[jcifs] Only the first login is successful
Michael B Allen
mba2000 at ioplex.com
Tue Dec 13 20:29:43 GMT 2005
On Tue, 13 Dec 2005 10:58:31 -0700
Mike Bennett <mkb137 at gmail.com> wrote:
> Doing so with the modified version gives the error :
> java.net.UnknownHostException: Failed to negotiate with a suitable
> domain controller for MYDOMAIN
Then it's not a valid domain name in WINs. Try the IP and change
resolvOrder to use DNS before NBT. Ask your network administrator for
help. Are you sure you know what the different properties do (e.g. do
you know what WINS is?)?
>
> On 12/12/05, Michael B Allen <mba2000 at ioplex.com> wrote:
> > Well I don't know how to get preauth with jcifs.http.domainController to
> > work then. Why can't you use the default method (jcifs.smb.client.domain
> > and not jcifs.http.domainController)?
> >
> > On Mon, 12 Dec 2005 14:57:32 -0700
> > Mike Bennett <mkb137 at gmail.com> wrote:
> >
> > > Using load balancing and a specified username and password
> > > (preauthentication?) with unmodified 1.2.7 gives the same "first login
> > > only" behaviour.
> > >
> > > Using the modifed version with a specified username and password
> > > causes the error :
> > > jcifs.smb.SmbAuthException: Logon failure: account currently disabled.
> > >
> > > Using the modifed version without a specified username and password
> > > gives the same "first login only" behaviour.
> > >
> > > On 12/12/05, Michael B Allen <mba2000 at ioplex.com> wrote:
> > > > On Mon, 12 Dec 2005 13:47:11 -0700
> > > > Mike Bennett <mkb137 at gmail.com> wrote:
> > > >
> > > > > It doesn't compile.
> > > > > In this change :
> > > > > public static byte[] getChallenge( UniAddress dc )
> > > > > throws SmbException, UnknownHostException {
> > > > > - return getChallenge(dc, 0);
> > > > > + return interrogate( dc );
> > > >
> > > > Then make it:
> > > >
> > > > return interrogate( dc ).challenge;
> > > >
> > > > Mike
> > > >
> > > > > }
> > > > > it's expecting a byte[], but interrogate returns NtlmChallenge.
> > > > >
> > > > >
> > > > > On 12/12/05, Michael B Allen <mba2000 at ioplex.com> wrote:
> > > > > > Load balancing (and thus preauthentication) will only be used if the
> > > > > > jcifs.http.domainController is NOT specified.
> > > > > >
> > > > > > An easier fix is probably to just change the code to perform
> > > > > > preauthentiction without load balancing. I *think* all you need to do
> > > > > > is apply the following changes to src/jcifs/smb/SmbSession.java:
> > > > > >
> > > > > > --- SmbSession.java 2005-10-07 19:56:56.000000000 -0400
> > > > > > +++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
> > > > > > @@ -67,8 +67,7 @@
> > > > > > static long dc_list_expiration;
> > > > > > static int dc_list_counter;
> > > > > >
> > > > > > - private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
> > > > > > - UniAddress dc = new UniAddress( addr );
> > > > > > + private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
> > > > > > SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
> > > > > > if (USERNAME == null) {
> > > > > > trans.connect();
> > > > > > @@ -108,7 +107,7 @@
> > > > > > int i = dc_list_counter++ % max;
> > > > > > if (dc_list[i] != null) {
> > > > > > try {
> > > > > > - return interrogate( dc_list[i] );
> > > > > > + return interrogate( new UniAddress( dc_list[i] ));
> > > > > > } catch (SmbException se) {
> > > > > > if (SmbTransport.log.level > 1) {
> > > > > > SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
> > > > > > @@ -129,7 +128,7 @@
> > > > > >
> > > > > > public static byte[] getChallenge( UniAddress dc )
> > > > > > throws SmbException, UnknownHostException {
> > > > > > - return getChallenge(dc, 0);
> > > > > > + return interrogate( dc );
> > > > > > }
> > > > > >
> > > > > > public static byte[] getChallenge( UniAddress dc, int port )
> > > > > >
> > > > > > I don't know why this wasn't done in the first place. Just an oversight
> > > > > > I guess. It happends.
> > > > > >
> > > > > > The patchfile is also attached. On unix systems (at least) you can apply
> > > > > > this patch like:
> > > > > >
> > > > > > $ cd src/jcifs/smb
> > > > > > $ patch -p0 < /tmp/PreauthWithoutLoadBal.patch
> > > > > >
> > > > > > This is all TOTALLY untested though. Please let us know if it doesn't
> > > > > > compile and/or work.
