[jcifs] JCIFS with Windows 2000 client problem

Asaf Mesika asaf.mesika at gmail.com
Sun Apr 6 06:57:19 GMT 2008 

I didn't have the certificate issue, rather just the issue that IE decides
not to send the NTLM token.
The solution was to place the hostname we're tying to reach as an IntraNet
site (or Trusted site) in the Security Configuration in Internet Explorer.
This can be done enterprise-wide using local policies.

Asaf


On Fri, Apr 4, 2008 at 9:07 PM, kjain <jain_kapil at bah.com> wrote:

>
> I am not very familiar with the detail working of NTLM process ( as
> described
> in step 3).  Can you tell us what your solution was to this problem?
>
> Thanks,
> Kapil
>
>
> AsafM wrote:
> >
> > I'm not familiar with the whole SSL certificates field, but I am
> > recognizing
> > one piece of your problem, which appeared during my development:
> >
> > client,  after accepting it takes us through without any error.  In case
> > of
> >> IE client on 2000 server,  after accepting we get the 401 Unathorized
> >> rejection error.
> >>
> >
> > I follow you correctly, this is what happens:
> > 1. IE tries to access a protected resource on your web server.
> > 2. The web server detects that its protected thus sends a 401 response
> > with
> > "WWW-Authenticate: NTLM" header.
> > 3. IE realizes it needs to return an NTLM token to the server. From some
> > reason, probably the certificate issue, IE decides not to send the token
> > at
> > all, thus it simply displays the response received in no.2.
> >
> > Am I correct?
> >
> >
> > On Wed, Apr 2, 2008 at 8:28 PM, kjain <jain_kapil at bah.com> wrote:
> >
> >>
> >> "I am working with Steve Wardell on this issue.
> >>
> >> We are getting the SSL certificate issue with IE client on both 2000 or
> >> 2003
> >> server.  Only difference is when we get the SSL certificate issue on
> 2003
> >> client,  after accepting it takes us through without any error.  In
> case
> >> of
> >> IE client on 2000 server,  after accepting we get the 401 Unathorized
> >> rejection error.
> >>
> >> When we try to connect to the servlet from IE,  we get a certificate
> >> security error stating problem with security certificate due following
> >> reasons:  Security certificate was issued by a company not chosen to
> >> trust
> >> and name on the security is invalid or does not match the name of the
> >> site.
> >>
> >> Please let me know if you need any more information .
> >>
> >> Thanks,
> >> Kapil
> >> "
> >>
> >> AsafM wrote:
> >> >
> >> > Basically, what you're saying is that:
> >> >   IE sends the request for the servlet,
> >> >   The server returns the "WWW-Authenticate: NTLM",
> >> >   end of handshake ?
> >> >
> >> > Can you elaborate more on the SSL certificate issue? Although I'm not
> >> sure
> >> > it has anything to do with the NTLM authentication.
> >> >
> >> > On Fri, Mar 28, 2008 at 4:03 AM, Steve Wardell <okapi at yahoo.com>
> wrote:
> >> >
> >> >> I am using the latest JCIFS on WebSphere 6.0 in a simple servlet.
> >> >> Websphere is on a 2003 server. It is authenticating against a
> separate
> >> >> 2003
> >> >> AD server. The servlet works fine when I connect to it from IE on XP
> >> and
> >> >> 2003. However, when I try to connect to it from a 2000 machine
> running
> >> >> IE6,
> >> >> I have problems. I receive the SSL certificate (not fully valid),
> but
> >> >> then
> >> >> after I accept I get an IE Server not found or DNS error non-helpful
> >> IE
> >> >> message. I can connect to a different servlet on the same server and
> >> port
> >> >> that does not use JCIFS or other SSO without problem. I turned up
> the
> >> >> debugging level and don't seem to see anything in the output or
> errors
> >> >> logs.
> >> >> When I use Charles web proxy to try to look at the content, I don't
> >> seem
> >> >> to
> >> >> see much of interest except a 401 Unauthorized rejection in the
> >> response.
> >> >> Any suggestions on how to resolve this?
> >> >>
> >> >> My configuration looks like the following (thou I have changed the
> >> values
> >> >> from actuals):
> >> >>
> >> >>        <init-param>
> >> >>
> >> >>            <param-name>jcifs.http.domainController</param-name>
> >> >>
> >> >>            <param-value>192.168.1.2</param-value>
> >> >>
> >> >>        </init-param>
> >> >>
> >> >>        <init-param>
> >> >>
> >> >>            <param-name>jcifs.smb.client.domain</param-name>
> >> >>
> >> >>            <param-value>DOMAIN</param-value>
> >> >>
> >> >>        </init-param>
> >> >>
> >> >>        <init-param>
> >> >>
> >> >>            <param-name>jcifs.smb.client.username</param-name>
> >> >>
> >> >>            <param-value>username</param-value>
> >> >>
> >> >>        </init-param>
> >> >>
> >> >>        <init-param>
> >> >>
> >> >>            <param-name>jcifs.smb.client.password</param-name>
> >> >>
> >> >>            <param-value>password</param-value>
> >> >>
> >> >>        </init-param>
> >> >>
> >> >> Thanks,
> >> >> Steve
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >>
> ____________________________________________________________________________________
> >> >> Be a better friend, newshound, and
> >> >> know-it-all with Yahoo! Mobile.  Try it now.
> >> >> http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
> >> >>
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/JCIFS-with-Windows-2000-client-problem-tp16343777p16447654.html
> >> Sent from the Samba - jcifs mailing list archive at Nabble.com.
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/JCIFS-with-Windows-2000-client-problem-tp16343777p16495045.html
> Sent from the Samba - jcifs mailing list archive at Nabble.com.
>
>
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list