[jcifs] NtmlHTTPAuthentication Filter
Martin Marinschek
martin.marinschek at gmail.com
Wed Feb 9 09:59:46 GMT 2005
Hi again,
sorry for the long response lag - had some other stuff I needed to
work upon, now I tried it again with (hopefully) the settings you
suggested:
<filter-name>NTLM HTTP Authentication Filter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>OEKB</param-value>
</init-param>
<init-param>
<param-name>jcifs.netbios.wins</param-name>
<param-value>143.245.2.201,143.245.2.205</param-value>
</init-param>
<init-param>
<param-name>jcifs.http.basicRealm</param-name>
<param-value>OeKB</param-value>
</init-param>
<init-param>
<param-name>jcifs.http.insecureBasic</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>jcifs.util.loglevel</param-name>
<param-value>3</param-value>
</init-param>
Changed, tested - same problem as before...
>From local workstations, the users get through without a problem, from
our CITRIX-Servers (same version of IE, etc.) the users don't get
through but get a
The page cannot be displayed
The page you are looking for is currently unavailable. The Web site
might be experiencing technical difficulties, or you may need to
adjust your browser settings.
error.
With jcifs 0.9.6 it works - no problems!
I need both, by the way, Basic Authentication for the users with
browsers other than IE and users not in the OEKB Domain, and NTLM
Authentication for the others.
When looking at the logs, a strange thing is happening: for when it
works, I get great logging, if it doesn't, I don't get a single entry
in the logs - so the point of rejection seems to be very early, way
before the first log statement is logged away (I set the log level to
1000 by the way).
Here some log statements from successfull logins:
treeConnect: unc=\\143.245.2.201\IPC$,service=?????
sessionSetup: accountName=ohr,primaryDomain=OEKB
update: 0 0:40
00000: 64 EC 3A 1A E8 BB 6C E7 4C 26 12 88 64 27 45 0A |dì:.è»lçL&..d'E.|
00010: 90 E0 96 FB 9A 44 BF 37 7F D6 4C 95 13 FA 70 A2 |.à.û.D¿7.ÖL..úp¢|
00020: F0 55 97 B3 03 CA B7 43 |ðU.³.Ê·C |
update: 1 4:212
00000: FF 53 4D 42 73 00 00 00 00 18 07 C0 00 00 24 00 |ÿSMBs......À..$.|
00010: 00 00 00 00 00 00 00 00 00 00 E6 B2 00 00 14 00 |..........æ²....|
00020: 0D 75 00 98 00 04 41 0A 00 01 00 00 00 00 00 18 |.u....A.........|
00030: 00 18 00 00 00 00 00 54 10 00 00 5B 00 24 A1 A0 |.......T...[.$¡ |
00040: 3F 43 51 19 55 3E 20 3B 95 3B 09 D9 EE 84 96 3A |?CQ.U> ;.;.Ùî..:|
00050: 73 3D 7F B6 91 F0 60 AA 91 6E F9 66 C6 C9 A3 DB |s=.¶.ð`ª.nùfÆÉ£Û|
00060: 47 14 77 A6 71 F4 05 41 6F D2 E8 1E D7 00 6F 00 |G.w¦qô.AoÒè.×.o.|
00070: 68 00 72 00 00 00 4F 00 45 00 4B 00 42 00 00 00 |h.r...O.E.K.B...|
00080: 53 00 75 00 6E 00 4F 00 53 00 00 00 6A 00 43 00 |S.u.n.O.S...j.C.|
00090: 49 00 46 00 53 00 00 00 04 FF 00 00 00 00 00 01 |I.F.S....ÿ......|
000A0: 00 31 00 00 5C 00 5C 00 31 00 34 00 33 00 2E 00 |.1..\.\.1.4.3...|
000B0: 32 00 34 00 35 00 2E 00 32 00 2E 00 32 00 30 00 |2.4.5...2...2.0.|
000C0: 31 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F |1.\.I.P.C.$...??|
000D0: 3F 3F 3F 00 |???. |
digest:
00000: E4 49 C7 42 E3 51 2B 19 2F F6 08 CE 89 D9 B0 8B |äIÇBãQ+./ö.Î.Ù°.|
SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0xC007,signSeq=36,tid=0,pid=45798,uid=0,mid=20,wordCount=13,byteCount=91,andxCommand=0x75,andxOffset=152,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24,unicodePasswordLength=24,capabilities=4180,accountName=ohr,primaryDomain=OEKB,NATIVE_OS=SunOS,NATIVE_LANMAN=jCIFS]
SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0x0000,signSeq=0,tid=0,pid=45798,uid=0,mid=0,wordCount=4,byteCount=49,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\143.245.2.201\IPC$,service=?????]