> > > > > >
> > > > > > Mike
> > > > > >
> > > > > >
> > > > > > On Mon, 12 Dec 2005 12:15:39 -0700
> > > > > > Mike Bennett <mkb137 at gmail.com> wrote:
> > > > > >
> > > > > > > Enabling load balancing (which the documenation says is on by default) via :
> > > > > > > <init-param>
> > > > > > > <param-name>jcifs.http.loadBalance</param-name>
> > > > > > > <param-value>true</param-value>
> > > > > > > </init-param>
> > > > > > >
> > > > > > > Didn't fix the problem. I only specified the one domain controller,
> > > > > > > anyway, so there was nothing to balance against.
> > > > > > >
> > > > > > > On 12/6/05, Andrew Miller <pulazzo at gmail.com> wrote:
> > > > > > > > I had a similar problem. I don't have time right now for a more
> > > > > > > > thorough response, but you might want to see the thread from Nov 10th
> > > > > > > > called "Load balancing required for preauthentication?"
> > > > > > > >
> > > > > > > > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> > > > > > > >
> > > > > > > > I don't think anything has changed in the source since that
> > > > > > > > discussion. You might just try turning on load balancing if it's not
> > > > > > > > already.
> > > > > > > >
> > > > > > > > -Andy
> > > > > > > >
> > > > > > > > On 12/6/05, Mike Bennett <mkb137 at gmail.com> wrote:
> > > > > > > > > If I put a valid normal user account in those parameters, then no
> > > > > > > > > login works. If this requires a special user account on the domain
> > > > > > > > > then I don't think it's viable for my situation, where the app will
> > > > > > > > > reside on another corporation's server.
> > > > > > > > >
> > > > > > > > > Thanks for the suggestion, though.
> > > > > > > > >
> > > > > > > > > On 12/6/05, Yannick <yannick at smellyfrog.com> wrote:
> > > > > > > > > > Hi Mike,
> > > > > > > > > >
> > > > > > > > > > You probably need to use pre-authentication. So you need to setup a user
> > > > > > > > > > account on the domain that you can use to do so, then add the following
> > > > > > > > > > parameters in your web.xml file:
> > > > > > > > > >
> > > > > > > > > > <init-param>
> > > > > > > > > > <param-name>jcifs.smb.client.username</param-name>
> > > > > > > > > > <param-value>UserAccountName</param-value>
> > > > > > > > > > </init-param>
> > > > > > > > > >
> > > > > > > > > > <init-param>
> > > > > > > > > > <param-name>jcifs.smb.client.password</param-name>
> > > > > > > > > > <param-value>PasswordOfTheUserAccount</param-value>
> > > > > > > > > > </init-param>
> > > > > > > > > >
> > > > > > > > > > Hope this helps
> > > > > > > > > > Regards
> > > > > > > > > > Yannick
> > > > > > > > > >
> > > > > > > > > > Mike Bennett wrote:
> > > > > > > > > >
> > > > > > > > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > > > > > > > >NTLM login through jcifs. Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > > > > > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > > > > > > > >The first login goes through correctly and the user can access the
> > > > > > > > > > >app. Any login thereafter (from a different machine, from a different
> > > > > > > > > > >user, from the same user on the same computer but with a different
> > > > > > > > > > >browser) fails with no error message just as if the user or password
> > > > > > > > > > >were invalid. I have not had this problem with jcifs-1.1.8.jar, which
> > > > > > > > > > >I've been using for quite a while. I was hoping to upgrade to take
> > > > > > > > > > >advantage of some of the other fixes.
> > > > > > > > > > >
> > > > > > > > > > >Is this a configuration problem or something else? My web.xml section
> > > > > > > > > > >is pretty plain :
> > > > > > > > > > >
> > > > > > > > > > ><filter>
> > > > > > > > > > > <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > > > > > <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > > > > > > > > <init-param>
> > > > > > > > > > > <param-name>jcifs.smb.client.domain</param-name>
> > > > > > > > > > > <param-value>MYDOMAIN</param-value>
> > > > > > > > > > > </init-param>
> > > > > > > > > > > <init-param>
> > > > > > > > > > > <param-name>jcifs.http.domainController</param-name>
> > > > > > > > > > > <param-value>mydc</param-value>
> > > > > > > > > > > </init-param>
> > > > > > > > > > ></filter>
> > > > > > > > > > ><filter-mapping>
> > > > > > > > > > > <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > > > > > <url-pattern>/*</url-pattern>
> > > > > > > > > > ></filter-mapping>
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
More information about the jcifs
mailing list