[jcifs] Re: JCIFS with Windows 2000 client problem

[Steve Wardell]

Asaf Mesika <asaf.mesika <at> gmail.com> writes:

> I didn't have the certificate issue, rather just the issue that IE decides not
to send the NTLM token.The solution was to place the hostname we're tying to
reach as an IntraNet site (or Trusted site) in the Security Configuration in
Internet Explorer.
> This can be done enterprise-wide using local policies.Asaf
> On Fri, Apr 4, 2008 at 9:07 PM, kjain <jain_kapil <at> bah.com> wrote:
> 
> I am not very familiar with the detail working of NTLM process ( as described
> in step 3).  Can you tell us what your solution was to this problem?
> 
> AsafM wrote:
> >
> > I'm not familiar with the whole SSL certificates field, but I am
> > recognizing
> > one piece of your problem, which appeared during my development:
> >
> > client,  after accepting it takes us through without any error.  In case
> > of
> >> IE client on 2000 server,  after accepting we get the 401 Unathorized
> >> rejection error.
> >>
> >
> > I follow you correctly, this is what happens:
> > 1. IE tries to access a protected resource on your web server.
> > 2. The web server detects that its protected thus sends a 401 response
> > with
> > "WWW-Authenticate: NTLM" header.
> > 3. IE realizes it needs to return an NTLM token to the server. From some
> > reason, probably the certificate issue, IE decides not to send the token
> > at
> > all, thus it simply displays the response received in no.2.
> >
> > Am I correct?

We have made it further along. Once the SSL items were all matching (hostnames,
trusted CA, dates) and we added the site to the Trusted Sites, jCIFS would work
on Windows 2000 with IE. However, if we take an identically configured machine
and put it across a VPN (I think Cisco VPN), it again fails to work (thou no
warnings pop-up). I can not figure out what might be different that Windows 2000
would not follow through with the NTLM negotiation.

Any ideas?

Thanks,
Steve