[jcifs] NTLM V2 authentication is failing with JCIFS (sample java program which uses JCIFS to contact the Proxy server with NTLMV2 authentication)

Nagaraja Joshi joshinagaraja at rediffmail.com
Fri Nov 7 12:40:12 GMT 2008 

Hi Mike,

In addition to my previous reply ,,,

If you require the packet capture which are having the problems,,,,Please
give your mail id ,,,,Also please send me a mail(
joshinagaraja at rediffmail.com) so that i can send you the captured packets.

Also i will tell our investigation once again (please refer my previous
message also)

We are using jcifs 1.3 version library.

JCFIS client is not giving the username and password which is required for
authentication for the proxy server.

So its not taking the user name and password set in sample
program(jcifs.smb.client.username and jcifs.smb.client.password) while
negotitaing with the proxy server.

Since the username and password given for the proxy is incorrect its denying
with HTTP/4.1 407 proxy authentication error ( this we could infer from the
captured packets)

This negotitaion between client and server will repeat for certain number of
times then it will stop.

The exception is thrown is the same .

Exception in thread "main" java.lang.NullPointerException
	at
jcifs.smb.NtlmPasswordAuthentication.getNTLMv2Response(NtlmPasswordAuthentication.java:247)
	at jcifs.ntlmssp.Type3Message.getNTLMv2Response(Type3Message.java:584)
	at jcifs.ntlmssp.Type3Message.<init>(Type3Message.java:229)
	at
jcifs.http.NtlmHttpURLConnection.attemptNegotiation(NtlmHttpURLConnection.java:566)
	at
jcifs.http.NtlmHttpURLConnection.doHandshake(NtlmHttpURLConnection.java:452)
	at
jcifs.http.NtlmHttpURLConnection.handshake(NtlmHttpURLConnection.java:103)
	at
jcifs.http.NtlmHttpURLConnection.getInputStream(NtlmHttpURLConnection.java:240)
	at java.net.URL.openStream(Unknown Source)
	at JCIFS.main(JCIFS.java:65)


