[jcifs] ntlmv2

Michael B Allen mba2000 at ioplex.com
Wed Dec 1 18:54:21 GMT 2004


On Wed, 1 Dec 2004 10:43:24 -0800
"O'Rourke, James" <jorourke at rsasecurity.com> wrote:

> I'm am seeing an issue whereby when I force NTLMv2 on jcifs, domain
> controllers and the client (IE), authentication fails when I try to
> enter the domain name in lowercase. It succeeds when I enter it in upper
> case. Essentially the configuration is as follows:
>  
> client connects via IE to our servers which essentially proxy the NTLMv2
> handshake for domain controllers. We talk to the domain controllers
> through jcifs.
>  
> Any suggestions would be of help.

Oh, crud I forgot about this. Someone reported that the fix is to add
toUpperCase() in src/jcifs/ntlmssp/Type3Message.java:

--- src.0/jcifs/ntlmssp/Type3Message.java       Wed Dec  1 13:50:22 2004
+++ src/jcifs/ntlmssp/Type3Message.java Wed Dec  1 13:49:38 2004
@@ -325,7 +325,7 @@
             byte[] domain = null;
             if (domainName != null && domainName.length() != 0) {
                 domain = unicode ?
-                        domainName.getBytes("UnicodeLittleUnmarked") :
+                       
domainName.toUpperCase().getBytes("UnicodeLittleUnmarked") :
                                 domainName.toUpperCase().getBytes(oem);
             }
             int domainLength = (domain != null) ? domain.length : 0;

BTW: We do not support NTLMv2 but if you choose lmCompatibility of 3 it
will negotiate LMv2.

I'll wait a few days to make sure there are no suprises in the 1.1.3 fix
and do another release. Maybe you can patch a jar yourself for a while.

Mike

-- 
Greedo shoots first? Not in my Star Wars.


More information about the jcifs mailing list