[jcifs] Intermittent authentication failures
Chris Kimpton
chris.kimpton at rabobank.com
Tue Dec 11 15:10:19 GMT 2007
Hi,
We have a website that is using jcifs for NT authentication and is generally
working fine. We are using version 1.2.17. This is via the NtlmFilter, under
tomcat, running inside jboss 4.0.5.
On a few pages we have some live updating stuff, done via ajax/dwr. They do
not update too frequently - one call every 3-4 seconds, with checks to ensure
we do not make a new call if the previous one is still pending.
Intermittently, one of these ajax calls fails authentication and we get a
username/password popup box.
We are not sure what is causing this - busy domain controller, perhaps.
The jcifs settings are:
set params=%params% -Djcifs.http.basicRealm=[some realm]
set params=%params% -Djcifs.netbios.wins=[dc server dns name]
set params=%params% -Djcifs.smb.client.domain=[our domain]
set params=%params% -Djcifs.resolveOrder=DNS
set params=%params% -Djcifs.http.domainController=[dc server dns name]
set params=%params% -Djcifs.smb.client.domain.full=[our fq domain]
set params=%params% -Djcifs.smb.client.username=[a dedicated user]
set params=%params% -Djcifs.smb.client.password=[its password]
Below is an example of what we see in the logs.
We are using the NtlmFilter. I have tried subclassing it, with a view to
trapping an exception (but that does not seem to happen) or check whether the
ntlmAuth item is in the session - but that seems to be always present once
logged on.
If we can trap one of these conditions, my thoughts are that we could then re-
try the login a few times, with a delay between, to see if its just a busy DC.
So - has anybody got any tips on how to achieve this or which jcifs parameters
we could play with to make it cope with this situation.
Many thanks in advance,
Chris
2007-12-11 08:18:04,589 ERROR [STDERR] NtlmHttpFilter: blahblah successfully
authenticated against blahblah
2007-12-11 08:18:05,636 ERROR [STDERR] NtlmHttpFilter: blahblah successfully
authenticated against blahblah
2007-12-11 08:18:08,277 ERROR [STDERR] SmbComTreeDisconnect
[command=SMB_COM_TREE_DISCONNECT,received=false,errorCode=0,flags=0x0018,flags2
=0xC003,signSeq=0,tid=2054,pid=29853,uid=4098,mid=0,wordCount=0,byteCount=0]
2007-12-11 08:18:08,277 ERROR [STDERR] 00000: FF 53 4D 42 71 00 00 00 00 18 03
C0 00 00 00 00 |ÿSMBq......À....|
00010: 00 00 00 00 00 00 00 00 06 08 9D 74 02 10 00 00 |...........t....|
00020: 00 00 00 |... |
2007-12-11 08:18:08,277 ERROR [STDERR] SmbComLogoffAndX
[command=SMB_COM_LOGOFF_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0xC
003,signSeq=0,tid=0,pid=29853,uid=4098,mid=0,wordCount=2,byteCount=0,andxComman
d=0xFF,andxOffset=0]
2007-12-11 08:18:08,277 ERROR [STDERR] 00000: FF 53 4D 42 74 00 00 00 00 18 03
