[jcifs] Clarification about NTLM via HTTP vs. signing

Jonas Rathert jrt at gmx.de
Wed Nov 3 13:25:44 GMT 2004


I'm trying to use JCIFS to do NTLM HTTP authentication, as described in
http://jcifs.samba.org/src/docs/ntlmhttpauth.html and based on the sample
web.xml file found on the website.  Of course I modified the web.xml
according to our settings here.

I deployed everything on Tomcat 4.1.30, being connected to our network via
ISDN.  Unfortunately, I get somewhat "unpredictible" results:

  - Most of the time I get a servlet error (HTTP status 500):

     jcifs.smb.SmbException: Unverifiable signature:
	at jcifs.smb.SmbTransport.send(SmbTransport.java:680)
	at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:269)
	at jcifs.smb.SmbSession.send(SmbSession.java:226)
	at jcifs.smb.SmbTree.treeConnect(SmbTree.java:134)
	at jcifs.smb.SmbSession.logon(SmbSession.java:157)
	at jcifs.smb.SmbSession.logon(SmbSession.java:150)
	at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:155)
         ... various tomcat classes ...

    I already put default values for username and password into the web.xml
    file, but this does not really solve the problem:

      - When when putting my own username and password there...
          . sometime I get the same exception again.
          . sometimes it seems to work, but I can not see any output
            (I've setthe debug level to "2") that actually NTLM is used.

      - When putting some other (non-existing) username/password there....
          . sometime I get the same exception again.
          . sometimes it seems to work, but the server tells me
            "username/password invalid".

    Is it really necessary to put an existing username AND password in
    plain text into the web.xml?  Why do I still get exceptions then?

Please note that in between two tries, I always restart the tomcat server 
and restart my (single) browser instance, too.

I admit: Now I'm stuck a little bit.  This might also be a problem of the 
docs, which are a little bit unclear:  While the document describing NTLM 
HTTP authentication describes as if SMP signing (which might come into 
play here) is possible, the description of the property 
jcifs.smb.client.signingPreferred sounds different...

Where to look next? Any help appreciated!


   Note: 96.31% of all statistics are fiction.

More information about the jcifs mailing list