[jcifs] NTLM usrname/password failure after each 5 mins

Alexandr Podoplelov alepod at gmail.com
Wed Jul 19 07:06:10 GMT 2006


Hi Michael,
Here the log fragment comes:

NtlmHttpFilter: VIMPELCOM_MAIN\KASS08_User_MS successfully authenticated
against bee.vimpelcom.ru/172.26.200.160
NtlmHttpFilter: VIMPELCOM_MAIN\KASS08_User_MS successfully authenticated
against bee.vimpelcom.ru/172.26.200.160
NtlmHttpFilter: VIMPELCOM_MAIN\KASS05_User_MS successfully authenticated
against bee.vimpelcom.ru/172.26.200.160
NtlmHttpFilter: VIMPELCOM_MAIN\KASS05_User_MS successfully authenticated
against bee.vimpelcom.ru/172.26.200.160
treeConnect: unc=\\bee.vimpelcom.ru\IPC$,service=IPC
sessionSetup: accountName=KASS01_User_MS,primaryDomain=VIMPELCOM_MAIN
update: 0 0:16
00000: CF E5 5D 07 F3 A3 F7 A5 ED 03 D5 11 99 84 81 05  |??].?????.?.....|

update: 1 4:258
00000: FF 53 4D 42 73 00 00 00 00 18 07 C0 00 00 60 00  |?SMBs......?..`.|
00010: 00 00 00 00 00 00 00 00 00 00 CC 29 00 00 4B 00  |..........?)..K.|
00020: 0D 75 00 C2 00 04 41 0A 00 01 00 00 00 00 00 18  |.u.?..A.........|
00030: 00 18 00 00 00 00 00 54 10 00 00 85 00 17 A9 99  |.......T......?.|
00040: 96 8F 77 41 DF 74 7D EA 13 0B 5A 40 1D 2B 27 66  |..wA?t}?..Z at .+'f|
00050: BE C4 78 2A 74 98 B6 73 9E 62 D7 7A 05 C4 C0 2C  |??x*t.?s.b?z.??,|
00060: 48 4E 12 A0 26 BB BA 12 CD A6 8F 82 8B 00 4B 00  |HN.?&??.??....K.|
00070: 41 00 53 00 53 00 30 00 31 00 5F 00 55 00 73 00  |A.S.S.0.1._.U.s.|
00080: 65 00 72 00 5F 00 4D 00 53 00 00 00 56 00 49 00  |e.r._.M.S...V.I.|
00090: 4D 00 50 00 45 00 4C 00 43 00 4F 00 4D 00 5F 00  |M.P.E.L.C.O.M._.|
000A0: 4D 00 41 00 49 00 4E 00 00 00 53 00 75 00 6E 00  |M.A.I.N...S.u.n.|
000B0: 4F 00 53 00 00 00 6A 00 43 00 49 00 46 00 53 00  |O.S...j.C.I.F.S.|
000C0: 00 00 04 FF 00 00 00 00 00 01 00 35 00 00 5C 00  |...?.......5..\.|
000D0: 5C 00 62 00 65 00 65 00 2E 00 76 00 69 00 6D 00  |\.b.e.e...v.i.m.|
000E0: 70 00 65 00 6C 00 63 00 6F 00 6D 00 2E 00 72 00  |p.e.l.c.o.m...r.|
000F0: 75 00 5C 00 49 00 50 00 43 00 24 00 00 00 49 50  |u.\.I.P.C.$...IP|

digest:
00000: BD 62 F2 35 F1 21 D4 48 C3 EA 06 3A 0C 58 CF 0C  |?b?5?!?H??.:.X?.|

SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0xC007,signSeq=96,tid=0,pid=10700,uid=0,mid=75,wordCount=13,byteCount=133,andxCommand=0x75,andxOffset=194,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24,unicodePasswordLength=24,capabilities=4180,accountName=KASS01_User_MS,primaryDomain=VIMPELCOM_MAIN,NATIVE_OS=SunOS,NATIVE_LANMAN=jCIFS]
SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0x0000,signSeq=0,tid=0,pid=10700,uid=0,mid=0,wordCount=4,byteCount=53,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\bee.vimpelcom.ru\IPC$,service=IPC]
New data read: Transport1[bee.vimpelcom.ru/172.26.200.160:0]
00000: FF 53 4D 42 73 6D 00 00 C0 98 07 C0 00 00 3A 0B  |?SMBsm..?..?..:.|
00010: F6 17 D7 EA 8C 38 00 00 00 00 CC 29 00 00 4B 00  |?.??.8....?)..K.|

SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=Logon
failure: unknown user name or
badpassword.,flags=0x0098,flags2=0xC007,signSeq=97,tid=0,pid=10700,uid=0,mid=75,wordCount=0,byteCount=0,andxCommand=0xFF,andxOffset=0,isLoggedInAsGuest=false,nativeOs=,nativeLanMan=,primaryDomain=]
NtlmHttpFilter: VIMPELCOM_MAIN\KASS01_User_MS: 0xC000006D:
jcifs.smb.SmbAuthException: Logon failure: unknown user name or bad
password.
NtlmHttpFilter: VIMPELCOM_MAIN\KASS03_User_MS successfully authenticated
against bee.vimpelcom.ru/172.26.200.160
NtlmHttpFilter: VIMPELCOM_MAIN\KASS03_User_MS successfully authenticated
against bee.vimpelcom.ru/172.26.200.160
NtlmHttpFilter: VIMPELCOM_MAIN\KASS07_User_MS successfully authenticated
against bee.vimpelcom.ru/172.26.200.160


I will try Kevin's suggestion to change the code of SmbSession.java (thank
you, Kevin), and come back with the results.
//Alexander



2006/7/18, Michael B Allen <mba2000 at ioplex.com>:
>
> Is there an exception in the log?
>
> It could be that the connection to the DC is getting closed in the middle
> of a negotiation. I don't know why it would get closed but because NTLM
> is a multistep handshake, if client is provided with the server challenge
> and then the connection closes the challenge will become invalid. When
> IE submits the password hashes the DC on the new connection will reject
> them. We could detect when the challenge no longer matches the transport
> (actually I think we do that already) and resend the WWW-Authenticate:
> NTLM but that will cause the network password dialog to come up so
> same difference.
>
> So if that's really what's happening theres no way to fix the problem. You
> might try to investigate *why* the connection is being closed and try
> to stop it.
>
> Mike
>
> --
> Michael B Allen
> PHP Extension for SSO w/ Windows Group Authorization
> http://www.ioplex.com/
>
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the jcifs mailing list