C0 00 00 00 00 |ÿSMBt......À....|
00010: 00 00 00 00 00 00 00 00 00 00 9D 74 02 10 00 00 |...........t....|
00020: 02 FF 00 DE DE 00 00 |.ÿ.ÞÞ.. |
2007-12-11 08:18:08,652 ERROR [STDERR] SmbComNegotiate
[command=SMB_COM_NEGOTIATE,received=false,errorCode=0,flags=0x0018,flags2=0xC00
3,signSeq=0,tid=0,pid=29853,uid=0,mid=15,wordCount=0,byteCount=12,wordCount=0,d
ialects=NT LM 0.12]
2007-12-11 08:18:08,652 ERROR [STDERR] 00000: FF 53 4D 42 72 00 00 00 00 18 03
C0 00 00 00 00 |ÿSMBr......À....|
00010: 00 00 00 00 00 00 00 00 00 00 9D 74 00 00 0F 00 |...........t....|
00020: 00 0C 00 02 4E 54 20 4C 4D 20 30 2E 31 32 00 |....NT LM 0.12. |
2007-12-11 08:18:08,667 ERROR [STDERR] New data read: Transport1
[utcs111d12/172.17.40.2:0]
2007-12-11 08:18:08,667 ERROR [STDERR] 00000: FF 53 4D 42 72 00 00 00 00 98 03
C0 00 00 00 00 |ÿSMBr......À....|
00010: 00 00 00 00 00 00 00 00 00 00 9D 74 00 00 0F 00 |...........t....|
2007-12-11 08:18:08,667 ERROR [STDERR] byteCount=50 but readBytesWireFormat
returned 26
2007-12-11 08:18:08,667 ERROR [STDERR] SmbComNegotiateResponse
[command=SMB_COM_NEGOTIATE,received=false,errorCode=0,flags=0x0098,flags2=0xC00
3,signSeq=0,tid=0,pid=29853,uid=0,mid=15,wordCount=17,byteCount=50,wordCount=17
,dialectIndex=0,securityMode=0x7,security=user,encryptedPasswords=true,maxMpxCo
unt=50,maxNumberVcs=1,maxBufferSize=16644,maxRawSize=65536,sessionKey=0x0000000
0,capabilities=0x0001F3FD,serverTime=Tue Dec 11 08:18:08 GMT
2007,serverTimeZone=65476,encryptionKeyLength=8,byteCount=50,encryptionKey=0x00
1867E63843EBA9,oemDomainName=RABODEVEU]
2007-12-11 08:18:08,667 ERROR [STDERR] 00000: FF 53 4D 42 72 00 00 00 00 98 03
C0 00 00 00 00 |ÿSMBr......À....|
00010: 00 00 00 00 00 00 00 00 00 00 9D 74 00 00 0F 00 |...........t....|
00020: 11 00 00 07 32 00 01 00 04 41 00 00 00 00 01 |....2....A..... |
2007-12-11 08:18:08,667 ERROR [STDERR] treeConnect:
unc=\\blahblah\IPC$,service=?????
2007-12-11 08:18:08,667 ERROR [STDERR] sessionSetup:
accountName=blahblah,primaryDomain=blahblah
2007-12-11 08:18:08,667 ERROR [STDERR] SmbComSessionSetupAndX
[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=0,flags=0x0018,fla
gs2=0xC003,signSeq=0,tid=0,pid=29853,uid=0,mid=16,wordCount=13,byteCount=121,an
dxCommand=0x75,andxOffset=182,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,ses
sionKey=0,passwordLength=24,unicodePasswordLength=24,capabilities=4180,accountN
ame=blahblah,primaryDomain=blahblah,NATIVE_OS=Windows XP,NATIVE_LANMAN=jCIFS]
2007-12-11 08:18:08,667 ERROR [STDERR] SmbComTreeConnectAndX
[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=0,flags=0x0018,flag
s2=0x0000,signSeq=0,tid=0,pid=29853,uid=0,mid=0,wordCount=4,byteCount=43,andxCo
mmand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\b
lahblah\IPC$,service=?????]
