[jcifs] NTLM usrname/password failure after each 5 mins

Michael B Allen mba2000 at ioplex.com
Tue Jul 18 18:56:23 GMT 2006 

Is there an exception in the log?

It could be that the connection to the DC is getting closed in the middle
of a negotiation. I don't know why it would get closed but because NTLM
is a multistep handshake, if client is provided with the server challenge
and then the connection closes the challenge will become invalid. When
IE submits the password hashes the DC on the new connection will reject
them. We could detect when the challenge no longer matches the transport
(actually I think we do that already) and resend the WWW-Authenticate:
NTLM but that will cause the network password dialog to come up so
same difference.

So if that's really what's happening theres no way to fix the problem. You
might try to investigate *why* the connection is being closed and try
to stop it.

Mike

On Tue, 18 Jul 2006 20:31:02 +0400
"Alexandr Podoplelov" <alepod at gmail.com> wrote:

> Dear JCIFS experts!
> 
> Maybe somebody met already the problem which I face now. Please, share any
> ideas you may have!
> 
> I configured JCIFS with Tomcat 5.5 and it works perfectly except one thing.
> After each 5 minutes while stress test (10 logins/sec) I get an error about
> bad username/password (AD authorization failure) . It is strange since names
> and passwords are transferred by Internet Explorer while handshaking with
> JCIFS. I cannot imagine that after every approx. 5 minutes IE sends wrong
> passwords.
> The filter configuration is this one:
> 
> <filter>
>     <filter-name>ntlm</filter-name>
>     <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> 
>     <init-param>
>         <param-name>jcifs.http.domainController</param-name>
>         <param-value>bee.vimpelcom.ru</param-value>
>     </init-param>
> 
>     <init-param>
>         <param-name>jcifs.smb.client.domain</param-name>
>         <param-value>Domain</param-value>
>     </init-param>
> 
>     <init-param>
>         <param-name>jcifs.smb.client.username</param-name>
>         <param-value>UserOne</param-value>
>     </init-param>
> 
>     <init-param>
>         <param-name>jcifs.smb.client.password</param-name>
>         <param-value>ThePassword</param-value>
>     </init-param>
> 
>     <init-param>
>         <param-name>jcifs.smb.lmCompatibility</param-name>
>         <param-value>3</param-value>
>     </init-param>
> 
>     <init-param>
>         <param-name>jcifs.util.loglevel</param-name>
>         <param-value>3</param-value>
>     </init-param>
> </filter>
> 
> <filter-mapping>
>    <url-pattern>/*</url-pattern>
>    <filter-name>ntlm</filter-name>
> </filter-mapping>
> 
> 
> Please, share any adeas how to fix this problem? Or which way to investigate
> it. Thank you.
> //Alexander
> 


-- 
Michael B Allen
PHP Extension for SSO w/ Windows Group Authorization
http://www.ioplex.com/

More information about the jcifs mailing list