Regards,
Nagaraja

Regards,
Nagaraja

Nagaraja Joshi wrote:
> 
> Hi Mike,
> 
> We need(have a requirement for) NTLM V2 authention with the proxy server
> using the jcifs.
> 
> We tried your suggestion of setting the Just set jcifs.lmCompatibility 
> and extended secutiry for NTLMV1 its giving the same problem.
> 
> We are using the jcifs_1.3.0 jar file for our work.
> 
> When we debugged with packet capture with wireshark we found that always
> the jcifs client communicates with the different username and password
> (its not taking the username and password which we have put in our program
> for the proxy)
> 
> i.e when we set the   Config.setProperty("jcifs.smb.client.username",
> user);
>>       Config.setProperty("jcifs.smb.client.password", password);
> 
> in our program its not taking the same when negotiating with the proxy
> server ,,,so the proxy server is always denying the request for the
> webpage.
> 
> 
> Regards,
> Nagaraja
> 
> 
> 
> Michael B Allen wrote:
>> 
>> Hi Nagaraja,
>> 
>> Just set jcifs.lmCompatibility = 0 and
>> jcifs.smb.client.useExtendedSecurity = false. That should cause JCIFS
>> to use the old NTLMv1 behavior which is known to work with
>> NtlmHttpURLConnection.
>> 
>> I have made a note of the NtlmHttpURLConnection w/ NTLMv2 issue but I
>> have not addressed anything in the jcifs.http* packages as they will
>> be removed in JCIFS 2.x. If I happen-stance across the issue I will
>> fix it in 1.3 but otherwise, at this point, it is only important to
>> JCIFS that NTLMv2 work correctly with the CIFS protocol. The other
>> HTTP protocol stuff is only supported with NTLMv1. Instead, JCIFS will
>> expose the NTLM implementation (v1 and v2) sufficiently so that other
>> projects can handle other protocols. For example, the Apache HTTP
>> client could use JCIFS to implement proper NTLM authentication
>> behavior and in fact already does use some JCIFS code (albeit rather
>> sloppily).
>> 
>> However, this issue sounds like it could be a problem with the NTLMv2
>> code in general. If you would like to send me a packet capture, I will
>> make sure that the NTLMv2 code can handle the various NTLMSSP flags
>> and target information. That may or may not fix this issue.
>> 
>> Mike
>> 
>> On Thu, Nov 6, 2008 at 7:35 AM, Nagaraja Joshi
>> <joshinagaraja at rediffmail.com> wrote:
>>>
>>> Hi,
>>>
>>> We are using a sample java program which uses JCIFS library to
>>> communicate
>>> using NTLMV2 authentication to a proxy server.
>>>
>>> Also we are using the proxy server credentails to communicate through
>>> our
>>> sample program (i.e IAS proxy which uses NTLMV2 Authentication)
>>>
>>> However we are facing this issue when we execute the sample program :
>>>
>>> Exception in thread "main" java.lang.NullPointerException
>>>        at
>>> jcifs.smb.NtlmPasswordAuthentication.getNTLMv2Response(NtlmPasswordAuthentication.java:246)
>>>        at
>>> jcifs.ntlmssp.Type3Message.getNTLMv2Response(Type3Message.java:584)
>>>        at jcifs.ntlmssp.Type3Message.<init>(Type3Message.java:229)
>>>        at
>>> jcifs.http.NtlmHttpURLConnection.attemptNegotiation(NtlmHttpURLConnection.java:566)
>>>        at
>>> jcifs.http.NtlmHttpURLConnection.doHandshake(NtlmHttpURLConnection.java:452)
>>>        at
>>> jcifs.http.NtlmHttpURLConnection.handshake(NtlmHttpURLConnection.java:103)
>>>        at
>>> jcifs.http.NtlmHttpURLConnection.getInputStream(NtlmHttpURLConnection.java:240)
>>>        at java.net.URL.openStream(Unknown Source)
>>>        at JCIFS.main(JCIFS.java:60)
>>>
>>> The above problem is caused due to  targetInfo value passed to the
>>> public
>>> static byte[] getNTLMv2Response( ) method of the
>>> NtlmPasswordAuthentication.java file becoming null.
>>>
>>> The following line is causing the issue :
>>>
>>> byte[] temp = new byte[28 + targetInfo.length];  //here targetInfo is
>>> becoming null.
>>>
>>> Heres the Sample Program which we used to execute the same :
>>>
>>>
>>>
>>> import java.io.*;
>>>
>>> import java.net.*;
>>>
>>> import jcifs.*;
>>>
>>> public class JCIFS {
>>>
>>>    public static void main(String[] args) throws Exception {
>>>
>>>        // Normally set this outside application.
>>>        // Note that as a side effect due to the way handlers are
>>> located,
>>>        // you can also achieve this by simply doing:
>>>           Config.registerSmbURLHandler();
>>>        // which we already do to register the smb handler.
>>>       // String pkgs = System.getProperty("java.protocol.handler.pkgs");
>>>       // pkgs = (pkgs != null) ? "http|" + pkgs : "http";
>>>        //System.setProperty("java.protocol.handler.pkgs", pkgs);
>>>
>>>           String proxy = "64.104.136.241";                 //IAS proxy
>>> or
>>> any proxy which is used to configure NTLMV2 authentication
>>>           String port = "8080";                                   //IAS
>>> proxy or any proxy port
>>>           System.setProperty("http.proxyHost",proxy);
>>>           System.setProperty("http.proxyPort",port);
>>>
>>>
>>>        //
>>>
>>>      /*  if (args == null || args.length < 4) {
>>>            System.out.println("NtlmHttpClient <url> <domain> <user>
>>> <password>");
>>>            System.exit(1);
>>>        }*/
>>>      // String location = "http://www.cisco.com/";
>>>       String location = "http://www.cisco.com/";
>>>        String domain = "cisco";
>>>        String user = "nagaraja";
>>>        String password = "nagaraja";
>>>
>>>        // can also specify these in the URL, i.e.
>>>        //     http://DOMAIN%5cuser:password@host/dir/file.html
>>>        // which will override these properties
>>>       Config.setProperty("jcifs.smb.client.domain", domain);
>>>        Config.setProperty("jcifs.smb.client.username", user);
>>>       Config.setProperty("jcifs.smb.client.password", password);
>>>        Config.setProperty("jcifs.smb.lmCompatibility ", "3");
>>>        Config.setProperty("jcifs.http.domainController","cisco");
>>>      //  Config.setProperty("jcifs.smb.client.useUnicode ", "false");
>>>
>>>       /* try {
>>>               
>>> Config.setProperty("jcifs.netbios.hostname","64.103.135.182");
>>>
>>>            System.out.println("host
>>> name"+Config.getProperty("jcifs.netbios.hostname",InetAddress.getLocalHost().getHostName()));
>>>        } catch (Exception ex) { }
>>>        //URL url = new URL(location);*/
>>>
>>>        URL url = new URL("http://www.cisco.com/");
>>>
>>>        BufferedReader reader = new BufferedReader(
>>>                new InputStreamReader(url.openStream()));
>>>        String line;
>>>        while ((line = reader.readLine()) != null) {
>>>            System.out.println(line);
>>>        }
>>>    }
>>>
>>> }
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> It will be great if some body can help us on this.
>>>
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/NTLM-V2-authentication-is-failing-with-JCIFS-%28sample-java-program-which-uses-JCIFS-to-contact-the-Proxy-server-with-NTLMV2-authentication%29-tp20360187p20360187.html
>>> Sent from the Samba - jcifs mailing list archive at Nabble.com.
>>>
>>>
>> 
>> 
>> 
>> -- 
>> Michael B Allen
>> PHP Active Directory SPNEGO SSO
>> http://www.ioplex.com/
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/NTLM-V2-authentication-is-failing-with-JCIFS-%28sample-java-program-which-uses-JCIFS-to-contact-the-Proxy-server-with-NTLMV2-authentication%29-tp20360187p20379850.html
Sent from the Samba - jcifs mailing list archive at Nabble.com.

More information about the jcifs mailing list