[jcifs] NTLM Authentication issue

Michael B Allen mba2000 at ioplex.com
Wed Nov 29 15:45:03 GMT 2006


That won't work since either the socket will close before a response
is recieved or under load you'll get two authentication requests within
500ms.

You must use preauthentication.

Mike

On Wed, 29 Nov 2006 08:55:48 -0500
"Anoop Prakash" <anoopatul at gmail.com> wrote:

> Thanks Jonathan,
> 
> I tried out changing the soTimeOut to 500 milliseconds abd it seems to be
> running fine now.
> 
> 
> On 11/28/06, Jonathan Trumbull <jonathan.trumbull at gmail.com> wrote:
> >
> > Anoop,
> >
> > You probably need to specify a set of domain credentials explicitly
> > for preauthentication. We usually just setup a service account just
> > for this.
> >
> > see http://jcifs.samba.org/src/docs/ntlmhttpauth.html#signing
> >
> > <init-param>
> >   <param-name>jcifs.smb.client.username</param-name>
> >   <param-value>SomeServiceAccount</param-value>
> > </init-param>
> >
> > <init-param>
> >   <param-name>jcifs.smb.client.password</param-name>
> >   <param-value>SomeServiceAccountPassword</param-value>
> > </init-param>
> >
> > --Jonathan
> >
> > On 11/28/06, Anoop Prakash <anoopatul at gmail.com> wrote:
> > >
> > >
> > > Hello  Mike,
> > >
> > >
> > > We got your reference from the jcifs  mailing list. We found  out an
> > issue in the mailing list that is similar to the problem we are
> > facing  while accessing our application using the JCIFS NTLM authentication.
> > When  multiple users try accessing our application concurrently, only one of
> > the users  will be allowed to log in. The others are shown the NTLM
> > authentication box  again and again, even though they enter the right
> > credentials. The  application is a struts based J2EE application and we are
> > using   JCIFS version 1.2.8. We tried doing the instructions given in the
> > link -  http://lists.samba.org/archive/jcifs/2006-June/006304.html .  We
> > are using a domain controller also in this. I am pasting below a part of
> > the  web.xml for the application.
> > >
> > >
> > >
> > >  <filter>
> > >
> > >               <filter-name>NtlmHttpFilter</filter-name>
> > >
> > >               <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > >
> > >
> > >
> > >               <init-param>
> > >
> > >                     <param-name>jcifs.http.domainController</param-name>
> > >
> > >                     <param-value>CORPDC3</param-value>
> > >
> > >               </init-param>
> > >
> > >
> > >
> > >               <init-param>
> > >
> > >                     <param-name>jcifs.smb.lmCompatibility</param-name>
> > >
> > >               <param-value>3</param-value>
> > >
> > >               </init-param>
> > >
> > >  </filter>
> > >
> > >
> > >
> > > It would be great if you could let us know what could be the
> > issue.Please let us knowif you need any more details on this.
> > >
> > >
> > >
> > > Thanks,
> > >
> > > Anoop
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > [jcifs] NTLM Authentication problemMike Streeton mike.streeton at
> > ardentia.co.uk
> > > Thu Jun 22 06:51:43 GMT  2006
> > >
> > >
> > >
> > > Previous message: [jcifs] NTLM Authentication  problem
> > > Next message: [jcifs] Authenticating Against  Multiple Domain
> > Controllers
> > > Messages sorted by: [ date ] [ thread ] [ subject ]  [ author ]
> > ________________________________
> > We had problems with some people being able to connect but not other,
> > > even though they have exactly the same config (XP pro), we got round
> > > them by setting the following:
> > >
> > >
> > > Configure the JCIFS parameter jcifs.smb.lmCompatibility try setting it
> > > to 3, 4 or 5
> > >
> > > Configure the JCIFS parameter jcifs.netbios.hostname to be the local
> > > machine
> > >
> > >
> > >
> > > Set the API documentation on how to do this:
> > >
> > > http://jcifs.samba.org/src/docs/api/
> > >
> > >
> > >
> > > If this does not work post the config/error logs etc and Michael is very
> > >
> > > helpful and can usually put you right.
> > >
> > >
> > >
> > > Thanks
> > >
> > >
> > >
> > > Mike
> > >
> > >
> > >
> > > www.ardentia.com the home of NetSearch
> > >
> > > ________________________________
> > >
> > >
> > > From: jcifs-bounces+mike.streeton=ardentia.co.uk at lists.samba.org
> > >
> > > [mailto:jcifs-bounces+mike.streeton=
> > > ardentia.co.uk at lists.samba.org] On
> > > Behalf Of Publius Ismanescu
> > > Sent: 21 June 2006 21:25
> > > To:
> > > jcifs at lists.samba.org
> > > Subject: [jcifs] NTLM Authentication problem
> > >
> > >
> > >
> > > Hi everybody,
> > >
> > > I have a situation where the NTLM authentication fails. I will explain
> > > my configuration and the tests we did.
> > >
> > >
> > > We have a weblogic server on AIX server and we use jcifs for NTLM
> > > authentication. The users that access the website, they all have windows
> > > desktops, with IE installed.
> > > All user can access the website properly . The problem start when we
> > >
> > > want to let user from outsite the company connect.
> > >
> > > The external user connect to a metaframe (Citrix) and they use the IE
> > > browser on the metaframe server to connect to the internal website.
> > > The user are propted with a login dialog to enter their user ID and
> > >
> > > password. After entering the information they get a server or DNS error.
> > >
> > > After we turned the loglevel to see more info from jcifs, it looks like
> > > the 3-rd handshake does not take place.
> > >
> > > Installing Firefox on the metaframe server and testing the
> > >
> > > access,everything is working.
> > > Using IE to connect to a second metaframe server it woks also. IE
> > > versions on the 2 metaframes is the same.
> > >
> > >
> > > Can anybody help with some IE settings or give me some tips on what else
> > >
> > > to look for to solve this.
> > >
> > >
> > > Thank you
> > >
> > >
> > > --
> > > Publius Ismanescu
> > > http://publius.wwdb.biz
> > >
> > > email: publiusi at gmail.com
> > >
> > > -------------- next part --------------
> > >
> > > HTML attachment scrubbed and removed
> > >
> > >  ________________________________
> >
> > >
> > >
> > >
> > > Previous message: [jcifs] NTLM Authentication  problem
> > > Next message: [jcifs] Authenticating Against  Multiple Domain
> > Controllers
> > > Messages sorted by: [ date ] [ thread ] [ subject ]  [ author ]
> > ________________________________
> >   More information about the jcifs mailing  list
> > >
> > >
> > >
> >
> 


-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/


More information about the jcifs mailing list