[jcifs] Re: jcifs Digest, Vol 17, Issue 4

Frederik Heick heick at tdc.dk
Wed May 12 11:13:13 GMT 2004


Now the windows logon box pops up very often. It seems that begins to happend ever since I put my WAR file into a EAR file.
I happend to have very long response time (2-3 minuts) on my requests, but thast was excepted, but I dont know if that has any influence
on why the windows logon pops up.



-----Oprindelig meddelelse-----
Fra: jcifs-bounces+heick=tdc.dk at lists.samba.org [mailto:jcifs-bounces+heick=tdc.dk at lists.samba.org] På vegne af jcifs-request at lists.samba.org
Sendt: 6. maj 2004 14:00
Til: jcifs at lists.samba.org
Emne: jcifs Digest, Vol 17, Issue 4


Send jcifs mailing list submissions to
	jcifs at lists.samba.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.samba.org/mailman/listinfo/jcifs
or, via email, send a message with subject or body 'help' to
	jcifs-request at lists.samba.org

You can reach the person managing the list at
	jcifs-owner at lists.samba.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of jcifs digest..."


Today's Topics:

   1. jCIFS NtlmHttpFilter (Brett Beaumont)
   2. Re: jCIFS NtlmHttpFilter (Eric)
   3. RE: jCIFS NtlmHttpFilter (Brett Beaumont)
   4. Re: FW: [jcifs] java.io.IOException: no andx command
      suppliedwithre sponse (Michael B Allen)


----------------------------------------------------------------------

Message: 1
Date: Thu, 6 May 2004 10:44:32 +1200 
From: Brett Beaumont <brett.beaumont at sytec.co.nz>
Subject: [jcifs] jCIFS NtlmHttpFilter
To: "'jcifs at lists.samba.org'" <jcifs at lists.samba.org>
Message-ID:
	<A44F34383DB5D411915C00508BEA3D48066FC506 at sywns001.sytec.co.nz>
Content-Type: text/plain;	charset="iso-8859-1"

We need to implement NTLM security for an intranet. We currently use Apache
mod_ntlm but have been encountering problems under load and we're
considering moving to the NtlmHttpFilter and pushing the authentication down
to Tomcat. 

I've tested out the filter locally and it appears to do everything we need.

We have a maximum of about 4000 users that use the intranet (though it would
be unlikely that they'd all use it at the same time). Has anybody had
experience with using the NtlmHttpFilter with a site of this size (or
larger)? Are there any issues that we need to be aware of, or any particular
settings that need to be configured?

Also, I've seen a few messages about SMB Signing with Win2003 causing
problems. Does this affect the NtlmHttpFilter? 

I look forward to your response,

Brett Beaumont


------------------------------

Message: 2
Date: Wed, 05 May 2004 19:38:34 -0400
From: Eric <eglass1 at comcast.net>
Subject: Re: [jcifs] jCIFS NtlmHttpFilter
To: Brett Beaumont <brett.beaumont at sytec.co.nz>
Cc: "'jcifs at lists.samba.org'" <jcifs at lists.samba.org>
Message-ID: <40997AFA.2080304 at comcast.net>
Content-Type: text/plain; charset=us-ascii; format=flowed


> We have a maximum of about 4000 users that use the intranet (though it would
> be unlikely that they'd all use it at the same time). Has anybody had
> experience with using the NtlmHttpFilter with a site of this size (or
> larger)? Are there any issues that we need to be aware of, or any particular
> settings that need to be configured?
> 

Every so often somebody posts site statistics, but I haven't been able 
to find one in the archives offhand.  It'd be nice if someone with 
access to LoadRunner or other similar tools could do a load analysis to 
see how much a typical setup could handle.  One advantage we have is 
that we multiplex our authentications over a single backend SMB 
connection, rather than opening a new connection for each incoming 
client.  I don't *think* mod_ntlm does that (although I could be mistaken).

> Also, I've seen a few messages about SMB Signing with Win2003 causing
> problems. Does this affect the NtlmHttpFilter? 
> 

There was one issue brought up recently; I don't recall if it was ever 
resolved:

http://lists.samba.org/archive/jcifs/2004-April/003291.html
http://lists.samba.org/archive/jcifs/2004-April/003292.html
http://lists.samba.org/archive/jcifs/2004-April/003295.html

Note that if the first proposed solution (doing a one-to-one session to 
SMB connection) is employed, the scalability probably won't be any 
better than mod_ntlm (since you'd be creating an independent connection 
to the DC for each client, rather than multiplexing them over the same 
connection).  Mike, was this ever verified/resolved?  I meant to take a 
look at this (as well as the NtlmHttpUrlConnection issue) but haven't 
had the luxury of time to do so.


