[jcifs] SmbAuthException: Logon Failure: Unknown User Name or
Bad Password
Michael B Allen
mba2000 at ioplex.com
Mon Dec 13 21:43:31 GMT 2004
Lieber, Samuel said:
> Mike,
>
> Thanks for your quick response.
>
> So to clarify:
>
> (1) These parameters, jcifs.smb.client.{domain,username,password}, are
> each
> specified in the web.xml?
yes.
> (2) When you say "Create an account" in other words, is it typical to
> create
> a separate dedicated account to serve the sole purpose of
> preauthentication
> (e.g. Domain: TTSG, User: smbuser)? And this account has to be a domain
> account, right?
yes.
> (3) Does the user in (2) have to have any special privileges (have Admin
> rights, etc.)?
No. The account should have no privledges other than whatever is necessary
to actually authenticate.
>
> Thanks,
> Sam
>
> -----Original Message-----
> From: Michael B Allen [mailto:mba2000 at ioplex.com]
> Sent: Monday, December 13, 2004 2:39 PM
> To: Lieber, Samuel
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] SmbAuthException: Logon Failure: Unknown User Name or
> Bad Passwor d
>
>
> On Mon, 13 Dec 2004 12:14:04 -0500
> "Lieber, Samuel" <Samuel.Lieber at Artesia.com> wrote:
>
>> I am trying to use NtlmHttpFilter and have been unsuccessful and I am
>> totally stumped.
>>
>> Followed the directions exactly on
>> http://jcifs.samba.org/src/docs/ntlmhttpauth.html
>> <http://jcifs.samba.org/src/docs/ntlmhttpauth.html> and am using the
>> NtlmHttpFilter verbatim. Using jCIFS 1.1.4. Running Tomcat 4.1.30 on
>> Windows XP. My problem occurs when authenticating a client (trying to
>> connect through IE 6.0). When I do, I get a SmbAuthException saying
>> "Logon Failure: Unknown User Name or Bad Password". I can confirm
>> that my filter is being executed and I certainly see the 3-handshaking
>> taking place. When I examine the NtlmAuthentication object (via
>> debugging my filter), the domain and user are correct (the password is
>> null, I assume this is ok). I downloaded ethereal and did a network
>> capture as well, below is a snippet. What is interesting is that the
>> account being accessed is GUEST?
>
> The server is negotiating SMB signing which requires real credentials to
> generate a MAC key. Meaning you need to provide
> jcifs.smb.client.{domain,username,password} of some account to do
> "pre-authentication". Think of this like a workstation account. Create an
> account with a long random password.
>
> I know it sucks that you have to have creds in the properties file but for
> now that's the way we're doing it. Windows does the same thing with the
> workstation account. It's just autogenerated when the machine first joins
> the domain and you can't access the password so easily.
>
> Mike
>
> --
> Greedo shoots first? Not in my Star Wars.
>
>
More information about the jcifs
mailing list