[jcifs] Signing is required by the server but passwords are external

Eric Glass eric.glass at gmail.com
Fri Jul 30 08:24:28 GMT 2004 

You can install Microsoft's loopback adapter:

http://support.microsoft.com/default.aspx?scid=kb;en-us;839013

This won't listen on 127.0.0.1, but will add an additional interface
that is available offline.


Eric

----- Original Message -----
From: Richard Heap <richardheap at beeb.net>
Date: Fri, 30 Jul 2004 08:54:42 +0100
Subject: Re: [jcifs] Signing is required by the server but passwords
are	external
To: Eric Glass <eric.glass at gmail.com>
Cc: Mush Salee <nimrod786 at hotmail.com>, jcifs at lists.samba.org

Most Windows machines (certainly XP) do not listen to port 139 on
127.0.0.1 (the loopback address - what 'localhost' normally resolves
to).

To get this to work you have to have a real network connection
(wireless, ethernet, whatever) that is 'up' (i.e can see the access
point, is plugged into a hub etc) and have that interface have a ip
address (for example, via DHCP or static). [If you then do a >>netstat
-an | find "139" you should see it listening] - mine looks like this:
>netstat -an | find "139"
  TCP    10.10.112.2:139        0.0.0.0:0              LISTENING
  TCP    192.168.30.101:139     0.0.0.0:0              LISTENING

You could then use that ip address, or use the hostname that resolves
to that address.
Tracert is a quick way to resolve ip->hostname
from the example above use tracert 10.10.112.2 to find the hostname

This 127.0.0.1 problem has caught me out several times (mostly when on
a long airplane journey with no way to get a network connection) and
no way to get XP to listen on the loopback port, when I've been
intending to do some testing etc. Anybody got any ideas about how to
get XP to listen on the loopback as well as physical network
connections?



Eric Glass wrote:

You've got "jcifs.http.domainController" pointing at "localhost", but
it doesn't appear to be listening on port 139. If you have a
non-loopback address you could try that. You should be able to use any
Windows box; pick one, then try telnetting to port 139 to make sure
you can connect. Then put its IP in there and see if it works. Eric On
Thu, 29 Jul 2004 20:57:45 +0000, Mush Salee <nimrod786 at hotmail.com>
wrote:
Guys, I've changed the web.xml to include some of the additional
setting as suggested , i tried all the lmCompatibility setting as well
but with no joy. Please can you take a quick look at the web.xml
below, just incase i'm doing something really stupid. With the log
level set to 10 I get an error straight away. I've attached the output
below. Thanks again for you help and patience. Re M <web-app> <filter>
<filter-name>NTLM Authentication Filter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class> <init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>localhost</param-value> </init-param> <init-param>
<param-name>jcifs.util.loglevel</param-name>
<param-value>10</param-value> </init-param> <init-param>
<param-name>jcifs.smb.lmCompatibility</param-name>
<param-value>3</param-value> </init-param> <init-param>
<param-name>jcifs.smb.username</param-name>
<param-value>administrator</param-value> </init-param> <init-param>
<param-name>jcifs.smb.password</param-name>
<param-value>MYPASSWORD</param-value> </init-param> </filter>
<filter-mapping> <filter-name>NTLM Authentication Filter</filter-name>
<url-pattern>/*</url-pattern> </filter-mapping>
jcifs.smb.SmbException: An error occured sending the request.
java.net.ConnectException: Connection refused: connect at
java.net.PlainSocketImpl.socketConnect(Native Method) at
java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305) at
java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171) at
java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158) at
java.net.Socket.connect(Socket.java:452) at
java.net.Socket.connect(Socket.java:402) at
java.net.Socket.(Socket.java:309) at java.net.Socket.(Socket.java:211)
at jcifs.netbios.NbtSocket.(NbtSocket.java:59) at
jcifs.smb.SmbTransport.ensureOpen(SmbTransport.java:275) at
jcifs.smb.SmbTransport.send(SmbTransport.java:600) at
jcifs.smb.SmbTransport.negotiate(SmbTransport.java:854) at
jcifs.smb.SmbSession.getChallenge(SmbSession.java:64) at
jcifs.smb.SmbSession.getChallenge(SmbSession.java:58) at
jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:109) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1040)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1151)
at java.lang.Thread.run(Thread.java:534) at
jcifs.smb.SmbTransport.send(SmbTransport.java:630) at
jcifs.smb.SmbTransport.negotiate(SmbTransport.java:854) at
jcifs.smb.SmbSession.getChallenge(SmbSession.java:64) at
jcifs.smb.SmbSession.getChallenge(SmbSession.java:58) at
jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:109) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1040)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1151)
at java.lang.Thread.run(Thread.java:534)
From: Eric Glass <eric.glass at gmail.com> To: Michael B Allen
<mba2000 at ioplex.com> CC: Mush Salee <nimrod786 at hotmail.com>,
jcifs at lists.samba.org Subject: Re: Re: [jcifs] Signing is required by
the server but passwords are external Date: Wed, 28 Jul 2004 19:55:08
-0400

Sounds like it's quite simply not working. Three-strikes-you're-out sounds 
like the account is getting locked out. Look at the lmCompatibility
property maybe. Try enabling logging with a jcifs.util.loglevel
init-param. Collect a packet trace [1]. Ask your network admins if the
server supports NTLMv1. Etc.... This could just be client retries (IE
will prompt for a retry three times if the authentication fails, then
it just gives up). At this point, a packet capture run on the Tomcat
server would be your best bet; send it to Mike and/or myself directly
and we can have a look. If you could repost the current version of
your web.xml, I can take a final look and make sure nothing seems
wrong. Eric _________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today!
http://www.msn.co.uk/messenger

More information about the jcifs mailing list