Eric



------------------------------

Message: 3
Date: Thu, 6 May 2004 12:18:57 +1200 
From: Brett Beaumont <brett.beaumont at sytec.co.nz>
Subject: RE: [jcifs] jCIFS NtlmHttpFilter
To: "'Eric'" <eglass1 at comcast.net>
Cc: "'jcifs at lists.samba.org'" <jcifs at lists.samba.org>
Message-ID:
	<A44F34383DB5D411915C00508BEA3D48066FC508 at sywns001.sytec.co.nz>
Content-Type: text/plain;	charset="iso-8859-1"

Thanks for the quick response.

One thing that should give jCIFS a huge scalability plus over mod_ntlm is
that mod_ntlm authenticates connections, whereas the NtlmHtptFilter
authenticates sessions. 

Brett.

-----Original Message-----
From: Eric [mailto:eglass1 at comcast.net]
Sent: Thursday, 6 May 2004 11:39 a.m.
To: Brett Beaumont
Cc: 'jcifs at lists.samba.org'
Subject: Re: [jcifs] jCIFS NtlmHttpFilter



> We have a maximum of about 4000 users that use the intranet (though it
would
> be unlikely that they'd all use it at the same time). Has anybody had
> experience with using the NtlmHttpFilter with a site of this size (or
> larger)? Are there any issues that we need to be aware of, or any
particular
> settings that need to be configured?
> 

Every so often somebody posts site statistics, but I haven't been able 
to find one in the archives offhand.  It'd be nice if someone with 
access to LoadRunner or other similar tools could do a load analysis to 
see how much a typical setup could handle.  One advantage we have is 
that we multiplex our authentications over a single backend SMB 
connection, rather than opening a new connection for each incoming 
client.  I don't *think* mod_ntlm does that (although I could be mistaken).

> Also, I've seen a few messages about SMB Signing with Win2003 causing
> problems. Does this affect the NtlmHttpFilter? 
> 

There was one issue brought up recently; I don't recall if it was ever 
resolved:

http://lists.samba.org/archive/jcifs/2004-April/003291.html
http://lists.samba.org/archive/jcifs/2004-April/003292.html
http://lists.samba.org/archive/jcifs/2004-April/003295.html

Note that if the first proposed solution (doing a one-to-one session to 
SMB connection) is employed, the scalability probably won't be any 
better than mod_ntlm (since you'd be creating an independent connection 
to the DC for each client, rather than multiplexing them over the same 
connection).  Mike, was this ever verified/resolved?  I meant to take a 
look at this (as well as the NtlmHttpUrlConnection issue) but haven't 
had the luxury of time to do so.


Eric


------------------------------

Message: 4
Date: Thu, 6 May 2004 01:45:26 -0400 (EDT)
From: "Michael B Allen" <mba2000 at ioplex.com>
Subject: Re: FW: [jcifs] java.io.IOException: no andx command
	suppliedwithre sponse
To: "Christopher R. Hertel" <crh at ubiqx.mn.org>
Cc: jcifs at lists.samba.org
Message-ID:
	<39433.69.142.223.199.1083822326.squirrel at li4-142.members.linode.com>
Content-Type: text/plain;charset=iso-8859-1

Christopher R. Hertel said:
> On Wed, May 05, 2004 at 02:30:41PM -0400, Michael B Allen wrote:
>> Hmm, the NTCreateAndX response in frame 1484 looks very odd.
>
> The AndX block is all zeros, however, which *should* indicate that it is
> the end of an AndX chain.

0xFF means the end of the chain. 0x00 is SMB_COM_CREATE_DIRECTORY.

Mike


------------------------------

_______________________________________________
jcifs mailing list
jcifs at lists.samba.org
http://lists.samba.org/mailman/listinfo/jcifs


End of jcifs Digest, Vol 17, Issue 4
************************************

-------------- next part --------------
HTML attachment scrubbed and removed


More information about the jcifs mailing list