[jcifs] Re: NTLM HTTP Filter Does Not Work With SMB Signing

Michael B Allen mba2000 at ioplex.com
Fri Jun 2 16:59:50 GMT 2006

On Fri, 2 Jun 2006 08:37:49 -0400
"Dane Henry" <danehenry at gmail.com> wrote:

> SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=true,errorCode=The
> operation completed
> successfully.,flags=0x0098,fla

I think you're using an old version of jCIFS. Newer versions of jCIFS do
not print 'The operation completed successfully.' for errorCode 0. They
just print errorCode=0.

Seek and destroy jcifs.jar files and *restart until the jCIFS classes
are no longer found*. Then download a brand new jcifs 1.2.9 and carefully
install that jar.

I think there was a serious bug in SMB signing prior to 1.2.8. You must
be running 1.2.9 or SMB signing may not work.

> I know that it is pre-authenticating, because if I remove the user name and
> password from the filter, it gives me the error:

Yup. Preauth is definitely working. That's good. But the problem we've
been talking about is that after a while SMB signing get's messed up
and people start getting "Access denied".

> From what I've been seeing, all that is _not_ happening, is IE 6 is not
> sending the "3rd" handshake back to the server, unlike Firefox. And if what

Hmm, well if firefox works but IE doesn't that's a client issue.

> I know of NTLM authentication is correct, it's this 3rd handshake that
> contains the user's name and information to be checked against the server.
> This is occurring in Firefox simply because I provide the browser with
> credentials through the dialog box, however that defeats the purpose of NTLM
> in my opinion. Any light that you or anyone else can shed on this would be
> _amazing_.

It sounds like transparent auth just isn't taking place in which case
read the section in the NTLM HTTP auth docs about that. For example,
make sure the workstation is actually joined to the domain. And when
you log into XP make sure that the domain (ie MAIN) is selected in the
domain dialog box. If it's something else like the local workstation
name *transparent* auth won't work.


More information about the jcifs mailing list