00000: 00 00 00 D4 FF 53 4D 42 73 00 00 00 00 18 07 C0 |...ÔÿSMBs......À|
00010: 00 00 E4 49 C7 42 E3 51 2B 19 00 00 00 00 E6 B2 |..äIÇBãQ+.....æ²|
00020: 00 00 14 00 0D 75 00 98 00 04 41 0A 00 01 00 00 |.....u....A.....|
00030: 00 00 00 18 00 18 00 00 00 00 00 54 10 00 00 5B |...........T...[|
00040: 00 24 A1 A0 3F 43 51 19 55 3E 20 3B 95 3B 09 D9 |.$¡ ?CQ.U> ;.;.Ù|
00050: EE 84 96 3A 73 3D 7F B6 91 F0 60 AA 91 6E F9 66 |î..:s=.¶.ð`ª.nùf|
00060: C6 C9 A3 DB 47 14 77 A6 71 F4 05 41 6F D2 E8 1E |ÆÉ£ÛG.w¦qô.AoÒè.|
00070: D7 00 6F 00 68 00 72 00 00 00 4F 00 45 00 4B 00 |×.o.h.r...O.E.K.|
00080: 42 00 00 00 53 00 75 00 6E 00 4F 00 53 00 00 00 |B...S.u.n.O.S...|
00090: 6A 00 43 00 49 00 46 00 53 00 00 00 04 FF 00 00 |j.C.I.F.S....ÿ..|
000A0: 00 00 00 01 00 31 00 00 5C 00 5C 00 31 00 34 00 |.....1..\.\.1.4.|
000B0: 33 00 2E 00 32 00 34 00 35 00 2E 00 32 00 2E 00 |3...2.4.5...2...|
000C0: 32 00 30 00 31 00 5C 00 49 00 50 00 43 00 24 00 |2.0.1.\.I.P.C.$.|
000D0: 00 00 3F 3F |..?? |
new data read from socket: OEKB<1C>/143.245.2.201
SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC007,signSeq=37,tid=20510,pid=45798,uid=20510,mid=20,wordCount=3,byteCount=108,andxCommand=0x75,andxOffset=149,isLoggedInAsGuest=false,nativeOs=Windows
Server 2003 3790,nativeLanMan=Windows Server 2003
5.2,primaryDomain=OEKB]
SmbComTreeConnectAndXResponse[command=SMB_COM_TREE_CONNECT_ANDX,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC007,signSeq=0,tid=20510,pid=45798,uid=20510,mid=20,wordCount=3,byteCount=6,andxCommand=0xFF,andxOffset=164,supportSearchBits=true,shareIsInDfs=false,service=IPC,nativeFileSystem=]
00000: FF 53 4D 42 73 00 00 00 00 98 07 C0 00 00 4E CE |ÿSMBs......À..NÎ|
00010: 86 5A 0E 83 3D 7D 00 00 1E 50 E6 B2 1E 50 14 00 |.Z..=}...Pæ².P..|
00020: 03 75 00 95 00 00 00 6C 00 04 57 00 69 00 6E 00 |.u.....l..W.i.n.|
00030: 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 |d.o.w.s. .S.e.r.|
00040: 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 |v.e.r. .2.0.0.3.|
00050: 20 00 33 00 37 00 39 00 30 00 00 00 57 00 69 00 | .3.7.9.0...W.i.|
00060: 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 |n.d.o.w.s. .S.e.|
00070: 72 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 |r.v.e.r. .2.0.0.|
00080: 33 00 20 00 35 00 2E 00 32 00 00 00 4F 00 45 00 |3. .5...2...O.E.|
00090: 4B 00 42 00 00 03 FF 00 A4 00 01 00 06 00 49 50 |K.B...ÿ.¤.....IP|
000A0: 43 00 00 00 |C... |
update: 0 0:40
00000: 64 EC 3A 1A E8 BB 6C E7 4C 26 12 88 64 27 45 0A |dì:.è»lçL&..d'E.|
00010: 90 E0 96 FB 9A 44 BF 37 7F D6 4C 95 13 FA 70 A2 |.à.û.D¿7.ÖL..úp¢|
00020: F0 55 97 B3 03 CA B7 43 |ðU.³.Ê·C |
update: 1 0:14
00000: FF 53 4D 42 73 00 00 00 00 98 07 C0 00 00 |ÿSMBs......À.. |
update: 2 0:8
00000: 25 00 00 00 00 00 00 00 |%....... |
update: 3 22:142
00000: 00 00 1E 50 E6 B2 1E 50 14 00 03 75 00 95 00 00 |...Pæ².P...u....|
