[jcifs] Re: NTLM HTTP Filter Does Not Work With SMB Signing
Michael B Allen
mba2000 at ioplex.com
Fri Jun 2 06:51:12 GMT 2006
Jacob,
We've had 3 solid reports that SMB signing works with proper credentials
(at least initially). I suspect the problem you're seeing isn't the
problem we've been talking about. You'll should be happy to know that
you simply misconfigured things.
Things to check:
1) Remove jcifs.jar to make sure an old one isn't being used. Then install a fresh 1.2.9.
2) Triple check the specific properties used in the "Explicit Domain Controller Example".
3) Triple check the domain/username/password creds used for preauth
4) Look at detailed logging to definitively confirm that preauth is actually succeeding.
Mike
On Fri, 2 Jun 2006 11:29:30 +0800
"Jacob Leung" <jacobleung at wisagetech.com> wrote:
> Hello Mike,
>
> We do these Tests with Tomcat5.5 hosted on winXP sp2 in win2003 domain(
> since we're not using WINS, we use the second example(domainController)
> and your stock code ):
>
> 1. Login of two users(Kevin, Jacob) with session signing enabled
>
> (with username and password):
>
> - login sequential, the first(Kevin) success, Jacob fail(popup
> window)
>
> - again login in new window, the same as above.
>
> - (restart tomcat)
>
> - Jacob first, success. Then Kevin, fail...
>
> - After about 2 minutes, Kevin login again, success.
>
> 2. Login of 4 users with session signing enabled, this time, we use
> LoadRunner to mock concurrence, each user login 50 times.
>
> - The same. Since we don't know who the first is, but the report
> shows only one user success, others fail.
>
> - We test with LoadRunner about ten more times. At one time, all
> user are login success, but this occur once.
>
> - All these tests we use (domainController, domain, username and
> password)
>
>
>
>
>
> 3. Last test, we comment out the username and password for
> preauthentication, both sequential and concurrence , the behavior look
> like above.
>
>
>
>
>
> Jacob Leung
>
>
>
>
>
> -----
>
> Folks,
>
>
>
> There is something wrong with the NTLM HTTP Filter - several users have
>
> reported sporatic failures. A number of people have sent me a variety of
>
> diagnostics but all I really need right now is for someone (preferrably
>
> multiple people) to perform the following simple test:
>
>
>
> 1) Install the stock config as supplied in the documentation. Use the
>
> first example config unless you're not using WINS in which case use
> the
>
> second example. Do not use any properties other than those explicitly
>
> directed.
>
>
>
> 2) Restart your container and have two or three different users on
>
> different workstations simultaneously login to the site. If this does
>
> not work, please report the failure.
>
>
>
> 3) If multiple users does work, then please stop the container,
> comment
>
> out the username and password for preauthentication, start the
> container
>
> and again have two or three different users access the site. If it
>
> works, then your domain controller does not require SMB signing and
> your
>
> environment is not affected. No need to report your results. If it
> fails,
>
> then that means SMB signing is being used and works with multiple
> users
>
> in which case please report your success.
>
>
>
> Any deviation from the above right now is bad science and I'm not
>
> interested.
>
>
>
> Until someone performs this test we simply cannot proceed with this
>
> issue. I would like to try and make progress on this issue soon.
> Otherwise
>
> I will need to update the documentation to reflect the fact that the
>
> filter basically does not work with SMB signing.
>
>
>
> Mike
>
>
>
>
More information about the jcifs
mailing list