[jcifs] NTLM HTTP Authentication and SMB Signing
Paul.Holaj at dekabank.de
Paul.Holaj at dekabank.de
Wed Apr 7 12:51:58 GMT 2004
Hi,
we use a Struts based web application with IE 5.5 and NTLM HTTP
Authentication filter via JCIFS 0.8.1.
Our Domain Controllers were updated to Win2003Server with SMB signing
switched on.
When using our application against the new DC, we get an "access denied"
error if whe authenticate
more than one user (1st user succeeds, next users get 'access denied'
error in DC response).
In the JCIFS CHANGES.TXT file I found the following passages concerning
SMB signing:
(jcifs-0.8.0b1.)
...
Only SMBs that follow authentication need to be actually signed if
SMB
signing is enabled. ... However because the NTLM HTTP Filter
does
not send additional SMBs, signing will never actually occur. ...
(jcifs-0.7.13)
JCIFS now supports SMB signing. ... Signing does not work with
NTLM HTTP authentication because the original password hashes are
required to generate the MAC signing key. ...
Is the JCIFS NTLM HTTP Authentication supposed to work with
a DC having SMB signing switched on, with multiple users ?
If the SMB signing is the problem, I would have expected an
'unverifiable signature' error from the DC, not an 'access denied'
error.
Thanks in advance.
Regards,
Paul Holaj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BDY.RTF
Type: application/rtf
Size: 1476 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20040407/d652e32b/BDY.rtf
More information about the jcifs
mailing list