[jcifs] Re: NtlmHttpFilter causing NT User Lockout.

S Wagle wagle at earthlink.net
Tue Jun 20 17:54:22 GMT 2006 

I use this same filter and the application has several POST forms.  I 
don't get this same error.  But then I don't have this exact same 
configuration.

Just noticed this utility that Windows Server 2003 Resource Kit has. 
Not sure about Windows 2000.

See if this helps.

Lockoutstatus.exe: Account Lockout Status
Overview
Account Lockout Status (LockoutStatus) is a combination command-line and 
GUI tool that displays lockout information about a particular user 
account. LockoutStatus collects information from every contactable 
domain controller in the target user account's domain.



Geoffrey Hebert wrote:
> Initially I can get into my application and get my NT UserID 
> (this.getRequest().getRemoteUser();) and store the information in 
> session.  My application is multiple pages of forms (POST).
>  
> Somehow the *NtlmHttpFilter* 
> <http://news.gmane.org/find-root.php?message_id=%3cd34867f20606170537m5cc1449ei79fd38cadb3ea1c7%40mail.gmail.com%3e> 
> causes an NT User Lockout.
>  
> I am using IE and Windows 2000 with TomCat.
>  
> Here is my filter:
>  
>  
> <filter>
>     <filter-name>NtlmHttpFilter</filter-name>
>     <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>  
>     <init-param>
>         <param-name>jcifs.netbios.wins</param-name>
>         <param-value>eadsa10.mydomain.mycompany.com,eadsa11. 
> mydomain.mycompany.com</param-value>
>     </init-param>
>     <init-param>
>         <param-name>jcifs.smb.client.domain</param-name>
>         <param-value>xxxx</param-value>
>     </init-param>
>  
>  
> </filter>
>  
> <filter-mapping>
>     <filter-name>NtlmHttpFilter</filter-name>
>     <url-pattern>/*</url-pattern>
> </filter-mapping>
>  
> This comment in the documentation makes me think that my additional 
> forms my be creating the lockout – “negotiating NTLM HTTP Authentication 
> once, IE will not POST any form data until it has negotiated the 
> password hashes again.”
> 
> ------------------------------------------------------------------------
> Ring'em or ping'em. Make PC-to-phone calls as low as 1¢/min 
> <http://us.rd.yahoo.com/mail_us/taglines/postman11/*http://us.rd.yahoo.com/evt=39666/*http://voice.yahoo.com> 
> with Yahoo! Messenger with Voice.

More information about the jcifs mailing list