[jcifs] NTLM Authentication issue

David Human Dawie at inobits.com
Tue Aug 26 10:58:33 GMT 2008


We have the same kind of issue here.  Changing the soTimeout to very low
values solves the problem, but I am afraid it is only masking the issue and
not solving it.  Under high loads on the server, the 500 is too much and we
have found a stable value at soTimeout = 200.  The problem with this logic
is that soTimeout is supposed to support multiple sesstions over the same
channel.  Now you have a small value and I suspect, this will increase the
load somewhere and when you run into high latency networking, it will cause
logon problems.

David Human


Michael B Allen-4 wrote:
> 
> That won't work since either the socket will close before a response
> is recieved or under load you'll get two authentication requests within
> 500ms.
> 
> You must use preauthentication.
> 
> Mike
> 
> On Wed, 29 Nov 2006 08:55:48 -0500
> "Anoop Prakash" <anoopatul at gmail.com> wrote:
> 
>> Thanks Jonathan,
>> 
>> I tried out changing the soTimeOut to 500 milliseconds abd it seems to be
>> running fine now.
>> 
>> 
>> On 11/28/06, Jonathan Trumbull <jonathan.trumbull at gmail.com> wrote:
>> >
>> > Anoop,
>> >
>> > You probably need to specify a set of domain credentials explicitly
>> > for preauthentication. We usually just setup a service account just
>> > for this.
>> >
>> > see http://jcifs.samba.org/src/docs/ntlmhttpauth.html#signing
>> >
>> > <init-param>
>> >   <param-name>jcifs.smb.client.username</param-name>
>> >   <param-value>SomeServiceAccount</param-value>
>> > </init-param>
>> >
>> > <init-param>
>> >   <param-name>jcifs.smb.client.password</param-name>
>> >   <param-value>SomeServiceAccountPassword</param-value>
>> > </init-param>
>> >
>> > --Jonathan
>> >
>> > On 11/28/06, Anoop Prakash <anoopatul at gmail.com> wrote:
>> > >
>> > >
>> > > Hello  Mike,
>> > >
>> > >
>> > > We got your reference from the jcifs  mailing list. We found  out an
>> > issue in the mailing list that is similar to the problem we are
>> > facing  while accessing our application using the JCIFS NTLM
>> authentication.
>> > When  multiple users try accessing our application concurrently, only
>> one of
>> > the users  will be allowed to log in. The others are shown the NTLM
>> > authentication box  again and again, even though they enter the right
>> > credentials. The  application is a struts based J2EE application and we
>> are
>> > using   JCIFS version 1.2.8. We tried doing the instructions given in
>> the
>> > link -  http://lists.samba.org/archive/jcifs/2006-June/006304.html . 
>> We
>> > are using a domain controller also in this. I am pasting below a part
>> of
>> > the  web.xml for the application.
>> > >
>> > >
>> > >
>> > >  <filter>
>> > >
>> > >               <filter-name>NtlmHttpFilter</filter-name>
>> > >
>> > >               <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>> > >
>> > >
>> > >
>> > >               <init-param>
>> > >
>> > >                    
>> <param-name>jcifs.http.domainController</param-name>
>> > >
>> > >                     <param-value>CORPDC3</param-value>
>> > >
>> > >               </init-param>
>> > >
>> > >
>> > >
>> > >               <init-param>
>> > >
>> > >                    
>> <param-name>jcifs.smb.lmCompatibility</param-name>
>> > >
>> > >               <param-value>3</param-value>
>> > >
>> > >               </init-param>
>> > >
>> > >  </filter>
>> > >
>> > >
>> > >
>> > > It would be great if you could let us know what could be the
>> > issue.Please let us knowif you need any more details on this.
>> > >
>> > >
>> > >
>> > > Thanks,
>> > >
>> > > Anoop
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > > [jcifs] NTLM Authentication problemMike Streeton mike.streeton at
>> > ardentia.co.uk
>> > > Thu Jun 22 06:51:43 GMT  2006
>> > >
