[jcifs] Re: NTLM HTTP Filter Does Not Work With SMB Signing

Dane Henry danehenry at gmail.com
Mon Jun 5 18:01:56 GMT 2006 

Using the domain controller parameter in the filter didn't seem to have an
effect, both when I put in a real IP and when I put in a client IP. When I
tried to run the ListFiles example, it kept giving me an error that the user
has been blocked, or something to that effect, with the same message whether
I had the *jcifs.smb.client.signingPreferred* as true or false. I'll keep
messing with it, since for whatever reason, I can't even get it to fully
authenticate me at this point, let a lone a remote client. A big thanks to
you all for helping as much as you have.

Dane

On 6/5/06, Michael B Allen <mba2000 at ioplex.com> wrote:
>
> On Mon, 5 Jun 2006 09:28:05 -0400
> "Dane Henry" <danehenry at gmail.com> wrote:
>
> > One thing that just popped into my head, I am right now just using
> "MAIN" as
> > my domain, but the full domain name is MAIN.xxx.xxxx.xxx, which, if
> counted
> > adds up to 17, however as noted previously in the lists, JCIFS only
> allows
> > 15 characters for the domain name. While obviously this isn't a
> completely
> > detremental issue, since it is in fact preauthenticating, and in the
> case of
> > FF actually authenticating, I'm just trying to consider everything that
> > _could_ be an issue. Lemme know if I'm way off base of if this is
> actually
> > something to consider.
>
> No, MAIN.xxx.xxxx.xxx is the Kerberos Realm. I believe you demonstrated
> previously that preauth worked and therefore the credentials are not
> the problem.
>
> I *guess* is that your environment is requiring different security
> properties that jCIFS simply does not support correctly. Unfotunately
> I can only confirm that the jCIFS filter works correctly with plain NTLM.
>
> I would recommend that you try some of the example programs such as
> examples/ListFiles.java. Try it with and without signingPreferred set to
> true/false. Ultimately communication with other hosts should be similar
> or identical to communication with the domain controller and therefore
> it provides a good litmus test.
>
> Also, you might try using the explicit domainController example web.xml
> but point it to an IP of a work station and downgrade that workstations
> security level.
>
> Mike
>
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list