[jcifs] SSO problem

Michael B Allen mba2000 at ioplex.com
Tue Jan 11 00:18:48 GMT 2005

"Pietrzyk, S³awomir" said:
> The mailing list (http://lists.samba.org/listinfo/jcifs) is not workin, so
> i'll keep
> asking You personally. Then i'll put all of this into mailing list.
> I did packet capture, and i've found, that there is no comunication
> between
> DC and my host. I mean, there is communication, but not on the desired
> ports
> (137, 138, 139...)
> So i dont know what else do i need to configure to obtain this
> comunication.
> I use 1.1.6 version of jcifs for tomcat 4.0.

The problem isn't ports. The DC looks like it's requiring extended
security negotiation (NTLMSSP) which jcifs does not support. You can try
setting jcifs.smb.lmCompatibility = 3.

Or you could use jcifs.http.domainController to use a man-in-the middle
approach but that will be a little slower and will put load on the machine
being used as the "DC".

The jcifs-ext package might help if you just want to do Kerberos SSO but
it's not as easy to use and isn't as tested as mainline.

If you have a budget you should just use Wedgetail. I think they support
what you want.


More information about the jcifs mailing list