[jcifs] jCIFS Jboss Tomcat IIS NTLM Authentication

Scott Shaver Scott.Shaver at mcdata.com
Tue Oct 25 20:21:47 GMT 2005

Okay I've spent the last several days going over everything I could find on the web about setting this up and I still can't get it to work. I have the following setup:

jCIFS 1.2.6
JBoss 4.0.3 with Tomcat 5
Jakarta isapi_redirect 1.2.14
IIS 5.0
IE 6
Windows 2003 Domain Controller

A win2k machine running a small web app, on Jboss, with the jcifs.http.NtlmHttpFilter set up. An IIS box fronting the app server using the isapi redirector to pass the requests through to jboss. If I hit the app server directly with IE I see the following output from jboss:

14:06:24,692 INFO  [STDOUT] Transport1:   connect: state=0
14:06:24,692 INFO  [STDOUT] New data read: Transport1[MC4DC01<00>/999.16.11.10:0]
14:06:24,692 INFO  [STDOUT] 00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00  | SMBr......└....|
00010: 00 00 00 00 00 00 00 00 00 00 73 59 00 00 06 00  |..........sY....|
14:06:24,692 INFO  [STDOUT] byteCount=50 but readBytesWireFormat returned 32
14:06:24,692 INFO  [STDOUT] Transport1: run connected
14:06:24,708 INFO  [STDOUT] Transport1: connected: state=3
14:06:24,724 INFO  [STDOUT] treeConnect: unc=\\MC4DCA01\IPC$,service=?????
14:06:24,739 INFO  [STDOUT] New data read: Transport1[MC4DC01<00>/999.16.11.10:0]
14:06:24,739 INFO  [STDOUT] 00000: FF 53 4D 42 73 00 00 00 00 98 03 C0 00 00 00 00  | SMBs......└....|
00010: 00 00 00 00 00 00 00 00 07 20 73 59 00 40 07 00  |......... sY. at ..|
14:06:24,755 INFO  [STDOUT] NtlmHttpFilter: MCDATACORPNT\sas1a780c successfully authenticated against<00>/

which is great, that is extacly what I wanted it to do. I was authenticated against our domain controller. So it appears jCIFS is working. However when I then go to the application via the IIS server this happens:

12:32:17,115 INFO  [STDOUT] treeConnect: unc=\\MC4DCA01\IPC$,service=?????
12:32:17,130 INFO  [STDOUT] New data read: Transport1[MC4DCA01<00>/999.16.11.10:0]
12:32:17,130 INFO  [STDOUT] 00000: FF 53 4D 42 73 6D 00 00 C0 98 03 C0 00 00 00 00  | SMBsm..└..└....|
00010: 00 00 00 00 00 00 00 00 00 00 73 59 00 00 05 00  |..........sY....|
12:32:17,130 INFO  [STDOUT] NtlmHttpFilter: MCDATACORPNT\sas1a780c: 0xC000006D: jcifs.smb.SmbAuthException: Logon failure: unknown user name or bad password.
12:32:17,146 INFO  [JkCoyoteHandler] Response already committed

So the question is: What is causing it to fail when going through IIS?

I'm only using the jcifs.http.domainController and jcifs.smb.client.domain settings in the web.xml for the filter.

Is it IIS? Is it the isapi_redirect ISAPI filter on IIS? Is it the AJP13 worker threads on the Jboss side? Is it something happening between the worker threads and the request hand-off to the tomcat server?

I have the entire list of instructions written down for how I have set all of this up if anyone needs to see it. I can get the logs from the ISAPI filter if that would help. I've seen many many thread about people having issues with this but no real answers and no configurations exactly like this. Any help is greatly appreciated.


All information transmitted hereby is intended only for the use of the
addressee(s) named above and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution
of confidential and privileged information is prohibited. If the reader
of this message is not the intended recipient(s) or the employee or agent
responsible for delivering the message to the intended recipient, you are
hereby notified that you must not read this transmission and that disclosure,
copying, printing, distribution or use of any of the information contained
in or attached to this transmission is STRICTLY PROHIBITED.

Anyone who receives confidential and privileged information in error should
notify us immediately by telephone and mail the original message to us at
the above address and destroy all copies.  To the extent any portion of this
communication contains public information, no such restrictions apply to that
information. (gate01)
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list