00010: 00 6C 00 04 57 00 69 00 6E 00 64 00 6F 00 77 00 |.l..W.i.n.d.o.w.|
00020: 73 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 |s. .S.e.r.v.e.r.|
00030: 20 00 32 00 30 00 30 00 33 00 20 00 33 00 37 00 | .2.0.0.3. .3.7.|
00040: 39 00 30 00 00 00 57 00 69 00 6E 00 64 00 6F 00 |9.0...W.i.n.d.o.|
00050: 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 00 |w.s. .S.e.r.v.e.|
00060: 72 00 20 00 32 00 30 00 30 00 33 00 20 00 35 00 |r. .2.0.0.3. .5.|
00070: 2E 00 32 00 00 00 4F 00 45 00 4B 00 42 00 00 03 |..2...O.E.K.B...|
00080: FF 00 A4 00 01 00 06 00 49 50 43 00 00 00 |ÿ.¤.....IPC... |
digest:
00000: 4E CE 86 5A 0E 83 3D 7D 88 59 0F C9 F4 91 F3 C4 |NÎ.Z..=}.Y.Éô.óÄ|
NtlmHttpFilter: OEKB\ohr successfully authenticated against
OEKB<1C>/143.245.2.201
NtlmHttpFilter: OEKB\vaggro successfully authenticated against
OEKB<1C>/143.245.2.201
NtlmHttpFilter: OEKB\ohr successfully authenticated against
OEKB<1C>/143.245.2.201
treeConnect: unc=\\143.245.2.201\IPC$,service=?????
sessionSetup: accountName=vagpoe,primaryDomain=OEKB
update: 0 0:40
00000: 64 EC 3A 1A E8 BB 6C E7 4C 26 12 88 64 27 45 0A |dì:.è»lçL&..d'E.|
00010: 90 E0 96 FB 9A 44 BF 37 7F D6 4C 95 13 FA 70 A2 |.à.û.D¿7.ÖL..úp¢|
00020: F0 55 97 B3 03 CA B7 43 |ðU.³.Ê·C |
update: 1 4:218
00000: FF 53 4D 42 73 00 00 00 00 18 07 C0 00 00 26 00 |ÿSMBs......À..&.|
00010: 00 00 00 00 00 00 00 00 00 00 E6 B2 00 00 15 00 |..........æ²....|
00020: 0D 75 00 9E 00 04 41 0A 00 01 00 00 00 00 00 18 |.u....A.........|
00030: 00 18 00 00 00 00 00 54 10 00 00 61 00 8F 25 92 |.......T...a..%.|
00040: 5A CB 32 40 23 91 2B 15 B6 EC A1 B3 DC E6 33 4B |ZË2@#.+.¶ì¡³Üæ3K|
00050: 74 2F 20 B9 FC B7 C3 C4 93 5F A1 B1 40 53 AF 68 |t/ ¹ü·ÃÄ._¡±@S¯h|
00060: 2F D1 E8 B2 90 9F 2A 65 C7 9E F3 FB E7 00 76 00 |/Ñè²..*eÇ.óûç.v.|
00070: 61 00 67 00 70 00 6F 00 65 00 00 00 4F 00 45 00 |a.g.p.o.e...O.E.|
00080: 4B 00 42 00 00 00 53 00 75 00 6E 00 4F 00 53 00 |K.B...S.u.n.O.S.|
00090: 00 00 6A 00 43 00 49 00 46 00 53 00 00 00 04 FF |..j.C.I.F.S....ÿ|
000A0: 00 00 00 00 00 01 00 31 00 00 5C 00 5C 00 31 00 |.......1..\.\.1.|
000B0: 34 00 33 00 2E 00 32 00 34 00 35 00 2E 00 32 00 |4.3...2.4.5...2.|
000C0: 2E 00 32 00 30 00 31 00 5C 00 49 00 50 00 43 00 |..2.0.1.\.I.P.C.|
000D0: 24 00 00 00 3F 3F 3F 3F 3F 00 |$...?????. |
digest:
00000: 57 8F 23 B3 46 F1 E8 20 E7 A2 20 81 71 C8 A6 DE |W.#³Fñè ç¢ .qȦÞ|
SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0xC007,signSeq=38,tid=0,pid=45798,uid=0,mid=21,wordCount=13,byteCount=97,andxCommand=0x75,andxOffset=158,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24,unicodePasswordLength=24,capabilities=4180,accountName=vagpoe,primaryDomain=OEKB,NATIVE_OS=SunOS,NATIVE_LANMAN=jCIFS]
SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0x0000,signSeq=0,tid=0,pid=45798,uid=0,mid=0,wordCount=4,byteCount=49,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\143.245.2.201\IPC$,service=?????]
