[jcifs] Only the first login is successful
Mike Bennett
mkb137 at gmail.com
Mon Dec 12 21:57:32 GMT 2005
Using load balancing and a specified username and password
(preauthentication?) with unmodified 1.2.7 gives the same "first login
only" behaviour.
Using the modifed version with a specified username and password
causes the error :
jcifs.smb.SmbAuthException: Logon failure: account currently disabled.
Using the modifed version without a specified username and password
gives the same "first login only" behaviour.
On 12/12/05, Michael B Allen <mba2000 at ioplex.com> wrote:
> On Mon, 12 Dec 2005 13:47:11 -0700
> Mike Bennett <mkb137 at gmail.com> wrote:
>
> > It doesn't compile.
> > In this change :
> > public static byte[] getChallenge( UniAddress dc )
> > throws SmbException, UnknownHostException {
> > - return getChallenge(dc, 0);
> > + return interrogate( dc );
>
> Then make it:
>
> return interrogate( dc ).challenge;
>
> Mike
>
> > }
> > it's expecting a byte[], but interrogate returns NtlmChallenge.
> >
> >
> > On 12/12/05, Michael B Allen <mba2000 at ioplex.com> wrote:
> > > Load balancing (and thus preauthentication) will only be used if the
> > > jcifs.http.domainController is NOT specified.
> > >
> > > An easier fix is probably to just change the code to perform
> > > preauthentiction without load balancing. I *think* all you need to do
> > > is apply the following changes to src/jcifs/smb/SmbSession.java:
> > >
> > > --- SmbSession.java 2005-10-07 19:56:56.000000000 -0400
> > > +++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
> > > @@ -67,8 +67,7 @@
> > > static long dc_list_expiration;
> > > static int dc_list_counter;
> > >
> > > - private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
> > > - UniAddress dc = new UniAddress( addr );
> > > + private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
> > > SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
> > > if (USERNAME == null) {
> > > trans.connect();
> > > @@ -108,7 +107,7 @@
> > > int i = dc_list_counter++ % max;
> > > if (dc_list[i] != null) {
> > > try {
> > > - return interrogate( dc_list[i] );
> > > + return interrogate( new UniAddress( dc_list[i] ));
> > > } catch (SmbException se) {
> > > if (SmbTransport.log.level > 1) {
> > > SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
> > > @@ -129,7 +128,7 @@
> > >
> > > public static byte[] getChallenge( UniAddress dc )
> > > throws SmbException, UnknownHostException {
> > > - return getChallenge(dc, 0);
> > > + return interrogate( dc );
> > > }
> > >
> > > public static byte[] getChallenge( UniAddress dc, int port )
> > >
> > > I don't know why this wasn't done in the first place. Just an oversight
> > > I guess. It happends.
> > >
> > > The patchfile is also attached. On unix systems (at least) you can apply
> > > this patch like:
> > >
> > > $ cd src/jcifs/smb
> > > $ patch -p0 < /tmp/PreauthWithoutLoadBal.patch
> > >
> > > This is all TOTALLY untested though. Please let us know if it doesn't
> > > compile and/or work.
> > >
> > > Mike
> > >
> > >
> > > On Mon, 12 Dec 2005 12:15:39 -0700
> > > Mike Bennett <mkb137 at gmail.com> wrote:
> > >
> > > > Enabling load balancing (which the documenation says is on by default) via :
> > > > <init-param>
> > > > <param-name>jcifs.http.loadBalance</param-name>
> > > > <param-value>true</param-value>
> > > > </init-param>
> > > >
> > > > Didn't fix the problem. I only specified the one domain controller,
> > > > anyway, so there was nothing to balance against.
> > > >
> > > > On 12/6/05, Andrew Miller <pulazzo at gmail.com> wrote:
> > > > > I had a similar problem. I don't have time right now for a more
> > > > > thorough response, but you might want to see the thread from Nov 10th
> > > > > called "Load balancing required for preauthentication?"
> > > > >
> > > > > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> > > > >
> > > > > I don't think anything has changed in the source since that
> > > > > discussion. You might just try turning on load balancing if it's not
> > > > > already.
> > > > >
> > > > > -Andy
> > > > >
> > > > > On 12/6/05, Mike Bennett <mkb137 at gmail.com> wrote:
> > > > > > If I put a valid normal user account in those parameters, then no
> > > > > > login works. If this requires a special user account on the domain
> > > > > > then I don't think it's viable for my situation, where the app will
> > > > > > reside on another corporation's server.
> > > > > >
> > > > > > Thanks for the suggestion, though.
> > > > > >
> > > > > > On 12/6/05, Yannick <yannick at smellyfrog.com> wrote:
> > > > > > > Hi Mike,
> > > > > > >
> > > > > > > You probably need to use pre-authentication. So you need to setup a user
> > > > > > > account on the domain that you can use to do so, then add the following
> > > > > > > parameters in your web.xml file:
> > > > > > >
> > > > > > > <init-param>
> > > > > > > <param-name>jcifs.smb.client.username</param-name>
> > > > > > > <param-value>UserAccountName</param-value>
> > > > > > > </init-param>
> > > > > > >
> > > > > > > <init-param>
> > > > > > > <param-name>jcifs.smb.client.password</param-name>
> > > > > > > <param-value>PasswordOfTheUserAccount</param-value>
> > > > > > > </init-param>
> > > > > > >
> > > > > > > Hope this helps
> > > > > > > Regards
> > > > > > > Yannick
> > > > > > >
> > > > > > > Mike Bennett wrote:
> > > > > > >
> > > > > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > > > > >NTLM login through jcifs. Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > > > > >The first login goes through correctly and the user can access the
> > > > > > > >app. Any login thereafter (from a different machine, from a different
> > > > > > > >user, from the same user on the same computer but with a different
> > > > > > > >browser) fails with no error message just as if the user or password
> > > > > > > >were invalid. I have not had this problem with jcifs-1.1.8.jar, which
> > > > > > > >I've been using for quite a while. I was hoping to upgrade to take
> > > > > > > >advantage of some of the other fixes.
> > > > > > > >
> > > > > > > >Is this a configuration problem or something else? My web.xml section
> > > > > > > >is pretty plain :
> > > > > > > >
> > > > > > > ><filter>
> > > > > > > > <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > > <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > > > > > <init-param>
> > > > > > > > <param-name>jcifs.smb.client.domain</param-name>
> > > > > > > > <param-value>MYDOMAIN</param-value>
> > > > > > > > </init-param>
> > > > > > > > <init-param>
> > > > > > > > <param-name>jcifs.http.domainController</param-name>
> > > > > > > > <param-value>mydc</param-value>
> > > > > > > > </init-param>
> > > > > > > ></filter>
> > > > > > > ><filter-mapping>
> > > > > > > > <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > > <url-pattern>/*</url-pattern>
> > > > > > > ></filter-mapping>
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
More information about the jcifs
mailing list