2007-12-11 08:18:08,667 ERROR [STDERR] 00000: FF 53 4D 42 73 00 00 00 00 18 03
C0 00 00 00 00 |ÿSMBs......À....|
00010: 00 00 00 00 00 00 00 00 00 00 9D 74 00 00 10 00 |...........t....|
00020: 0D 75 00 B6 00 04 41 0A 00 01 00 00 00 00 00 18 |.u.¶..A.........|
00030: 00 18 00 00 00 00 00 54 10 00 00 79 00 CF 1D A5 |.......T...y.Ï.¥|
00040: FB E6 09 95 03 FB 93 DA CE 86 20 0E 48 EA 40 1E |ûæ...û.ÚÎ. .Hê@.|
00050: 9A 0D 0B F9 86 E8 D1 8C BC F2 6C AC 29 8A 1C 4F |...ù.èÑ.¼òl¬)..O|
00060: 07 78 59 44 02 EB 59 25 11 40 DC 5D 9C 00 6B 00 |.xYD.ëY%.@Ü]..k.|
00070: 69 00 6D 00 70 00 74 00 6F 00 6E 00 63 00 00 00 |i.m.p.t.o.n.c...|
00080: 52 00 41 00 42 00 4F 00 44 00 45 00 56 00 45 00 |R.A.B.O.D.E.V.E.|
00090: 55 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 |U...W.i.n.d.o.w.|
000A0: 73 00 20 00 58 00 50 00 00 00 6A 00 43 00 49 00 |s. .X.P...j.C.I.|
000B0: 46 00 53 00 00 00 04 FF 00 DE DE 00 00 01 00 2B |F.S....ÿ.ÞÞ....+|
000C0: 00 00 5C 00 5C 00 75 00 74 00 63 00 73 00 31 00 |..\.\.u.t.c.s.1.|
000D0: 31 00 31 00 64 00 31 00 32 00 5C 00 49 00 50 00 |1.1.d.1.2.\.I.P.|
000E0: 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 |C.$...?????. |
2007-12-11 08:18:08,683 ERROR [STDERR] New data read: Transport1
[utcs111d12/172.17.40.2:0]
2007-12-11 08:18:08,683 ERROR [STDERR] 00000: FF 53 4D 42 73 00 00 00 00 98 03
C0 00 00 00 00 |ÿSMBs......À....|
00010: 00 00 00 00 00 00 00 00 01 08 9D 74 01 08 10 00 |...........t....|
2007-12-11 08:18:08,699 ERROR [STDERR] SmbComSessionSetupAndXResponse
[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=0,flags=0x0098,fla
gs2=0xC003,signSeq=0,tid=2049,pid=29853,uid=2049,mid=16,wordCount=3,byteCount=1
48,andxCommand=0x75,andxOffset=189,isLoggedInAsGuest=false,nativeOs=Windows
Server 2003 3790 Service Pack 2,nativeLanMan=Windows Server 2003
5.2,primaryDomain=RABODEVEU]
2007-12-11 08:18:08,699 ERROR [STDERR] 00000: FF 53 4D 42 73 00 00 00 00 98 03
C0 00 00 00 00 |ÿSMBs......À....|
00010: 00 00 00 00 00 00 00 00 01 08 9D 74 01 08 10 00 |...........t....|
00020: 03 75 00 BD 00 00 00 94 00 41 57 00 69 00 6E 00 |.u.½.....AW.i.n.|
00030: 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 |d.o.w.s. .S.e.r.|
00040: 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 |v.e.r. .2.0.0.3.|
00050: 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 | .3.7.9.0. .S.e.|
00060: 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 |r.v.i.c.e. .P.a.|
00070: 63 00 6B 00 20 00 32 00 00 00 57 00 69 00 6E 00 |c.k. .2...W.i.n.|
00080: 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 |d.o.w.s. .S.e.r.|
00090: 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 |v.e.r. .2.0.0.3.|
000A0: 20 00 35 00 2E 00 32 00 00 00 52 00 41 00 42 00 | .5...2...R.A.B.|
000B0: 4F 00 44 00 45 00 56 00 45 00 55 00 00 03 FF 00 |O.D.E.V.E.U...ÿ.|
000C0: CC 00 01 00 06 00 49 50 43 00 00 00 |Ì.....IPC... |
2007-12-11 08:18:08,699 ERROR [STDERR] NtlmHttpFilter: blahblah successfully
authenticated against blahblah
2007-12-11 08:18:09,574 ERROR [STDERR] NtlmHttpFilter: blahblah successfully
authenticated against blahblah
More information about the jcifs
mailing list