00000: 00 00 00 DA FF 53 4D 42 73 00 00 00 00 18 07 C0 |...ÚÿSMBs......À|
00010: 00 00 57 8F 23 B3 46 F1 E8 20 00 00 00 00 E6 B2 |..W.#³Fñè ....æ²|
00020: 00 00 15 00 0D 75 00 9E 00 04 41 0A 00 01 00 00 |.....u....A.....|
00030: 00 00 00 18 00 18 00 00 00 00 00 54 10 00 00 61 |...........T...a|
00040: 00 8F 25 92 5A CB 32 40 23 91 2B 15 B6 EC A1 B3 |..%.ZË2@#.+.¶ì¡³|
00050: DC E6 33 4B 74 2F 20 B9 FC B7 C3 C4 93 5F A1 B1 |Üæ3Kt/ ¹ü·ÃÄ._¡±|
00060: 40 53 AF 68 2F D1 E8 B2 90 9F 2A 65 C7 9E F3 FB |@S¯h/Ñè²..*eÇ.óû|
00070: E7 00 76 00 61 00 67 00 70 00 6F 00 65 00 00 00 |ç.v.a.g.p.o.e...|
00080: 4F 00 45 00 4B 00 42 00 00 00 53 00 75 00 6E 00 |O.E.K.B...S.u.n.|
00090: 4F 00 53 00 00 00 6A 00 43 00 49 00 46 00 53 00 |O.S...j.C.I.F.S.|
000A0: 00 00 04 FF 00 00 00 00 00 01 00 31 00 00 5C 00 |...ÿ.......1..\.|
000B0: 5C 00 31 00 34 00 33 00 2E 00 32 00 34 00 35 00 |\.1.4.3...2.4.5.|
000C0: 2E 00 32 00 2E 00 32 00 30 00 31 00 5C 00 49 00 |..2...2.0.1.\.I.|
000D0: 50 00 43 00 24 00 00 00 3F 3F |P.C.$...?? |
new data read from socket: OEKB<1C>/143.245.2.201
SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC007,signSeq=39,tid=20511,pid=45798,uid=20511,mid=21,wordCount=3,byteCount=108,andxCommand=0x75,andxOffset=149,isLoggedInAsGuest=false,nativeOs=Windows
Server 2003 3790,nativeLanMan=Windows Server 2003
5.2,primaryDomain=OEKB]
SmbComTreeConnectAndXResponse[command=SMB_COM_TREE_CONNECT_ANDX,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC007,signSeq=0,tid=20511,pid=45798,uid=20511,mid=21,wordCount=3,byteCount=6,andxCommand=0xFF,andxOffset=164,supportSearchBits=true,shareIsInDfs=false,service=IPC,nativeFileSystem=]
00000: FF 53 4D 42 73 00 00 00 00 98 07 C0 00 00 B4 B1 |ÿSMBs......À..´±|
00010: 79 C5 AD 30 36 DE 00 00 1F 50 E6 B2 1F 50 15 00 |yÅ06Þ...Pæ².P..|
00020: 03 75 00 95 00 00 00 6C 00 01 57 00 69 00 6E 00 |.u.....l..W.i.n.|
00030: 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 |d.o.w.s. .S.e.r.|
00040: 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 |v.e.r. .2.0.0.3.|
00050: 20 00 33 00 37 00 39 00 30 00 00 00 57 00 69 00 | .3.7.9.0...W.i.|
00060: 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 |n.d.o.w.s. .S.e.|
00070: 72 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 |r.v.e.r. .2.0.0.|
00080: 33 00 20 00 35 00 2E 00 32 00 00 00 4F 00 45 00 |3. .5...2...O.E.|
00090: 4B 00 42 00 00 03 FF 00 A4 00 01 00 06 00 49 50 |K.B...ÿ.¤.....IP|
000A0: 43 00 00 00 |C... |
update: 0 0:40
00000: 64 EC 3A 1A E8 BB 6C E7 4C 26 12 88 64 27 45 0A |dì:.è»lçL&..d'E.|
00010: 90 E0 96 FB 9A 44 BF 37 7F D6 4C 95 13 FA 70 A2 |.à.û.D¿7.ÖL..úp¢|
00020: F0 55 97 B3 03 CA B7 43 |ðU.³.Ê·C |
