[jcifs] Problem with NtlmHttpFilter and Apache2

Wouter van Reeven Wouter.van.Reeven at AMIS.nl
Wed Jun 14 16:15:23 GMT 2006 

Hi Yannick,


Thanks for your reply. Actually, I don't use mod_jk. But I'll check to see if mod_jk is loaded and if so, I will unload it. To connect Apache2 to Tomcat I use mod_rewrite and mod_proxy. Perhaps there's a problem there too? Did you install mod_jk by hand compiled from sources from the Tomcat website?


Thanks, Wouter

-- 
AMIS Services BV
Edisonbaan 15
Postbus 24
3430 AA  NIEUWEGEIN

T +31 (30)6016000
F +31 (30)6016001



-----Original Message-----
From: Yannick [mailto:yannick at smellyfrog.com]
Sent: Wed 14-Jun-06 16:46
To: Wouter van Reeven
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] Problem with NtlmHttpFilter and Apache2
 
Hi Wouter,

Check or replace your version of mod_jk. I had a similar problem on Red 
Hat. The problem was coming from a too old version of mod_jk.

Regards
Yannick

Wouter van Reeven wrote:

> Hi,
>
>
> Over the past few weeks I have used the NtlmHttpFilter in a web app I 
> have been developing using Oracle JDeveloper. Now I have deployed the 
> app to Tomcat 5.0.28 under Linux and I run into some strange problems. 
> When I deploy to Debian Etch under VMWare, everything works fine. When 
> I deploy to Red Hat Enterprise Linux ES release 3 I can't get the 
> filter to work. What I have done is this.
> I have installed Apache 2.0 and created a forward to Tomcat like this
>
>     RewriteEngine On
>     RewriteRule ^/(.*) http://vmdebian:8180/$1
>     ProxyRequests Off
>     ProxyPass / http://vmdebian:8180/
>     ProxyPassReverse / http://vmdebian:8180/
>
> The hostname for my RedHAt machine is redhat and I have put that in 
> the httpd.conf file on RedHat where it reads vmdebian on Debian. So 
> when I browse to http://vmdebian or http://redhat I get the Tomcat 
> page instead of the Apache 2.0 page. We do this to be able to redirect 
> to different applications on different ports based on the server name 
> in the URL.
> In Tomcat I created a web app with one JSP file that says "Success". 
> Then I modified web.xml to read
>
>   <filter>
>       <filter-name>NtlmHttpFilter</filter-name>
>       <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>       <init-param>
>           <param-name>jcifs.http.domainController</param-name>
>           <param-value>my.local.domaincontroller</param-value>
>       </init-param>
>       <init-param>
>           <param-name>jcifs.smb.client.domain</param-name>
>           <param-value>DOMAIN</param-value>
>       </init-param>
>       <init-param>
>           <param-name>jcifs.smb.client.username</param-name>
>           <param-value>user</param-value>
>       </init-param>
>       <init-param>
>           <param-name>jcifs.smb.client.password</param-name>
>           <param-value>password</param-value>
>       </init-param>
>       <init-param>
>           <param-name>jcifs.util.loglevel</param-name>
>           <param-value>3</param-value>
>       </init-param>
>   </filter>
>
>   <filter-mapping>
>       <filter-name>NtlmHttpFilter</filter-name>
>       <url-pattern>/*</url-pattern>
>   </filter-mapping>
>
> of course making sure all config options have the correct values. 
> Finally I put the jcifs-1.2.9.jar in WEB-INF/lib in my web app.
>
> Now for the problem: when I deploy this on Debian Etch with Tomcat 
> 5.0.28 everything works fine. I connect to http://vmdebian:8080/myapp 
> and I get prompted for a username and password. Please note I am 
> working in a customer's network and I don't login to it, so I always 
> get prompted. When I connect to http://vmdebian/myapp I also get a 
> login popup and when I enter a valid username and password I get to 
> see my "secret" jsp file.
> When I deploy this on RedHat, however, connecting to 
> http://redhat:8080/myapp works like a charm. Again I get the login 
> popup and I can enter by providing the correct username and password. 
> When I try to connect to http://redhat/myapp I never get a login 
> popup! Setting the loglevel to 3 I see these messages
>
> New data read: Transport1[my.local.domaincontroller/192.168.0.2:0]
> 00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00  |ÿSMBr......À....|
> 00010: 00 00 00 00 00 00 00 00 00 00 B7 8A 00 00 02 00  |..........·.....|
>
> byteCount=34 but readBytesWireFormat returned 18
> NtlmSsp: msg != null && msg.startsWith("NTLM ")
> NtlmSsp: msg = 
> TlRMTVNTUAACAAAACgAKADAAAAAFAoEAu2wvEE8mIzUAAAAAAAAAACwALAA6AAAARABTAEcATwBSAAIACgBEAFMARwBPAFIAAQAWAEoAQwBJAEYAUwAwAF8AMQBfADMAOQAAAAAA
> NtlmSsp: msg != null && msg.startsWith("NTLM ")
> NtlmSsp: msg = 
> TlRMTVNTUAACAAAACgAKADAAAAAFAoEAu2wvEE8mIzUAAAAAAAAAACwALAA6AAAARABTAEcATwBSAAIACgBEAFMARwBPAFIAAQAWAEoAQwBJAEYAUwAwAF8AMQBfADMAOQAAAAAA
>
> The NtlmSsp messages are caused by some logging statements I added to 
> NtlmSsp.java.
> Since the filter is working correctly when trying to access the jsp 
> page directly on the Tomcat port, I suspect the culprit is somewhere 
> between Apache 2 and Tomcat on RedHat. Please note I am using the 
> RedHat httpd rpm while I downloaded Tomcat 5.0.28 in tar.gz format 
> from the Jakarta Tomcat website. On my Debian VMWare machine I use the 
> Debian apache2 deb packages and the same Tomcat 5.0.28 tar.gz download.
>
> Please help!
>
>
> Thanks, Wouter van Reeven
>
> --
> AMIS Services BV
> Edisonbaan 15
> Postbus 24
> 3430 AA  NIEUWEGEIN
>
> T +31 (30)6016000
> F +31 (30)6016001
>



-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list