[jcifs] Problem with transparent autentication using the
NtlmHttpFilter
Michael B Allen
mba2000 at ioplex.com
Thu Jan 19 18:43:23 GMT 2006
On Thu, 19 Jan 2006 16:20:41 +0000
João Mota <jmota at criticalsoftware.com> wrote:
> Hello,
>
> I am having some problems getting transparent authentication to work
> with NtlmHttpFilter jcifs-1.2.7, it seems that IE is failling the
> negotiation.
> The domain Controller is a windows 2003 server.
>
> The error that shows in the log at the same time that the dialog box to
> enter username/password shows up is (i replaced the sensitive data for a
> meaningfull word in caps):
> NtlmHttpFilter: DOMAIN\USERLOGIN: 0xC0000022:
> jcifs.smb.SmbAuthException: Access is denied.
No doubt this is an SMB signing issue. You need "preauthentication".
>
> Filling in the user and password in the dialog box, the authentication
> works ok.
>
> My questions are:
> 1) Is it possible to have transparent authentication with the
> jcifs.http.domainController specified ?
No, it was recently discoverd that preauthentication only works if
jcifs.http.domainController is NOT used. I would use:
> <filter>
> <filter-name>NtlmHttpFilter</filter-name>
> <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> <init-param>
> <param-name>jcifs.netbios.wins</param-name>
> <param-value>IP</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.domain</param-name>
> <param-value>DOMAIN</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.username</param-name>
> <param-value>USER</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.password</param-name>
> <param-value>PASSWORD</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.util.loglevel</param-name>
> <param-value>2</param-value>
> </init-param>
If you don't have wins then you could try setting jcifs.netbios.lmhosts
[1] to a file that maps the IP you had for domainController to DOMAIN.
Otherwise, we need to fix the code so that preauth works with
domainController. It's on The List.
Mike
http://jcifs.samba.org/src/docs/resolver.html
More information about the jcifs
mailing list