[jcifs] Only the first login is successful
Mike Bennett
mkb137 at gmail.com
Mon Dec 12 20:47:11 GMT 2005
It doesn't compile.
In this change :
public static byte[] getChallenge( UniAddress dc )
throws SmbException, UnknownHostException {
- return getChallenge(dc, 0);
+ return interrogate( dc );
}
it's expecting a byte[], but interrogate returns NtlmChallenge.
On 12/12/05, Michael B Allen <mba2000 at ioplex.com> wrote:
> Load balancing (and thus preauthentication) will only be used if the
> jcifs.http.domainController is NOT specified.
>
> An easier fix is probably to just change the code to perform
> preauthentiction without load balancing. I *think* all you need to do
> is apply the following changes to src/jcifs/smb/SmbSession.java:
>
> --- SmbSession.java 2005-10-07 19:56:56.000000000 -0400
> +++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
> @@ -67,8 +67,7 @@
> static long dc_list_expiration;
> static int dc_list_counter;
>
> - private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
> - UniAddress dc = new UniAddress( addr );
> + private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
> SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
> if (USERNAME == null) {
> trans.connect();
> @@ -108,7 +107,7 @@
> int i = dc_list_counter++ % max;
> if (dc_list[i] != null) {
> try {
> - return interrogate( dc_list[i] );
> + return interrogate( new UniAddress( dc_list[i] ));
> } catch (SmbException se) {
> if (SmbTransport.log.level > 1) {
> SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
> @@ -129,7 +128,7 @@
>
> public static byte[] getChallenge( UniAddress dc )
> throws SmbException, UnknownHostException {
> - return getChallenge(dc, 0);
> + return interrogate( dc );
> }
>
> public static byte[] getChallenge( UniAddress dc, int port )
>
> I don't know why this wasn't done in the first place. Just an oversight
> I guess. It happends.
>
> The patchfile is also attached. On unix systems (at least) you can apply
> this patch like:
>
> $ cd src/jcifs/smb
> $ patch -p0 < /tmp/PreauthWithoutLoadBal.patch
>
> This is all TOTALLY untested though. Please let us know if it doesn't
> compile and/or work.
>
> Mike
>
>
> On Mon, 12 Dec 2005 12:15:39 -0700
> Mike Bennett <mkb137 at gmail.com> wrote:
>
> > Enabling load balancing (which the documenation says is on by default) via :
> > <init-param>
> > <param-name>jcifs.http.loadBalance</param-name>
> > <param-value>true</param-value>
> > </init-param>
> >
> > Didn't fix the problem. I only specified the one domain controller,
> > anyway, so there was nothing to balance against.
> >
> > On 12/6/05, Andrew Miller <pulazzo at gmail.com> wrote:
> > > I had a similar problem. I don't have time right now for a more
> > > thorough response, but you might want to see the thread from Nov 10th
> > > called "Load balancing required for preauthentication?"
> > >
> > > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> > >
> > > I don't think anything has changed in the source since that
> > > discussion. You might just try turning on load balancing if it's not
> > > already.
> > >
> > > -Andy
> > >
> > > On 12/6/05, Mike Bennett <mkb137 at gmail.com> wrote:
> > > > If I put a valid normal user account in those parameters, then no
> > > > login works. If this requires a special user account on the domain
> > > > then I don't think it's viable for my situation, where the app will
> > > > reside on another corporation's server.
> > > >
> > > > Thanks for the suggestion, though.
> > > >
> > > > On 12/6/05, Yannick <yannick at smellyfrog.com> wrote:
> > > > > Hi Mike,
> > > > >
> > > > > You probably need to use pre-authentication. So you need to setup a user
> > > > > account on the domain that you can use to do so, then add the following
> > > > > parameters in your web.xml file:
> > > > >
> > > > > <init-param>
> > > > > <param-name>jcifs.smb.client.username</param-name>
> > > > > <param-value>UserAccountName</param-value>
> > > > > </init-param>
> > > > >
> > > > > <init-param>
> > > > > <param-name>jcifs.smb.client.password</param-name>
> > > > > <param-value>PasswordOfTheUserAccount</param-value>
> > > > > </init-param>
> > > > >
> > > > > Hope this helps
> > > > > Regards
> > > > > Yannick
> > > > >
> > > > > Mike Bennett wrote:
> > > > >
> > > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > > >NTLM login through jcifs. Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > > >The first login goes through correctly and the user can access the
> > > > > >app. Any login thereafter (from a different machine, from a different
> > > > > >user, from the same user on the same computer but with a different
> > > > > >browser) fails with no error message just as if the user or password
> > > > > >were invalid. I have not had this problem with jcifs-1.1.8.jar, which
> > > > > >I've been using for quite a while. I was hoping to upgrade to take
> > > > > >advantage of some of the other fixes.
> > > > > >
> > > > > >Is this a configuration problem or something else? My web.xml section
> > > > > >is pretty plain :
> > > > > >
> > > > > ><filter>
> > > > > > <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > > > <init-param>
> > > > > > <param-name>jcifs.smb.client.domain</param-name>
> > > > > > <param-value>MYDOMAIN</param-value>
> > > > > > </init-param>
> > > > > > <init-param>
> > > > > > <param-name>jcifs.http.domainController</param-name>
> > > > > > <param-value>mydc</param-value>
> > > > > > </init-param>
> > > > > ></filter>
> > > > > ><filter-mapping>
> > > > > > <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > <url-pattern>/*</url-pattern>
> > > > > ></filter-mapping>
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > >
> >
>
More information about the jcifs
mailing list