update: 1 0:14
00000: FF 53 4D 42 73 00 00 00 00 98 07 C0 00 00 |ÿSMBs......À.. |
update: 2 0:8
00000: 27 00 00 00 00 00 00 00 |'....... |
update: 3 22:142
00000: 00 00 1F 50 E6 B2 1F 50 15 00 03 75 00 95 00 00 |...Pæ².P...u....|
00010: 00 6C 00 01 57 00 69 00 6E 00 64 00 6F 00 77 00 |.l..W.i.n.d.o.w.|
00020: 73 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 |s. .S.e.r.v.e.r.|
00030: 20 00 32 00 30 00 30 00 33 00 20 00 33 00 37 00 | .2.0.0.3. .3.7.|
00040: 39 00 30 00 00 00 57 00 69 00 6E 00 64 00 6F 00 |9.0...W.i.n.d.o.|
00050: 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 00 |w.s. .S.e.r.v.e.|
00060: 72 00 20 00 32 00 30 00 30 00 33 00 20 00 35 00 |r. .2.0.0.3. .5.|
00070: 2E 00 32 00 00 00 4F 00 45 00 4B 00 42 00 00 03 |..2...O.E.K.B...|
00080: FF 00 A4 00 01 00 06 00 49 50 43 00 00 00 |ÿ.¤.....IPC... |
digest:
00000: B4 B1 79 C5 AD 30 36 DE 70 4F 92 71 13 6B EA DD |´±yÅ06ÞpO.q.kêÝ|
NtlmHttpFilter: OEKB\vagpoe successfully authenticated against
OEKB<1C>/143.245.2.201
maybe this is of more help to find the "regression-bug" ;),
regards,
Martin
On Mon, 17 Jan 2005 15:26:43 -0500, Michael B Allen <mba2000 at ioplex.com> wrote:
> On Mon, 17 Jan 2005 15:50:04 +0100
> Martin Marinschek <martin.marinschek at gmail.com> wrote:
>
> > Hi there,
> >
> > I have long and successfully used JCifs in Version 0.9.6 and just now
> > I wanted to switch to 1.1.7. The problem is, it does not work with my
> > current configuration...
> >
> > I have submitted my filter-configuration in the web.xml file further
> > below, this works perfectly with 0.9.6 and does not work with 1.1.7.
> >
> > <filter>
> > <filter-name>NTLM HTTP Authentication Filter</filter-name>
> > <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > <init-param>
> > <param-name>jcifs.http.domainController</param-name>
> > <param-value>143.245.2.201</param-value>
> > </init-param>
> > <init-param>
> > <param-name>jcifs.smb.client.domain</param-name>
> > <param-value>OEKB</param-value>
> > </init-param>
>
> I think what might be happening here is if you have both domainController
> and domain jCIFS will try to use the domain property to lookup DCs. But to
> lookup DCs using jcifs.smb.client.domain you need WINS.
>
> This is kind of an error as it should be a valid combination to use domain
> for credentials without WINS.
>
> Can you specify WINS? Does that work?
>
> Also, if you're using Basic authentication only you do not need the
> domain,username,password for preauthentication credentials. That would also
> solve your problem.
>
> Mike
>
> --
> Greedo shoots first? Not in my Star Wars.
>
More information about the jcifs
mailing list