[jcifs] NTLM HTTP Filter Does Not Work With SMB Signing

[Jacob Leung]

Hello Mike,

We do these Tests with Tomcat5.5 hosted on winXP sp2 in win2003 domain(
since we're not using WINS, we use the second example(domainController)
and your stock code ):

1.    Login of two users(Kevin, Jacob) with session signing enabled 

(with username and password): 

-        login sequential, the first(Kevin) success, Jacob fail(popup
window)

-        again login in new window, the same as above.

-        (restart tomcat)

-        Jacob first, success.  Then Kevin, fail...

-        After about 2 minutes, Kevin login again, success.

2.    Login of 4 users with session signing enabled, this time, we use
LoadRunner to mock concurrence, each user login 50 times.

-        The same. Since we don't know who the first is, but the report
shows only one user success, others fail.

-        We test with LoadRunner about ten more times. At one time, all
user are login success, but this occur once.

-        All these tests we use (domainController, domain, username and
password)

 

 

3.    Last test, we comment out the username and password for
preauthentication, both sequential and concurrence , the behavior look
like above.

 

 

Jacob Leung

 

 

-----

Folks,

 

There is something wrong with the NTLM HTTP Filter - several users have

reported sporatic failures. A number of people have sent me a variety of

diagnostics but all I really need right now is for someone (preferrably

multiple people) to perform the following simple test:

 

  1) Install the stock config as supplied in the documentation. Use the

  first example config unless you're not using WINS in which case use
the

  second example. Do not use any properties other than those explicitly

  directed.

 

  2) Restart your container and have two or three different users on

  different workstations simultaneously login to the site. If this does

  not work, please report the failure.

 

  3) If multiple users does work, then please stop the container,
comment

  out the username and password for preauthentication, start the
container

  and again have two or three different users access the site. If it

  works, then your domain controller does not require SMB signing and
your

  environment is not affected. No need to report your results. If it
fails,

  then that means SMB signing is being used and works with multiple
users

  in which case please report your success.

 

Any deviation from the above right now is bad science and I'm not

interested.

 

Until someone performs this test we simply cannot proceed with this

issue. I would like to try and make progress on this issue soon.
Otherwise

I will need to update the documentation to reflect the fact that the

filter basically does not work with SMB signing.

 

Mike

 

-------------- next part --------------
HTML attachment scrubbed and removed