[jcifs] Clarification about NTLM via HTTP vs. signing

Michael B Allen mba2000 at ioplex.com
Wed Nov 3 21:31:33 GMT 2004

Jonas Rathert said:
> Hi,
> I'm trying to use JCIFS to do NTLM HTTP authentication, as described in
> http://jcifs.samba.org/src/docs/ntlmhttpauth.html and based on the sample
> web.xml file found on the website.  Of course I modified the web.xml
> according to our settings here.
> I deployed everything on Tomcat 4.1.30, being connected to our network via
> ISDN.  Unfortunately, I get somewhat "unpredictible" results:
>   - Most of the time I get a servlet error (HTTP status 500):
>      jcifs.smb.SmbException: Unverifiable signature:

If you do not have the jcifs.smb.client.{domain,username,password} to be
used as a workstation account signing may not work properly. We think that
NTLM HTTP Authentication should still work but you may get signing errors.
The definitive answer is to use the credentials so that a proper signing
key can be generated.

If you are using the "workstation account" credentials you should *never*
get signing errors. If you do, either the signing code is broken or the
network (as provided by the VM) is corrupting data.

If you are using the current version of JCIFS, you are using the
workstation account credentials, and you are getting signing errors we
would greatly appreciate it if you could produce a packet capture [1] of
the errant transaction by stopping the container, starting the capture on
the container host (e.g. tcpdump), starting the container, running the
client to generate the signing error, and then stopping the capture.


[1] http://jcifs.samba.org/capture.html

More information about the jcifs mailing list