[jcifs] Re: NTLM HTTP Filter Does Not Work With SMB Signing
Richard Caper
rcaper at gmail.com
Fri Jun 2 19:22:52 GMT 2006
The DLLfile and flag settings are documented here, but they are no
longer actually used/needed:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wininet/wininet/handling_authentication.asp
(as you noted, as of IE 6 they don't have any relevance).
On 6/2/06, Dane Henry <danehenry at gmail.com> wrote:
> Well I just answered my own question; the registry entries have nothing to
> do with the authentication. As of right now, it is still allowing me to
> authenticate transparantly, but whenever anyone else attempts to do a log
> on, whether I have previously logged on or just restarted with a freshly
> downloaded .jar file, it still will not allow them to authenticate. It hangs
> right where it was hanging for me, it'll pre-authenticate, but will not
> authenticate the remote user. Any ideas or suggestions would be great.
>
> Dane
>
>
> On 6/2/06, Dane Henry <danehenry at gmail.com> wrote:
> >
> > I think you were right about the older version of JCIFS, I removed and
> deleted all that jar files, restarted and re-downloaded jcifs1.2.9.jar and
> now it is allowing me to authenticate with IE. You, not surprisingly, were
> also right about the log not printing 'The operation completed
> successfully'. However when I tried it on another client, it was doing the
> same thing it was doing for me previously, however since it is working on my
> machine, I know it has to be a client configuration with IE. It isn't
> related, yet, to the problem that you were describing of the access denied,
> I'll test further to see if that pops up. I think what is different is in my
> registry, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
> Explorer\Security\NTLM
> > I have a String Value 'DLLFile' set to Winsspi.dll and a DWORD Value
> 'Flags' set to 0x08. This is different from the default, or at least the
> default systems here, do you all think this might be what's allowing the
> authentication?
> >
> >
> >
> > On 6/2/06, Michael B Allen < mba2000 at ioplex.com> wrote:
> > > On Fri, 2 Jun 2006 08:37:49 -0400
> > > "Dane Henry" <danehenry at gmail.com> wrote:
> > >
> > > >
> SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=true,errorCode=The
> > > > operation completed
> > > > successfully.,flags=0x0098,fla
> > >
> > > I think you're using an old version of jCIFS. Newer versions of jCIFS do
> > > not print 'The operation completed successfully.' for errorCode 0. They
> > > just print errorCode=0.
> > >
> > > Seek and destroy jcifs.jar files and *restart until the jCIFS classes
> > > are no longer found*. Then download a brand new jcifs 1.2.9 and
> carefully
> > > install that jar.
> > >
> > > I think there was a serious bug in SMB signing prior to 1.2.8. You must
> > > be running 1.2.9 or SMB signing may not work.
> > >
> > > > I know that it is pre-authenticating, because if I remove the user
> name and
> > > > password from the filter, it gives me the error:
> > >
> > > Yup. Preauth is definitely working. That's good. But the problem we've
> > > been talking about is that after a while SMB signing get's messed up
> > > and people start getting "Access denied".
> > >
> > > > From what I've been seeing, all that is _not_ happening, is IE 6 is
> not
> > > > sending the "3rd" handshake back to the server, unlike Firefox. And if
> what
> > >
> > > Hmm, well if firefox works but IE doesn't that's a client issue.
> > >
> > > > I know of NTLM authentication is correct, it's this 3rd handshake that
> > > > contains the user's name and information to be checked against the
> server.
> > > > This is occurring in Firefox simply because I provide the browser with
> > > > credentials through the dialog box, however that defeats the purpose
> of NTLM
> > > > in my opinion. Any light that you or anyone else can shed on this
> would be
> > > > _amazing_.
> > >
> > > It sounds like transparent auth just isn't taking place in which case
> > > read the section in the NTLM HTTP auth docs about that. For example,
> > > make sure the workstation is actually joined to the domain. And when
> > > you log into XP make sure that the domain (ie MAIN) is selected in the
> > > domain dialog box. If it's something else like the local workstation
> > > name *transparent* auth won't work.
> > >
> > > Mike
> > >
> >
> >
>
>
More information about the jcifs
mailing list