AW: [jcifs] the referenced account is currently locked out

Jens.Mueller at Jens.Mueller at
Mon Jun 28 10:40:33 GMT 2004

Hi Mike,

thank you for your answer.
The server has Solaris as os. To capture the traffic, I must use snoop,
because there is no other tool available.
It will take some time, until I know how it works. I stick to it.

I have seen some very interesting behavior with 0.7.19.

We use apache 1.3.26, mod_jk 1.2.5 and tomcat 5.0.25. The tomcat has two
connectors. One for the apache (ajp13) and one for direct tomcat
communication over http (just for testing).

When I connect direct to the tomcat, it works fine for me, but when I
connect to the apache, there is a problem between the ntlm-responses. The
tomcat always sends the following data:

<html><head><title>Apache Tomcat/5.0.25 - Error report</title><style><!--H1
nt-size:22px;} H2
nt-size:16px;} H3
nt-size:14px;} BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
12px;}A {color : black;} {color : black;}HR {color :
#525D76;}--></style> </head><body><h1>HTTP Status 401 - </h1><HR size="1"
noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b>
<u></u></p><p><b>description</b> <u>This request requires HTTP
authentication ().</u></p><HR size="1" noshade="noshade"><h3>Apache

but it also sends, that the header:   content-length: 0

I hope now, that is an old problem und someone knows, what's to do... :-)


-----Ursprüngliche Nachricht-----
Von: Michael B Allen [mailto:mba2000 at]
Gesendet: Sonntag, 27. Juni 2004 05:24
An: Jens.Mueller at
Cc: jcifs at
Betreff: Re: [jcifs] the referenced account is currently locked out

On Fri, 25 Jun 2004 11:05:08 +0200
Jens.Mueller at wrote:

> Hello all,
> I used long time jcifs 0.7.19 to authenticate a webapplication and updated
> yesterday to 0.9.2. No I get this error, when I try to connect:
> The referenced account is currently locked out and may not be logged on
> to.

This is occurring because the authentication is failing repeatly and
the security policy requires that a certain number of attempts should
lock the account in question. We would need a packet capture [1] of CIFS
and HTTP traffic on the webapplication server to see precisely why this
is happening.



Greedo shoots first? Not in my Star Wars.

More information about the jcifs mailing list