[jcifs] Problem with transparent autentication using the NtlmHttpFilter

João Mota jmota at criticalsoftware.com
Fri Jan 20 18:37:47 GMT 2006 

Hello Michael,

Just wanted to say that i got it to work with that configuration and 
with the entry on the lmhosts file.

thank you very much,

Joao Mota

Michael B Allen wrote:

>On Thu, 19 Jan 2006 16:20:41 +0000
>João Mota <jmota at criticalsoftware.com> wrote:
>
>  
>
>>Hello,
>>
>>I am having some problems getting transparent authentication to work 
>>with NtlmHttpFilter jcifs-1.2.7, it seems that IE is failling the 
>>negotiation.
>>The domain Controller is a windows 2003 server.
>>
>>The error that shows in the log at the same time that the dialog box to 
>>enter username/password shows up is (i replaced the sensitive data for a 
>>meaningfull word in caps):
>>     NtlmHttpFilter: DOMAIN\USERLOGIN: 0xC0000022: 
>>jcifs.smb.SmbAuthException: Access is denied.
>>    
>>
>
>No doubt this is an SMB signing issue. You need "preauthentication".
>
>  
>
>>Filling in the user and password in the dialog box, the authentication 
>>works ok.
>>
>>My questions are:
>>1) Is it possible to have transparent authentication with the 
>>jcifs.http.domainController specified ?
>>    
>>
>
>No, it was recently discoverd that preauthentication only works if
>jcifs.http.domainController is NOT used. I would use:
>
>  
>
>>   <filter>
>>        <filter-name>NtlmHttpFilter</filter-name>
>>        <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>>    <init-param>
>>        <param-name>jcifs.netbios.wins</param-name>
>>        <param-value>IP</param-value>
>>        </init-param>
>>    <init-param>
>>        <param-name>jcifs.smb.client.domain</param-name>
>>        <param-value>DOMAIN</param-value>
>>        </init-param>
>>    <init-param>
>>        <param-name>jcifs.smb.client.username</param-name>
>>        <param-value>USER</param-value>
>>        </init-param>
>>    <init-param>
>>        <param-name>jcifs.smb.client.password</param-name>
>>        <param-value>PASSWORD</param-value>
>>        </init-param>
>>    <init-param>
>>        <param-name>jcifs.util.loglevel</param-name>
>>        <param-value>2</param-value>
>>        </init-param>
>>    
>>
>
>If you don't have wins then you could try setting jcifs.netbios.lmhosts
>[1] to a file that maps the IP you had for domainController to DOMAIN.
>
>Otherwise, we need to fix the code so that preauth works with
>domainController. It's on The List.
>
>Mike
>
>http://jcifs.samba.org/src/docs/resolver.html
>
>
>
>  
>



DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software.

More information about the jcifs mailing list