[jcifs] RE: UPDATED help - ntlmhttpfilter almost working!!
Jim.Smyth at broadvision.com
Wed Oct 19 15:13:41 GMT 2005
an update. I have made some progress, but am still confused. I wrote below that I managed to get a response from the NTLMSSP_AUTH request on a couple of occasions. Now with some more testing I find that I can get more stable results on different machines on the network. Now I have 2 scenarios:
1. Non-working clients: makes a NTLMSSP_AUTH request then waits... After this I only see various TCP packets exchanged (mostly TCP PSH, ACK), not been able to work out a pattern yet though.
2. Working clients: makes a NTLMSSP_AUTH request then soon after makes another NTLMSSP_AUTH request, this time the NTLMSSP data is slightly different - only the first letter of Domain name, user name and host name are displayed in ethereal. Between these calls is some TCP packets, always in the same format:
-> HTTP GET NTLMSSP_AUTH
-> TCP FIN,ACK
<- TCP ACK
-> TCP SYN
<- TCP SYN
-> TCP ACK
-> HTTP GET NTLMSSP_AUTH (with different data as explained above)
Do let me know if this is becoming way too off-topic for this list - it does seem to me that the issue is in the network, but if you have any inout it will be very much appreciated.
From: Smyth, Jim
To: 'jcifs at lists.samba.org'
Sent: 10/19/2005 4:39 AM
Subject: help - ntlmhttpfilter almost working!!
I am trying to get jcifs working in an application server which sits
behind an IIS server (there is a proxy plugin on IIS). My only
requirement is to get the logged in windows user's username in the app
server (not IIS) so that I can automatically log the user in without
them typing credentials. I want to use jcifs to do this because of the
features it offers above just the NTLM exchange.
However, I have been able to see (via ethereal and my debugger attached
to the app server), that the NTLM negociation takes place up to the
NTLMSSP_AUTH (type 3) request made by the browser. After this request,
there is no response.
Browser: GET /cgi-bin/proxy/application
Server: 401, authenticate
Browser: AUTH, NTLM type 1
Server: 401, auth type 2
Browser: 401, auth type 3
In the past 2 days, I have had 2 occasions where there was a response to
the type 3 message, but usually the browser just stays waiting for a
reply. Because of this and because I have an attached debugger, I am
pretty sure that the usual behaviour of not getting a reply is not due
to jcifs, but I am hoping that someone has some input on this (I know),
non-standard approach to using jcifs.
One other point - I am using jcifs-1.2.6. Interestingly when I
downloaded the src in the jcifs-1.2.6.zip for my debugger, it didnt
always seem to match all line numbers in the jcifs-1.2.6.jar which I had
placed on my app server, so I had to end up copying my compiled version
of the code to the app server - so it seems there is a mismatch of
thanks for your time
More information about the jcifs