[jcifs] Account locks in AD - is this a BUG with JCIFS?

Michael B Allen mba2000 at ioplex.com
Wed Jun 29 01:05:48 GMT 2005


Applied in 1.2.1 to be released RSN.

> On Fri, 24 Jun 2005 13:18:25 -0500
> "Tapperson Kevin" <Kevin.Tapperson at hcahealthcare.com> wrote:
>> I think I had previously posted a fix for this problem.  The
>> jcifs.ntlmssp.Type3Message.parse method can be changed as follows:
>>
>> remove this line:
>>         if (LM_COMPATIBILITY < 3) setNTResponse(ntResponse);
>> add this line in its place:
>>         // NTLMv2 issues w/cross-domain authentication; leave NT empty
>> if NTLMv2 was sent by the client
>>         // NTLM response will always be 24 bytes; NTLMv2 response will
>> always be longer
>>         if (ntResponse.length == 24) setNTResponse(ntResponse);
>>
>> The above code detects whether the user is sending an NTLMv1 or NTLMv2
>> response and acts appropriately (by only removing the NTLMv2 hash).  It
>> takes care of both cases as described above.
>>
>>
>> -----Original Message-----
>> From: jcifs-bounces+kevin.tapperson=hcahealthcare.com at lists.samba.org
>> [mailto:jcifs-bounces+kevin.tapperson=hcahealthcare.com at lists.samba.org]
>> On Behalf Of Michael B Allen
>> Sent: Friday, June 24, 2005 12:42 PM
>> To: Tazwell Jeffries
>> Cc: jcifs at lists.samba.org
>> Subject: Re: [jcifs] Account locks in AD - is this a BUG with JCIFS?
>>
>>
>> On Fri, 24 Jun 2005 14:13:04 +0100
>> "Tazwell Jeffries" <taswell.jeffries at perspicuity.co.uk> wrote:
>>
>> > HI,
>> > We have implemented Single SignOn for one of our WebApplications - and
>> we found that when we tried implementing it - we got a large number of
>> accounts locked out in AD.
>> >
>> > The version of JCIFS that was used is 1.1.11..
>>
>> Post your filter section from your web.xml and any exceptions you have
>> in your log.
>>
>> Mike
>>
>
>



More information about the jcifs mailing list