<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#ffffff">
<div class="moz-text-html" lang="x-western">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255,
255); font-family: lucida console,sans-serif; font-size: 12pt;">
<div><tt>Hello,</tt></div>
<div><tt><br>
</tt></div>
<div><tt>I'm newly assigned to support a java app that runs on
Windows only and uses jCIFS. Authentication is against an
Active Directory server via NTLM, and it appears to be
single-sign-on with the user's Windows credentials.</tt></div>
<div><tt><br>
</tt></div>
<div><tt>A few months ago, before I joined to company, they had
problems with authentications failing with no apparent
changes. Someone tried the pre-authentication work-around
as below, and that appears to have completely stopped the
problem:</tt></div>
<div><tt><br>
</tt></div>
<div><tt> <init-param><br>
<param-name>jcifs.smb.client.username</param-name><br>
<param-value>DummyAccount</param-value><br>
</init-param><br>
<init-param><br>
<param-name>jcifs.smb.client.password</param-name><br>
<param-value>DummyPassword</param-value><br>
</init-param><br>
</tt></div>
<div><tt><br>
</tt></div>
<div><tt>I am investigating whether there is some deeper issue
we can know of and possibly fix, or whether this is just the
way it is. As it has worked for years before without this,
it's easy to think something changed. Note that we don't
maintain the Active Directory server and getting information
is difficult, but they swear they changed nothing.</tt></div>
<div><tt><br>
</tt></div>
<div><tt>I'm reading about the components, but not getting a
good understanding of what is involved.</tt></div>
<div><tt><br>
</tt></div>
<div><tt>Question 1: Does the presence of the above work-around
mean we are using the JCIFS NTLM HTTP Authentication
Filter? I read this can't work with NTLMv2.</tt></div>
<div><tt><br>
</tt></div>
<div><tt>Question 2: Fiddler shows me this authentication
information:</tt></div>
<div><tt>-[NTLM Type1:
Negotiation]------------------------------<br>
Provider: NTLMSSP<br>
Type: 1<br>
OS Version: 5.1:2600<br>
Flags: 0xa208b207<br>
Unicode supported in security buffer.<br>
OEM strings supported in security buffer.<br>
Request server's authentication realm included in Type2
reply.<br>
NTLM authentication.<br>
Client workstation domain provided. Server can
determine if the client eligible for local authentication.<br>
Client workstation name provided. Server can determine
if the client eligible for local authentication.<br>
Negotiate Always Sign.<br>
Negotiate NTLM2 Key.<br>
Supports 56-bit encryption.<br>
Supports 128-bit encryption.<br>
Domain_Offset: 48; Domain_Length: 4; Domain_Length2: 4<br>
Host_Offset: 40; Host_Length: 8; Host_Length2: 8<br>
Host: AF368408<br>
Domain: APAC</tt></div>
<tt>------------------------------------<br>
</tt>
<div><tt><br>
</tt>
</div>
<div><tt>Does this mean the connection is using NTLMv2, or just
that it would be willing to if the server provides it?</tt></div>
<div><tt><br>
</tt>
</div>
<div><tt><br>
</tt></div>
<tt>Thanks in advance for your help.</tt>
<div><tt><br>
</tt></div>
<div><tt>Regards,</tt></div>
<div><tt>Bret</tt></div>
<div><tt><br>
</tt></div>
</div>
</div>
</body>
</html>