[jcifs] Error message connecting to DC under load
Ingo Rockel
irockel at pironet-ndh.com
Wed Mar 30 09:45:32 GMT 2005
I forgot something (sorry), the http sessions are sticky, one session
will always be routed to the same node in the cluster.
The customer now will run jcifs with debug set to 10 to have some debug
output.
Any more ideas what could possibly be checked?
regards,
Ingo
Michael B Allen schrieb:
> On Wed, 30 Mar 2005 09:24:53 +0200
> Ingo Rockel <irockel at pironet-ndh.com> wrote:
>
>
>>Yes, the application is running in a cluster with two nodes. The used
>>container is Oracle Application Server 10g.
>>
>>They are currently using jcifs 1.0.1 and will update to 1.1.8 when the
>>new version of our application is deployed.
>
>
> Ooo, yeah, definately upgrade. Preferrably to 1.1.9. I realize you're
> doing regression against 11.8 but 1.1.9 is just 1.1.8 with some bugs
> so ...
>
>
>>Do I get this right, jcifs auth might fail in a clustered environment?
>>Or do I have to mask the ip, so the auth request to the DC are always
>>coming from the same IP?
>
>
> I think it will fail. The problem is the NtlmPasswordAuthentication
> object stored in the HTTP session is not serializable. It implements
> Serializeable but it's impossible to serialize credentials that are only
> valid on a particular socket. How you fix the problem I don't know. You
> have to give those sessions that have the credentials an affinity for
> the VM in which they are created. Or something like that. I don't know
> anything about clustering.
>
> The real fix is to make the credential object partially mutable such
> that it can be in an unauthenticated or authenticated state. When
> it's created it's unauthenticated and trying to use it initiates the
> authentication process. That way, when this object is deserialized it's
> in the unauthenticated state and the session will be automatically
> reauthenticated. I'm not going to do that until 2.0 though. The 1.x
> branch is locked down. Only absolutely critical fixes now (read none).
>
> Mike
>
--
PIRONET NDH AG
Ingo Rockel - Produktentwicklung
Maarweg 149-161, 50825 Koeln
Tel.: +49 (0)221-770-1788 / Fax: +49 (0)221-770-1005
mailto:irockel at pironet-ndh.com - http://www.pironet-ndh.com
More information about the jcifs
mailing list