[jcifs] Clarification about NTLM via HTTP vs. signing
Jonas Rathert
jrt at gmx.de
Wed Nov 3 13:25:44 GMT 2004
Hi,
I'm trying to use JCIFS to do NTLM HTTP authentication, as described in
http://jcifs.samba.org/src/docs/ntlmhttpauth.html and based on the sample
web.xml file found on the website. Of course I modified the web.xml
according to our settings here.
I deployed everything on Tomcat 4.1.30, being connected to our network via
ISDN. Unfortunately, I get somewhat "unpredictible" results:
- Most of the time I get a servlet error (HTTP status 500):
jcifs.smb.SmbException: Unverifiable signature:
PLATINIONCORP<1C>/10.93.36.150
at jcifs.smb.SmbTransport.send(SmbTransport.java:680)
at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:269)
at jcifs.smb.SmbSession.send(SmbSession.java:226)
at jcifs.smb.SmbTree.treeConnect(SmbTree.java:134)
at jcifs.smb.SmbSession.logon(SmbSession.java:157)
at jcifs.smb.SmbSession.logon(SmbSession.java:150)
at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:155)
... various tomcat classes ...
I already put default values for username and password into the web.xml
file, but this does not really solve the problem:
- When when putting my own username and password there...
. sometime I get the same exception again.
. sometimes it seems to work, but I can not see any output
(I've setthe debug level to "2") that actually NTLM is used.
- When putting some other (non-existing) username/password there....
. sometime I get the same exception again.
. sometimes it seems to work, but the server tells me
"username/password invalid".
Is it really necessary to put an existing username AND password in
plain text into the web.xml? Why do I still get exceptions then?
Please note that in between two tries, I always restart the tomcat server
and restart my (single) browser instance, too.
I admit: Now I'm stuck a little bit. This might also be a problem of the
docs, which are a little bit unclear: While the document describing NTLM
HTTP authentication describes as if SMP signing (which might come into
play here) is possible, the description of the property
jcifs.smb.client.signingPreferred sounds different...
Where to look next? Any help appreciated!
Jonas
--
Note: 96.31% of all statistics are fiction.
More information about the jcifs
mailing list