[jcifs] Problems with certain clients using NTLM filter
eglass1 at comcast.net
eglass1 at comcast.net
Tue Feb 17 12:44:42 GMT 2004
The failing client appears to be set up to use NTLMv2 authentication; there
are two ways to fix this situation:
1) On the affected client, look at the registry value:
HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
it's probably set to 3, 4, or 5. Set it to 0, 1, or 2. This setting is
described in detail at:
http://support.microsoft.com/default.aspx?scid=KB;en-us;239869
Setting it to 0 or 1 will do LM/NTLM (version 1); 2 will just do NTLM.
2) Set the jCIFS property "jcifs.smb.lmCompatibility" to 3. This will cause
jCIFS to use LMv2 (which is kind of a "stripped down" NTLMv2).
Either of the above should allow the client to authenticate properly.
Eric
> I posted a problem I was having a while back authenticating at all with
> WinXP/IE6. Mike you started to help me track it down but I've been
> distracted by other work. I had a chance to do some more digging today
> and can confirm a couple of things. This is using 0.8.0b1, and the
> filter in web.xml using the following settings:
>
> <filter>
> <filter-name>NTLM HTTP Authentication Filter</filter-name>
>
> <filter-class>com.akirkpatrick.ontowiki.web.ActionFilter</filter-class>
>
> <init-param>
> <param-name>jcifs.smb.client.domain</param-name>
> <param-value>IOKO365</param-value>
> </init-param>
>
> <init-param>
> <param-name>jcifs.netbios.wins</param-name>
> <param-value>x.x.x.x</param-value>
> </init-param>
> </filter>
>
> (my ActionFilter is the same as the standard one just with more logging)
>
> - Got someone else in our office with Win2k/IE5.5 and they couldn't
> authenticate
>
> - Tested access from clean build Win2k/IE5.5 client and it authenticated
> fine
>
> - Patched to Win2k SP4, still ok
>
> - Installed IE6 (from Windows Update) plus all critical updates, still
> ok
>
> - Tried on three other XP machines in office and all authenticated fine
>
> I'm struggling to find a pattern in this...! I attach the following:
>
> failure.libpcap
> Trace from a failed Win2k/IE5.5 conversation - displays login
> box, no attempt made to login
>
> success.libpcap
> Trace from a successful conversation - displays homepage
>
> Any help much appreciated, let me know if I can help with any more
> traces.
>
> Best regards, Alfie.
>
> ioko
> M: +44 (0) 7810 552466
> E: alfie.kirkpatrick at ioko.com
>
>
>
More information about the jcifs
mailing list