[jcifs] understanding server challenge change

leostone leostone at mail.ru
Tue Apr 26 08:35:58 GMT 2005

Yes, if I use username and password there is no problem accessig the resource, but 
thats kinda obvious, if the challenge changes, new hashes get
I don't now if the network explorer works, I am developing for 
a third party and don't have access to their systems.
So all i can do is, stuff my application with log lines and
do remote analysis.  
To me it feels like, as if (and here I start swimming lacking smb insight)
the created session (does the session start when i request a challenge?) 
gets torn down between the call to get the challenge and the access to the
resource. i dont know if this is possible, maybe there is a session timout value
somewhere set to a very small value or something like that?

-----Original Message-----

>Please send all messages to the jcifs mailing list so that if other people
>are having the same problem they can benifit from our discussion.
>leostone said:
>> thanks, but the resource is on the server for wich i get the challenge.
>Then it should work. Does the NetworkExplorer example work?
>Can you manually create an NtlmPasswordAuthentication object and access
>the desired resource?
>> -----Original Message-----
>>>On Mon, 25 Apr 2005 21:41:55 +0400
>>>leostone <leostone at mail.ru> wrote:
>>>> hi, i have some trouble with changing server challenges.
>>>> i do SmbSession.getChallenge(ipOfTargetServer), then i feed this
>>>> challenge
>>>> to NtlmSsp.authenticate() wich returns an NtlmPasswordAuthentication
>>>> object. Next thing i do is creating a SmbFile using this
>>>> NtlmPasswordAuthentication object and do a SmbFile.connect();
>>>> The trouble is, on a WinXP target server this works, on a Win2K server
>>>> the
>>>> challenge changes and i get a SmbAuthException from the
>>>> SmbFile.connect()
>>>> method. Can someone explain what might be going on and how i could fix
>>>> it.
>>>An NtlmPasswordAuthentication object is only valid with the server
>>>from which it's challenge originated. If you wish to access resources
>>>on arbirary hosts you must renegotiate NTLMSSP with a challenge for
>>>each host.
>>>This can be tricky because you usually need to track these credentials
>>>separately. See how jcifs.http.NetworkExplorer keeps track of creds with
>>>req.getSession().setAttribute( "npa-" + server, ntlm );
>>>IRC - where men are men, women are men, and the boys are FBI agents.
>> http://r.mail.ru/cln2659/agent.mail.ru

Качай бесплатные программы на все случаи жизни http://r.mail.ru/cln2670/soft.mail.ru

More information about the jcifs mailing list