[jcifs] JCIFS http filter problem with DC on Win 2003

Inge Solvoll inge.tapestry at gmail.com
Tue Apr 25 07:57:24 GMT 2006 

I think I've made a breakthrough on this issue now.

The username sent to the server from the browser is the excact same string
that the user logged into the domain with. It seems that JCIFS does not
recognize the domain login pattern " user at domain.com", it expects the login
pattern to be "DOMAIN/user". If the user logs in with the first pattern, the
following NtlmHttpFilter code fails:

index = user.indexOf ('\\');
                if (index == -1) index = user.indexOf('/');
                String domain = (index != -1) ? user.substring(0, index) :
                        defaultDomain;
                user = (index != -1) ? user.substring(index + 1) : user;

I'll have to rewrite a little for my filter, to pick the username email
style if user string contains @.

Thanks for the input!

Inge

On 4/21/06, Michael B Allen <mba2000 at ioplex.com> wrote:
>
> Win2K3 requires SMB signatures by default so "preauthentication" is
> required. Also, prior to 1.2.8 preauthentication was partly broken.
> What version are you using 1.2.9? Try the default setup as shown in the
> latest NTLM HTTP Authentication documentation on our website.
>
> Mike
>
> On Fri, 21 Apr 2006 12:37:18 +0200
> "Inge Solvoll" <inge.tapestry at gmail.com> wrote:
>
> > I'm having stability issues with NtlmHttpFilter. The authentication
> works
> > transparently most times for most users, but for some of them, no
> > "NtlmHttpAuth" attribute is set in the session after NtlmHttpFilter has
> > performed its work. On these occations, "manual" logins don't work
> either
> > for these users, they get an exception (SmbException: Access is denied)
> when
> > they try to manually type their username and password in the browser
> popup.
> >
> > A user can achieve successful logins one day, and then fail the next
> day.
> >
> > Any ideas? I'll try to get some more details if needed.
> >
> > I've tried some of the ideas in the FAQ:
> > - Provide username/password for preauthentication
> > - change the jcifs.smb.client.ssnLimit to 1.
> >
> > My setup:
> > JBoss 4 on Windows 2003
> > Domain controller on Windows 2003
> > IE6 clients
> >
> >
> > <filter>
> >     <filter-name>NtlmHttpFilter</filter-name>
> >     <filter-class>mypackage.common.filters.NtlmHttpFilter</filter-class>
> > <!--  Overrides jcifs NtlmHttpFilter -->
> >
> >     <init-param>
> >         <param-name>jcifs.smb.client.domain</param-name>
> >         <param-value>mydomain.com</param-value>
> >     </init-param>
> >     <init-param>
> >         <param-name>jcifs.http.domainController</param-name>
> >         <param-value>10.10.10.10</param-value>
> >     </init-param>
> > </filter>
> >
>
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list