[jcifs] understanding server challenge change

Michael B Allen mba2000 at ioplex.com
Mon Apr 25 17:58:16 GMT 2005

On Mon, 25 Apr 2005 21:41:55 +0400
leostone <leostone at mail.ru> wrote:

> hi, i have some trouble with changing server challenges.
> i do SmbSession.getChallenge(ipOfTargetServer), then i feed this challenge
> to NtlmSsp.authenticate() wich returns an NtlmPasswordAuthentication
> object. Next thing i do is creating a SmbFile using this
> NtlmPasswordAuthentication object and do a SmbFile.connect(); 
> The trouble is, on a WinXP target server this works, on a Win2K server the
> challenge changes and i get a SmbAuthException from the SmbFile.connect()
> method. Can someone explain what might be going on and how i could fix it.

An NtlmPasswordAuthentication object is only valid with the server
from which it's challenge originated. If you wish to access resources
on arbirary hosts you must renegotiate NTLMSSP with a challenge for
each host.

This can be tricky because you usually need to track these credentials
separately. See how jcifs.http.NetworkExplorer keeps track of creds with
req.getSession().setAttribute( "npa-" + server, ntlm );


IRC - where men are men, women are men, and the boys are FBI agents.

More information about the jcifs mailing list