[jcifs] Re: NTLM HTTP Filter Does Not Work With SMB Signing

Dane Henry danehenry at gmail.com
Fri Jun 2 17:30:21 GMT 2006 

I think you were right about the older version of JCIFS, I removed and
deleted all that jar files, restarted and re-downloaded jcifs1.2.9.jar and
now it is allowing me to authenticate with IE. You, not surprisingly, were
also right about the log not printing 'The operation completed
successfully'. However when I tried it on another client, it was doing the
same thing it was doing for me previously, however since it is working on my
machine, I know it has to be a client configuration with IE. It isn't
related, yet, to the problem that you were describing of the access denied,
I'll test further to see if that pops up. I think what is different is in my
registry, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Security\NTLM
I have a String Value 'DLLFile' set to Winsspi.dll and a DWORD Value 'Flags'
set to 0x08. This is different from the default, or at least the default
systems here, do you all think this might be what's allowing the
authentication?

On 6/2/06, Michael B Allen <mba2000 at ioplex.com> wrote:
>
> On Fri, 2 Jun 2006 08:37:49 -0400
> "Dane Henry" <danehenry at gmail.com> wrote:
>
> >
> SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=true,errorCode=The
> > operation completed
> > successfully.,flags=0x0098,fla
>
> I think you're using an old version of jCIFS. Newer versions of jCIFS do
> not print 'The operation completed successfully.' for errorCode 0. They
> just print errorCode=0.
>
> Seek and destroy jcifs.jar files and *restart until the jCIFS classes
> are no longer found*. Then download a brand new jcifs 1.2.9 and carefully
> install that jar.
>
> I think there was a serious bug in SMB signing prior to 1.2.8. You must
> be running 1.2.9 or SMB signing may not work.
>
> > I know that it is pre-authenticating, because if I remove the user name
> and
> > password from the filter, it gives me the error:
>
> Yup. Preauth is definitely working. That's good. But the problem we've
> been talking about is that after a while SMB signing get's messed up
> and people start getting "Access denied".
>
> > From what I've been seeing, all that is _not_ happening, is IE 6 is not
> > sending the "3rd" handshake back to the server, unlike Firefox. And if
> what
>
> Hmm, well if firefox works but IE doesn't that's a client issue.
>
> > I know of NTLM authentication is correct, it's this 3rd handshake that
> > contains the user's name and information to be checked against the
> server.
> > This is occurring in Firefox simply because I provide the browser with
> > credentials through the dialog box, however that defeats the purpose of
> NTLM
> > in my opinion. Any light that you or anyone else can shed on this would
> be
> > _amazing_.
>
> It sounds like transparent auth just isn't taking place in which case
> read the section in the NTLM HTTP auth docs about that. For example,
> make sure the workstation is actually joined to the domain. And when
> you log into XP make sure that the domain (ie MAIN) is selected in the
> domain dialog box. If it's something else like the local workstation
> name *transparent* auth won't work.
>
> Mike
>
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list