[jcifs] Re: NTLM HTTP Filter Does Not Work With SMB Signing

Michael B Allen mba2000 at ioplex.com
Mon Jun 5 16:30:07 GMT 2006

On Mon, 5 Jun 2006 09:28:05 -0400
"Dane Henry" <danehenry at gmail.com> wrote:

> One thing that just popped into my head, I am right now just using "MAIN" as
> my domain, but the full domain name is MAIN.xxx.xxxx.xxx, which, if counted
> adds up to 17, however as noted previously in the lists, JCIFS only allows
> 15 characters for the domain name. While obviously this isn't a completely
> detremental issue, since it is in fact preauthenticating, and in the case of
> FF actually authenticating, I'm just trying to consider everything that
> _could_ be an issue. Lemme know if I'm way off base of if this is actually
> something to consider.

No, MAIN.xxx.xxxx.xxx is the Kerberos Realm. I believe you demonstrated
previously that preauth worked and therefore the credentials are not
the problem.

I *guess* is that your environment is requiring different security
properties that jCIFS simply does not support correctly. Unfotunately
I can only confirm that the jCIFS filter works correctly with plain NTLM.

I would recommend that you try some of the example programs such as
examples/ListFiles.java. Try it with and without signingPreferred set to
true/false. Ultimately communication with other hosts should be similar
or identical to communication with the domain controller and therefore
it provides a good litmus test.

Also, you might try using the explicit domainController example web.xml
but point it to an IP of a work station and downgrade that workstations
security level.


More information about the jcifs mailing list