbComNegotiateResponse[command=SMB_COM_NEGOTIATE,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=0,pid=9510,uid=0,mid=1,wordCount=17,byteCount=42,wordCount=17,dialectIndex=0,securityMode=0x7,security=user,encryptedPasswords=true,maxMpxCount=50,maxNumberVcs=1,maxBufferSize=16644,maxRawSize=65536,sessionKey=0x00000000,capabilities=0x0001F3FD,serverTime=Tue
Feb 08 12:11:07 CET
2005,serverTimeZone=65476,encryptionKeyLength=8,byteCount=42,encryptionKey=0x0094588E66A18927,oemDomainName=EDIFACT]
00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00 |ÿSMBr......À....|
00010: 00 00 00 00 00 00 00 00 00 00 26 25 00 00 01 00 |..........&%....|
00020: 11 00 00 07 32 00 01 00 04 41 00 00 00 00 01 00 |....2....A......|
00030: 00 00 00 00 FD F3 01 00 A0 86 47 E3 CE 0D C5 01 |....ýó.. .GãÎ.Å.|
00040: C4 FF 08 2A 00 00 94 58 8E 66 A1 89 27 45 00 44 |Äÿ.*...X.f¡.'E.D|
00050: 00 49 00 46 00 41 00 43 00 54 00 00 00 45 00 44 |.I.F.A.C.T...E.D|
00060: 00 49 00 53 00 52 00 56 00 30 00 31 00 00 00 |.I.S.R.V.0.1... |
close: NbtSocket[addr=EDIFACT<1C>/10.232.181.71,port=139,localport=4546]
================
I also sniffed the http traffic with HTTPLook:
REQ#1
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, application/x-shockwave-flash,
application/security-capsule, */*
Accept-Language: de-at
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.4322)
Host: 127.0.0.1:8080
Connection: Keep-Alive
Cookie: personalisation=lang=de;
JSESSIONID=EB036F6D6F62F48BFAE21477B28BEAD7.0
RESP#1
HTTP/1.1 401 Unauthorized
Date: Tue, 08 Feb 2005 11:10:11 GMT
Server: Apache Tomcat/4.1.27 (HTTP/1.1 Connector)
WWW-Authenticate: NTLM
REQ#2
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, application/x-shockwave-flash,
application/security-capsule, */*
Accept-Language: de-at
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.4322)
Host: 127.0.0.1:8080
Connection: Keep-Alive
Authorization: NTLM
TlRMTVNTUAABAAAAB7IIogcABwAxAAAACQAJACgAAAAFASgKAAAAD0VESVdPUksxNkVESUZBQ1R=
Cookie: personalisation=lang=de;
JSESSIONID=EB036F6D6F62F48BFAE21477B28BEAD7.0
RESP#2
HTTP/1.1 401 Unauthorized
Date: Tue, 08 Feb 2005 11:11:12 GMT
Server: Apache Tomcat/4.1.27 (HTTP/1.1 Connector)
WWW-Authenticate: NTLM
TlRMTVNTUAACAAAADgAOADAAAAAFAoEAAJRYjmahiScAAAAAAAAAADYANgA+AAAARQBEAEkARgBBAEMAVAACAA4ARQBEAEkARgBBAEMAVAABABwASgBDAEkARgBTADEAOAAyAF8AOAA2AF8AQwAxAAAAAAA=
Set-Cookie: JSESSIONID=AF5593EE1037E26E48F9DD8FEF16A42D.0; Path=/
REQ#3
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, application/x-shockwave-flash,
application/security-capsule, */*
Accept-Language: de-at
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.4322)
Host: 127.0.0.1:8080
Connection: Keep-Alive
Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAHYAAAAYABgAjgAAAA4ADgBIAAAADgAOAFYAAAASABIAZAAAAAAAAACmAAAABQKAAgUBKAoAAAAPRQBEAEkARgBBAEMAVABuADkAOQAxADIAMgA1AEUARABJAFcATwBSAEsAMQA2AKF6rV9bJga8NCoD+cbLXTa/d3v4VQ9IKLLZZ4cnczACNjRQUxgywPInrWne243JTQ==
Cookie: personalisation=lang=de;
JSESSIONID=AF5593EE1037E26E48F9DD8FEF16A42D.0
RESP#3 none, browser times out
More information about the jcifs
mailing list