[jcifs] jcifs 1.2.3 and NtmlHttpFilter on tomcat (winXP pro)
Michael B Allen
mba2000 at ioplex.com
Sun Sep 18 18:14:30 GMT 2005
On Sun, 18 Sep 2005 09:07:27 +0200
Yoav Gelbfish <Yoavg at softlib.co.il> wrote:
> Hi and sorry for replying so late, but I don't understand what do you mean
> when you say the credentials are meaningless to the machine.
>
> On the web client (MS-IE6)I get a password dialog where I enter a user name
> and password that belongs to this specific machine (you are correct that
> this is not a domain situation - since this is just a test environment).
>
> If it was IIS then the operation would be successful and the user can go on
> to the required page. However, in the situation described below the
> exception is raised in sessionSetup() function of SmbSession since the
> username I supplied isn't Guest and that isLoggedInAsGuest is logged on.
>
> (The share connected to is the $IPC share since I didn't define a logon
> share)
>
> I've turned off simple sharing on that machine (and Guest account is
> disabled) to prevent this situation.
>
> What do I do wrong or how do I manage to set this flag off? (besides doing
> it in domain environment)
First, let me explain how the "GUEST" thing works in Windows. If the logon
response message has the IsLoggedInAsGuest flag on, that means that the
account specified could not be found in the target database and that a
"GUEST" account exists. Meaning, if the DOMAIN\username provided isn't
found, Windows will automatically log in the user as the special account
"guest".
So you can't "set this flag off". It's being returned by the server. I'm
not certain I know what you're doing but jCIFS deliberately blocks
logging in if LoggedInAsGuest is on AND the username specified is not
"guest". So if you want to log in as "GUEST" then specify MACHNAME\guest
with whatever the password is for "GUEST" (by default it is blank). If
you want to log into a domain account and the target domain controller
is an authority for that domain or it has a trust relationship with
the target domain then specify DOMAIN\username with the corresponding
password. If this fails because of the IsLoggedInAsGuest flag then
those credentials simply could not be located. If you want to log into
a machine account that is unique to the target "domainController" then
specify MACHNAME\username with the corresponding password. Again, if that
fails because if the IsLoggedInAsGuest condition then those credentials
where not found in the local security database.
Mike
> Yoav Gelbfish said:
> > Hi,
> >
> >
> >
> > I'm trying to configure Tomcat 5.5.9 to work with the NtmlHttpFilter.
> >
> >
> >
> > After the initial setup (along the guidelines posted on the website) it
> > didn't work. After debugging the code, I've found that the reason for the
> > failures is the "ForceGuest" issue on Windows XP. According to Microsoft
> > explanations, I've turned the registry value to 0 and rebooted the
> > machine.
> > However, the flag "isLoggedInAsGuest" in SmbComSessionSetupAndXResponse
> > class is still changed to 1 everytime the response is retrieved.
>
> The isLoggedInAsGuest flag means that the credentials supplied by the user
> (via web browser on client) are not meaningful to the domainController.
> Meaning, the user logged into the client machine is not a member of
> Windows domain.
>
> Mike
>
>
More information about the jcifs
mailing list