[jcifs] ntlmv2
Michael B Allen
mba2000 at ioplex.com
Wed Dec 1 18:54:21 GMT 2004
On Wed, 1 Dec 2004 10:43:24 -0800
"O'Rourke, James" <jorourke at rsasecurity.com> wrote:
> I'm am seeing an issue whereby when I force NTLMv2 on jcifs, domain
> controllers and the client (IE), authentication fails when I try to
> enter the domain name in lowercase. It succeeds when I enter it in upper
> case. Essentially the configuration is as follows:
>
> client connects via IE to our servers which essentially proxy the NTLMv2
> handshake for domain controllers. We talk to the domain controllers
> through jcifs.
>
> Any suggestions would be of help.
Oh, crud I forgot about this. Someone reported that the fix is to add
toUpperCase() in src/jcifs/ntlmssp/Type3Message.java:
--- src.0/jcifs/ntlmssp/Type3Message.java Wed Dec 1 13:50:22 2004
+++ src/jcifs/ntlmssp/Type3Message.java Wed Dec 1 13:49:38 2004
@@ -325,7 +325,7 @@
byte[] domain = null;
if (domainName != null && domainName.length() != 0) {
domain = unicode ?
- domainName.getBytes("UnicodeLittleUnmarked") :
+
domainName.toUpperCase().getBytes("UnicodeLittleUnmarked") :
domainName.toUpperCase().getBytes(oem);
}
int domainLength = (domain != null) ? domain.length : 0;
BTW: We do not support NTLMv2 but if you choose lmCompatibility of 3 it
will negotiate LMv2.
I'll wait a few days to make sure there are no suprises in the 1.1.3 fix
and do another release. Maybe you can patch a jar yourself for a while.
Mike
--
Greedo shoots first? Not in my Star Wars.
More information about the jcifs
mailing list