[jcifs] Problem with NtlmHttpFilter and Apache2

Wouter van Reeven Wouter.van.Reeven at AMIS.nl
Mon Jun 19 09:05:37 GMT 2006

Hi again,

I did some more investigations and found this out:

1) mod_jk isn't loaded so that isn't the problem.
2) mod_proxy seems to be the problem here. When I disable it the NtlmHttpFilter works ok.
3) unfortunately, disabling mod_proxy gives me a problem for which I enabled mod_proxy in the first place. We have several Tomcat instances running on our web server and I'd like to forward HTTP requests to a certain Tomcat instance based on the URL. E.g. when I would like to connect to http://test.example.com/MyTestApp I'd like Apache to forward the request to http://test.example.com:8180/MyTestApp wothout the user seeing port 8180. For this I have these rules

ServerName test
RewriteEngine On
RewriteRule ^/(.*)$ http://test.example.com:8180/$1 [P]

but doing this makes the port number show in my browser. Therefore I added these lines as well

ProxyRequests Off
ProxyPass / http://test.example.com:8180/
ProxyPassReverse / http://test.example.com:8180/

and that's when I got the errors. Enabling those lines does get rid of the port in the URL, but for some reason NtlmHttpFilter gets stuck after or during the second stage. So, now I am searching Google how to get rid of the port number. Thanks for the help anyway.

Greets, Wouter

AMIS Services BV
Edisonbaan 15
Postbus 24

T +31 (30)6016000
F +31 (30)6016001

-----Original Message-----
From: Michael B Allen [mailto:mba2000 at ioplex.com]
Sent: Wed 14-Jun-06 19:13
To: Wouter van Reeven
Cc: yannick at smellyfrog.com; jcifs at lists.samba.org
Subject: Re: [jcifs] Problem with NtlmHttpFilter and Apache2
On Wed, 14 Jun 2006 18:15:23 +0200
"Wouter van Reeven" <Wouter.van.Reeven at AMIS.nl> wrote:

> Hi Yannick,
> Thanks for your reply. Actually, I don't use mod_jk. But I'll check to see if mod_jk is loaded and if so, I will unload it. To connect Apache2 to Tomcat I use mod_rewrite and mod_proxy. Perhaps there's a problem there too? Did you install mod_jk by hand compiled from sources from the Tomcat website?

Maybe. The NTLM HTTP Authentication protocol is a stateful 3 message
handshake. Look at the bottom of the NTLM HTTP Filter docs for details. In
particular the 2nd and 3rd messages need to share the same HTTP session
to store the transaction state. It's a delicate thing that is the source
of 90% of problems reported on this list.


Michael B Allen
PHP Extension for SSO w/ Windows Group Authorization

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list