>> > >
>> > >
>> > > Previous message: [jcifs] NTLM Authentication  problem
>> > > Next message: [jcifs] Authenticating Against  Multiple Domain
>> > Controllers
>> > > Messages sorted by: [ date ] [ thread ] [ subject ]  [ author ]
>> > ________________________________
>> > We had problems with some people being able to connect but not other,
>> > > even though they have exactly the same config (XP pro), we got round
>> > > them by setting the following:
>> > >
>> > >
>> > > Configure the JCIFS parameter jcifs.smb.lmCompatibility try setting
>> it
>> > > to 3, 4 or 5
>> > >
>> > > Configure the JCIFS parameter jcifs.netbios.hostname to be the local
>> > > machine
>> > >
>> > >
>> > >
>> > > Set the API documentation on how to do this:
>> > >
>> > > http://jcifs.samba.org/src/docs/api/
>> > >
>> > >
>> > >
>> > > If this does not work post the config/error logs etc and Michael is
>> very
>> > >
>> > > helpful and can usually put you right.
>> > >
>> > >
>> > >
>> > > Thanks
>> > >
>> > >
>> > >
>> > > Mike
>> > >
>> > >
>> > >
>> > > www.ardentia.com the home of NetSearch
>> > >
>> > > ________________________________
>> > >
>> > >
>> > > From: jcifs-bounces+mike.streeton=ardentia.co.uk at lists.samba.org
>> > >
>> > > [mailto:jcifs-bounces+mike.streeton=
>> > > ardentia.co.uk at lists.samba.org] On
>> > > Behalf Of Publius Ismanescu
>> > > Sent: 21 June 2006 21:25
>> > > To:
>> > > jcifs at lists.samba.org
>> > > Subject: [jcifs] NTLM Authentication problem
>> > >
>> > >
>> > >
>> > > Hi everybody,
>> > >
>> > > I have a situation where the NTLM authentication fails. I will
>> explain
>> > > my configuration and the tests we did.
>> > >
>> > >
>> > > We have a weblogic server on AIX server and we use jcifs for NTLM
>> > > authentication. The users that access the website, they all have
>> windows
>> > > desktops, with IE installed.
>> > > All user can access the website properly . The problem start when we
>> > >
>> > > want to let user from outsite the company connect.
>> > >
>> > > The external user connect to a metaframe (Citrix) and they use the IE
>> > > browser on the metaframe server to connect to the internal website.
>> > > The user are propted with a login dialog to enter their user ID and
>> > >
>> > > password. After entering the information they get a server or DNS
>> error.
>> > >
>> > > After we turned the loglevel to see more info from jcifs, it looks
>> like
>> > > the 3-rd handshake does not take place.
>> > >
>> > > Installing Firefox on the metaframe server and testing the
>> > >
>> > > access,everything is working.
>> > > Using IE to connect to a second metaframe server it woks also. IE
>> > > versions on the 2 metaframes is the same.
>> > >
>> > >
>> > > Can anybody help with some IE settings or give me some tips on what
>> else
>> > >
>> > > to look for to solve this.
>> > >
>> > >
>> > > Thank you
>> > >
>> > >
>> > > --
>> > > Publius Ismanescu
>> > > http://publius.wwdb.biz
>> > >
>> > > email: publiusi at gmail.com
>> > >
>> > > -------------- next part --------------
>> > >
>> > > HTML attachment scrubbed and removed
>> > >
>> > >  ________________________________
>> >
>> > >
>> > >
>> > >
>> > > Previous message: [jcifs] NTLM Authentication  problem
>> > > Next message: [jcifs] Authenticating Against  Multiple Domain
>> > Controllers
>> > > Messages sorted by: [ date ] [ thread ] [ subject ]  [ author ]
>> > ________________________________
>> >   More information about the jcifs mailing  list
>> > >
>> > >
>> > >
>> >
>> 
> 
> 
> -- 
> Michael B Allen
> PHP Active Directory SSO
> http://www.ioplex.com/
> 
> 

-- 
View this message in context: http://www.nabble.com/NTLM-Authentication-issue-tp7583052p19158804.html
Sent from the Samba - jcifs mailing list archive at Nabble.com.



More information about the jcifs mailing list