[jcifs] Re: Can't get NTLM HTTP Authentication to work

mac671 mac671mac at wp.pl
Fri Oct 13 10:30:36 GMT 2006 

Hi,

I seem to be experiencing the very similar or even same problem that
Christian has described.
That is why I post in this thread. Even tho I am using WINS, the symptoms
are as described in the OT.

I made a network capature and I am not getting the response to the type
three message.

I turned on the logging of the jcifs.util.loglevel to lvl 4.
and also jcifs.smb.client.soTimeout 1000000


session established ok with <<DOMAIN_NAME>><1C>/<<WINS_IP_ADDRESS>>
requesting negotiation with <<DOMAIN_NAME>><1C>/<<WINS_IP_ADDRESS>>
SmbComNegotiate[command=SMB_COM_NEGOTIATE,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=13040,uid=0,mid=1,wordCount=0,byteCount=12,wordCount=0,dialects=NT
LM 0.12]
new data read from socket: <<DOMAIN_NAME>><1C>/<<WINS_IP_ADDRESS>>
byteCount=38 but readBytesWireFormat returned 18
SmbComNegotiateResponse[command=SMB_COM_NEGOTIATE,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=0,pid=13040,uid=0,mid=1,wordCount=17,byteCount=38,wordCount=17,dialectIndex=0,securityMode=0x3,security=user,encryptedPasswords=true,maxMpxCount=50,maxNumberVcs=1,maxBufferSize=16644,maxRawSize=65536,sessionKey=0x00000000,capabilities=0x0001F3FD,serverTime=Fri
Oct 13 12:04:51 CEST
2006,serverTimeZone=65416,encryptionKeyLength=8,byteCount=38,encryptionKey=0x47CAD50D5783A678,oemDomainName=<<DOMAIN_NAME>>]
treeConnect: unc=\\<<WINS_IP_ADDRESS>>\IPC$,service=?????
sessionSetup: accountName=wro03372,primaryDomain=<<DOMAIN_NAME>>
SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=13040,uid=0,mid=2,wordCount=13,byteCount=113,andxCommand=0x75,andxOffset=174,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24,unicodePasswordLength=24,capabilities=4180,accountName=wro03372,primaryDomain=<<DOMAIN_NAME>>,NATIVE_OS=Windows
XP,NATIVE_LANMAN=jCIFS]
SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=The
operation completed
successfully.,flags=0x0018,flags2=0x0000,signSeq=0,tid=0,pid=13040,uid=0,mid=0,wordCount=4,byteCount=47,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\<<WINS_IP_ADDRESS>>\IPC$,service=?????]
new data read from socket: <<DOMAIN_NAME>><1C>/<<WINS_IP_ADDRESS>>
SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=2051,pid=13040,uid=4096,mid=2,wordCount=3,byteCount=140,andxCommand=0x75,andxOffset=181,isLoggedInAsGuest=false,nativeOs=Windows
Server 2003 3790 Service Pack 1,nativeLanMan=Windows Server 2003
5.2,primaryDomain=<<DOMAIN_NAME>>]
SmbComTreeConnectAndXResponse[command=SMB_COM_TREE_CONNECT_ANDX,received=true,errorCode=The
operation completed
successfully.,flags=0x0098,flags2=0xC003,signSeq=0,tid=2051,pid=13040,uid=4096,mid=2,wordCount=3,byteCount=6,andxCommand=0xFF,andxOffset=196,supportSearchBits=true,shareIsInDfs=false,service=IPC,nativeFileSystem=]
java.net.SocketTimeoutException: Receive timed out
	at java.net.PlainDatagramSocketImpl.receive0(Native Method)
	at java.net.PlainDatagramSocketImpl.receive(Unknown Source)
	at java.net.DatagramSocket.receive(Unknown Source)
	at jcifs.netbios.NameServiceClient.run(NameServiceClient.java:184)
	at java.lang.Thread.run(Unknown Source)

even tho the jcifs.smb.client.soTimeout is set to a very high value this
Exeption is thrown in my Tomcat sysout very quickly ( less than 3 sec ).

I also found another topic
http://lists.samba.org/archive/jcifs/2005-August/005281.html

which says the java.net.SocketTimeoutException: Receive timed out
is harmless but I think it is not.

I cant figure out what is the matter, and I been stuck with this since
yesterday;/.

Christian do you also get the timeOutException in your Tomcat log?

Regards,
Maciej



Eric Glass wrote:
> 
> Are you going direct against Tomcat's HTTP server, or through an
> intermediate web server (Apache or IIS, etc.)?  If you are seeing the
> browser send a Type 3 message, but the server not responding
> appropriately, you should see some messages in the app server log;
> i.e. it would imply the failure is occurring on the backend
> authentication rather than IE just dropping the handshake.
> 
> If you can provide a packet trace, that might give some additional
> insight; ideally one taken at the app server including both HTTP and
> SMB/CIFS traffic, as that would show the end-to-end authentication
> process.  Don't send to the full mailing list though, as it may
> contain sensitive information.
> 
> Otherwise, you can try upping the log level for jCIFS and see if that
> gives any more information.
> 
> 
> Eric
> 
> On 10/13/06, Christian <wuerdemann at gmail.com> wrote:
>> Christian <wuerdemann <at> gmail.com> writes:
>>
>> > When we load the Tomcat Application with IE on the client, we receive a
>> "Page
>> > not found". We did a network capture and found that the server is not
>> > responding to the "type 3" Message of the client.
>>
>> No idea at all? We are really stuck with that problem. Are there specific
>> settings for the Win 2003 DC that has to be enabled?
>>
>> Thanks!
>> Christian
>>
>>
> 
> 

-- 
View this message in context: http://www.nabble.com/Can%27t-get-NTLM-HTTP-Authentication-to-work-tf2416840.html#a6793266
Sent from the Samba - jcifs mailing list archive at Nabble.com.

More information about the jcifs mailing list