[jcifs] NTLM HTTP Authentication and SMB Signing

Paul.Holaj at dekabank.de Paul.Holaj at dekabank.de
Wed Apr 7 12:51:58 GMT 2004


we use a Struts based web application with IE 5.5 and NTLM HTTP
Authentication filter via JCIFS 0.8.1. 
Our Domain Controllers were updated to Win2003Server with SMB signing
switched on. 
When using our application against the new DC, we get an "access denied"
error if whe authenticate 
more than one user (1st user succeeds, next users get 'access denied'
error in DC response).

In the JCIFS CHANGES.TXT file I found the following passages concerning
SMB signing:

Only  SMBs  that  follow  authentication  need to be actually signed if
signing  is  enabled.  ...  However because the  NTLM  HTTP  Filter
not send additional SMBs, signing will never actually  occur. ...

JCIFS  now  supports SMB signing. ...  Signing does not work with 
NTLM HTTP authentication because  the  original  password  hashes  are  
required to generate the MAC signing  key. ...

Is the JCIFS NTLM HTTP Authentication supposed to work with
a DC having SMB signing switched on, with multiple users ?
If the SMB signing is the problem, I would have expected an 
'unverifiable signature' error from the DC, not an 'access denied'

Thanks in advance.

Paul Holaj

-------------- next part --------------
A non-text attachment was scrubbed...
Type: application/rtf
Size: 1476 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20040407/d652e32b/BDY.rtf

More information about the jcifs mailing list