[jcifs] Ntlm authentication prompts 2nd user - Win 2003

AARON WILT AARONWILT at afninet.com
Thu Jul 7 19:12:11 GMT 2005 

Hello all-
 
I'm brand new to JCIFS.  I've downloaded jcifs-1.2.1 and read through
some old messages to this listserv dealing with this issue of login
prompting and nothing I have tried works so far.  We're using Windows
2003 for our domain controller.
 
I read on http://jcifs.samba.org/src/docs/ntlmhttpauth.html#signing the
author mentions my exact problem when using:  The first user to connect
is
validated perfectly.  The second user gets prompted.  I followed the
suggestion and added these init params to web.xml :
jcifs.smb.client.{domain,username,password} for "preauthentication", but
the same behavior persists.
 
I'm using the out of the box NtlmHttpAuthExample.java that comes with
jcifs-1.2.1 and running locally in WSSD 5.1.2 against a Tomcat 4.1
server accessing a Windows 2003 domain controller.
 
Here's my web.xml:
 
<web-app id="WebApp">

            <display-name>jcifs</display-name>

            <filter>

                        <filter-name>NtlmHttpFilter</filter-name>

                        <display-name>NtlmHttpFilter</display-name>

 
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>

                        <init-param>

 
<param-name>jcifs.http.domainController</param-name>

 
<param-value>xx.xx.xx.xx</param-value>

                        </init-param>

                        <init-param>

                <param-name>jcifs.smb.client.username</param-name>

            <param-value>myUsername</param-value>

                </init-param>

                <init-param>

                    <param-name>jcifs.smb.client.password</param-name>

                    <param-value>myPassword</param-value>

                </init-param>

                        <init-param>

                <param-name>jcifs.smb.client.domain</param-name>

            <param-value>myDomain</param-value>

                </init-param>

            </filter>

            <filter-mapping>

                <filter-name>NtlmHttpFilter</filter-name>

                <url-pattern>/*</url-pattern>

            </filter-mapping>

            <servlet>

                        <servlet-name>ntauth</servlet-name>

                        <display-name>ntauth</display-name>

 
<servlet-class>net.mycompany.servlet.NtlmHttpAuthExample</servlet-class>

            </servlet>

            <servlet-mapping>

                        <servlet-name>ntauth</servlet-name>

                        <url-pattern>/ntauth</url-pattern>

            </servlet-mapping>

</web-app>

 

I also tried adding an <init-param> for jcifs.smb.client.ssnLimit and
setting that value to 1, however, that caused me to be prompted every
time, including the first accessor.

 

Is there a setting in Windows 2003 that allows it to not have these
signing problems?  If so, what do I need to tell our server guys in
order to convince them it's not harmful :-)

 

Thanks in advance for any insights you might have!

 

Aaron.

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list