[jcifs] Re: NTLM HTTP Filter Does Not Work With SMB Signing

Michael B Allen mba2000 at ioplex.com
Fri Jun 2 06:51:12 GMT 2006


Jacob,

We've had 3 solid reports that SMB signing works with proper credentials
(at least initially). I suspect the problem you're seeing isn't the
problem we've been talking about. You'll should be happy to know that
you simply misconfigured things.

Things to check:

1) Remove jcifs.jar to make sure an old one isn't being used. Then install a fresh 1.2.9.
2) Triple check the specific properties used in the "Explicit Domain Controller Example".
3) Triple check the domain/username/password creds used for preauth
4) Look at detailed logging to definitively confirm that preauth is actually succeeding.

Mike

On Fri, 2 Jun 2006 11:29:30 +0800
"Jacob Leung" <jacobleung at wisagetech.com> wrote:

> Hello Mike,
> 
> We do these Tests with Tomcat5.5 hosted on winXP sp2 in win2003 domain(
> since we're not using WINS, we use the second example(domainController)
> and your stock code ):
> 
> 1.    Login of two users(Kevin, Jacob) with session signing enabled 
> 
> (with username and password): 
> 
> -        login sequential, the first(Kevin) success, Jacob fail(popup
> window)
> 
> -        again login in new window, the same as above.
> 
> -        (restart tomcat)
> 
> -        Jacob first, success.  Then Kevin, fail...
> 
> -        After about 2 minutes, Kevin login again, success.
> 
> 2.    Login of 4 users with session signing enabled, this time, we use
> LoadRunner to mock concurrence, each user login 50 times.
> 
> -        The same. Since we don't know who the first is, but the report
> shows only one user success, others fail.
> 
> -        We test with LoadRunner about ten more times. At one time, all
> user are login success, but this occur once.
> 
> -        All these tests we use (domainController, domain, username and
> password)
> 
>  
> 
>  
> 
> 3.    Last test, we comment out the username and password for
> preauthentication, both sequential and concurrence , the behavior look
> like above.
> 
>  
> 
>  
> 
> Jacob Leung
> 
>  
> 
>  
> 
> -----
> 
> Folks,
> 
>  
> 
> There is something wrong with the NTLM HTTP Filter - several users have
> 
> reported sporatic failures. A number of people have sent me a variety of
> 
> diagnostics but all I really need right now is for someone (preferrably
> 
> multiple people) to perform the following simple test:
> 
>  
> 
>   1) Install the stock config as supplied in the documentation. Use the
> 
>   first example config unless you're not using WINS in which case use
> the
> 
>   second example. Do not use any properties other than those explicitly
> 
>   directed.
> 
>  
> 
>   2) Restart your container and have two or three different users on
> 
>   different workstations simultaneously login to the site. If this does
> 
>   not work, please report the failure.
> 
>  
> 
>   3) If multiple users does work, then please stop the container,
> comment
> 
>   out the username and password for preauthentication, start the
> container
> 
>   and again have two or three different users access the site. If it
> 
>   works, then your domain controller does not require SMB signing and
> your
> 
>   environment is not affected. No need to report your results. If it
> fails,
> 
>   then that means SMB signing is being used and works with multiple
> users
> 
>   in which case please report your success.
> 
>  
> 
> Any deviation from the above right now is bad science and I'm not
> 
> interested.
> 
>  
> 
> Until someone performs this test we simply cannot proceed with this
> 
> issue. I would like to try and make progress on this issue soon.
> Otherwise
> 
> I will need to update the documentation to reflect the fact that the
> 
> filter basically does not work with SMB signing.
> 
>  
> 
> Mike
> 
>  
> 
> 


More information about the jcifs mailing list