[jcifs] NTLM HTTP Filter Does Not Work With SMB Signing
Jacob Leung
jacobleung at wisagetech.com
Fri Jun 2 03:29:30 GMT 2006
Hello Mike,
We do these Tests with Tomcat5.5 hosted on winXP sp2 in win2003 domain(
since we're not using WINS, we use the second example(domainController)
and your stock code ):
1. Login of two users(Kevin, Jacob) with session signing enabled
(with username and password):
- login sequential, the first(Kevin) success, Jacob fail(popup
window)
- again login in new window, the same as above.
- (restart tomcat)
- Jacob first, success. Then Kevin, fail...
- After about 2 minutes, Kevin login again, success.
2. Login of 4 users with session signing enabled, this time, we use
LoadRunner to mock concurrence, each user login 50 times.
- The same. Since we don't know who the first is, but the report
shows only one user success, others fail.
- We test with LoadRunner about ten more times. At one time, all
user are login success, but this occur once.
- All these tests we use (domainController, domain, username and
password)
3. Last test, we comment out the username and password for
preauthentication, both sequential and concurrence , the behavior look
like above.
Jacob Leung
-----
Folks,
There is something wrong with the NTLM HTTP Filter - several users have
reported sporatic failures. A number of people have sent me a variety of
diagnostics but all I really need right now is for someone (preferrably
multiple people) to perform the following simple test:
1) Install the stock config as supplied in the documentation. Use the
first example config unless you're not using WINS in which case use
the
second example. Do not use any properties other than those explicitly
directed.
2) Restart your container and have two or three different users on
different workstations simultaneously login to the site. If this does
not work, please report the failure.
3) If multiple users does work, then please stop the container,
comment
out the username and password for preauthentication, start the
container
and again have two or three different users access the site. If it
works, then your domain controller does not require SMB signing and
your
environment is not affected. No need to report your results. If it
fails,
then that means SMB signing is being used and works with multiple
users
in which case please report your success.
Any deviation from the above right now is bad science and I'm not
interested.
Until someone performs this test we simply cannot proceed with this
issue. I would like to try and make progress on this issue soon.
Otherwise
I will need to update the documentation to reflect the fact that the
filter basically does not work with SMB signing.
Mike
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list