[jcifs] Only the first login is successful

Michael B Allen mba2000 at ioplex.com
Mon Dec 12 21:07:27 GMT 2005 

On Mon, 12 Dec 2005 13:47:11 -0700
Mike Bennett <mkb137 at gmail.com> wrote:

> It doesn't compile.
> In this change :
>       public static byte[] getChallenge( UniAddress dc )
>                   throws SmbException, UnknownHostException {
>  -        return getChallenge(dc, 0);
>  +        return interrogate( dc );

Then make it:

  return interrogate( dc ).challenge;

Mike

>       }
> it's expecting a byte[], but interrogate returns NtlmChallenge.
> 
> 
> On 12/12/05, Michael B Allen <mba2000 at ioplex.com> wrote:
> > Load balancing (and thus preauthentication) will only be used if the
> > jcifs.http.domainController is NOT specified.
> >
> > An easier fix is probably to just change the code to perform
> > preauthentiction without load balancing. I *think* all you need to do
> > is apply the following changes to src/jcifs/smb/SmbSession.java:
> >
> > --- SmbSession.java     2005-10-07 19:56:56.000000000 -0400
> > +++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
> > @@ -67,8 +67,7 @@
> >      static long dc_list_expiration;
> >      static int dc_list_counter;
> >
> > -    private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
> > -        UniAddress dc = new UniAddress( addr );
> > +    private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
> >          SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
> >          if (USERNAME == null) {
> >              trans.connect();
> > @@ -108,7 +107,7 @@
> >                  int i = dc_list_counter++ % max;
> >                  if (dc_list[i] != null) {
> >                      try {
> > -                        return interrogate( dc_list[i] );
> > +                        return interrogate( new UniAddress( dc_list[i] ));
> >                      } catch (SmbException se) {
> >                          if (SmbTransport.log.level > 1) {
> >                              SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
> > @@ -129,7 +128,7 @@
> >
> >      public static byte[] getChallenge( UniAddress dc )
> >                  throws SmbException, UnknownHostException {
> > -        return getChallenge(dc, 0);
> > +        return interrogate( dc );
> >      }
> >
> >      public static byte[] getChallenge( UniAddress dc, int port )
> >
> > I don't know why this wasn't done in the first place. Just an oversight
> > I guess. It happends.
> >
> > The patchfile is also attached. On unix systems (at least) you can apply
> > this patch like:
> >
> >   $ cd src/jcifs/smb
> >   $ patch -p0 < /tmp/PreauthWithoutLoadBal.patch
> >
> > This is all TOTALLY untested though. Please let us know if it doesn't
> > compile and/or work.
> >
> > Mike
> >
> >
> > On Mon, 12 Dec 2005 12:15:39 -0700
> > Mike Bennett <mkb137 at gmail.com> wrote:
> >
> > > Enabling load balancing (which the documenation says is on by default) via :
> > >     <init-param>
> > >         <param-name>jcifs.http.loadBalance</param-name>
> > >         <param-value>true</param-value>
> > >     </init-param>
> > >
> > > Didn't fix the problem.  I only specified the one domain controller,
> > > anyway, so there was nothing to balance against.
> > >
> > > On 12/6/05, Andrew Miller <pulazzo at gmail.com> wrote:
> > > > I had a similar problem.  I don't have time right now for a more
> > > > thorough response, but you might want to see the thread from Nov 10th
> > > > called "Load balancing required for preauthentication?"
> > > >
> > > > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> > > >
> > > > I don't think anything has changed in the source since that
> > > > discussion.  You might just try turning on load balancing if it's not
> > > > already.
> > > >
> > > > -Andy
> > > >
> > > > On 12/6/05, Mike Bennett <mkb137 at gmail.com> wrote:
> > > > > If I put a valid normal user account in those parameters, then no
> > > > > login works.  If this requires a special user account on the domain
> > > > > then I don't think it's viable for my situation, where the app will
> > > > > reside on another corporation's server.
> > > > >
> > > > > Thanks for the suggestion, though.
> > > > >
> > > > > On 12/6/05, Yannick <yannick at smellyfrog.com> wrote:
> > > > > > Hi Mike,
> > > > > >
> > > > > > You probably need to use pre-authentication. So you need to setup a user
> > > > > > account on the domain that you can use to do so, then add the following
> > > > > > parameters in your web.xml file:
> > > > > >
> > > > > >     <init-param>
> > > > > >         <param-name>jcifs.smb.client.username</param-name>
> > > > > >         <param-value>UserAccountName</param-value>
> > > > > >     </init-param>
> > > > > >
> > > > > >     <init-param>
> > > > > >         <param-name>jcifs.smb.client.password</param-name>
> > > > > >         <param-value>PasswordOfTheUserAccount</param-value>
> > > > > >     </init-param>
> > > > > >
> > > > > > Hope this helps
> > > > > > Regards
> > > > > > Yannick
> > > > > >
> > > > > > Mike Bennett wrote:
> > > > > >
> > > > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > > > >NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > > > >The first login goes through correctly and the user can access the
> > > > > > >app.  Any login thereafter (from a different machine, from a different
> > > > > > >user, from the same user on the same computer but with a different
> > > > > > >browser) fails with no error message just as if the user or password
> > > > > > >were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
> > > > > > >I've been using for quite a while.  I was hoping to upgrade to take
> > > > > > >advantage of some of the other fixes.
> > > > > > >
> > > > > > >Is this a configuration problem or something else?  My web.xml section
> > > > > > >is pretty plain :
> > > > > > >
> > > > > > ><filter>
> > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > >    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > > > >    <init-param>
> > > > > > >        <param-name>jcifs.smb.client.domain</param-name>
> > > > > > >        <param-value>MYDOMAIN</param-value>
> > > > > > >       </init-param>
> > > > > > >    <init-param>
> > > > > > >        <param-name>jcifs.http.domainController</param-name>
> > > > > > >        <param-value>mydc</param-value>
> > > > > > >    </init-param>
> > > > > > ></filter>
> > > > > > ><filter-mapping>
> > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > >    <url-pattern>/*</url-pattern>
> > > > > > ></filter-mapping>
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>

More information about the jcifs mailing list