[jcifs] Domain Controller and PreAuth

Brown, Melonie mbrown at microstrategy.com
Wed Sep 26 18:33:46 GMT 2007 

There's an older post to the list (copied below) that says preauth and domaincontroller do not work.  
 
Has this been resolved?
 
[I wasn't sure from the descriptions of the changes from the various releases. ]
-------------------------------------------------------------
>On Thu, 19 Jan 2006 16:20:41 +0000
>João Mota <jmota at criticalsoftware.com <https://lists.samba.org/mailman/listinfo/jcifs> > wrote:
>
>  
>
>>Hello,
>>
>>I am having some problems getting transparent authentication to work 
>>with NtlmHttpFilter jcifs-1.2.7, it seems that IE is failling the 
>>negotiation.
>>The domain Controller is a windows 2003 server.
>>
>>The error that shows in the log at the same time that the dialog box to 
>>enter username/password shows up is (i replaced the sensitive data for a 
>>meaningfull word in caps):
>>     NtlmHttpFilter: DOMAIN\USERLOGIN: 0xC0000022: 
>>jcifs.smb.SmbAuthException: Access is denied.
>>    
>>
>
>No doubt this is an SMB signing issue. You need "preauthentication".
>
>  
>
>>Filling in the user and password in the dialog box, the authentication 
>>works ok.
>>
>>My questions are:
>>1) Is it possible to have transparent authentication with the 
>>jcifs.http.domainController specified ?
>>    
>>
>
>No, it was recently discoverd that preauthentication only works if
>jcifs.http.domainController is NOT used. I would use:
>
>  
>
>>   <filter>
>>        <filter-name>NtlmHttpFilter</filter-name>
>>        <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>>    <init-param>
>>        <param-name>jcifs.netbios.wins</param-name>
>>        <param-value>IP</param-value>
>>        </init-param>
>>    <init-param>
>>        <param-name>jcifs.smb.client.domain</param-name>
>>        <param-value>DOMAIN</param-value>
>>        </init-param>
>>    <init-param>
>>        <param-name>jcifs.smb.client.username</param-name>
>>        <param-value>USER</param-value>
>>        </init-param>
>>    <init-param>
>>        <param-name>jcifs.smb.client.password</param-name>
>>        <param-value>PASSWORD</param-value>
>>        </init-param>
>>    <init-param>
>>        <param-name>jcifs.util.loglevel</param-name>
>>        <param-value>2</param-value>
>>        </init-param>
>>    
>>
>
>If you don't have wins then you could try setting jcifs.netbios.lmhosts
>[1] to a file that maps the IP you had for domainController to DOMAIN.
>
>Otherwise, we need to fix the code so that preauth works with
>domainController. It's on The List.
>
>Mike
>
>http://jcifs.samba.org/src/docs/resolver.html
>
>
>
>  
>
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list