[jcifs] Meaning / usage of "ssnLimit"
Sascha_Klamm at tonbeller.com
Sascha_Klamm at tonbeller.com
Wed Dec 10 13:24:41 GMT 2008
Hi everyone,
we're using jcifs 1.3.1 in our webapps... in our own domain (win 2003
server) this always used to work pretty well. At a customers installation
we had the problem: "first user can login, second cannot" with the second
(and following) users getting "access denied" messages - the problem was
solved by using pre-authentication like it was recommended
(http://jcifs.samba.org/src/docs/ntlmhttpauth.html, "SMB Signatures and
Windows 2003"). This worked for the customers test environment. In
production (other server, same DC - we're trying to find the exact
differences in the environment at the moment), the problem is back again,
even with pre-auth. On our way looking for solutions we found the
parameter "jcifs.smb.client.ssnLimit" described as an alternative to
pre-auth. However - using this parameter always leads to errors, even in
our own domain (which until now worked well with several different
configurations).
So we'd like to know what this parameter really does, why it doesn't work
for us (which is why we don't even try it in the customers production
environment), and if it can be a solution to the problem at all.
Configuration:
- tomcat 4.1.36
- jcifs 1.3.1
- web.xml (without pre-auth here, since it makes no difference - it works
if we disable the ssnLimit):
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>tbntsrv.tonbeller.com</param-value>
</init-param>
<init-param>
<param-name>jcifs.util.loglevel</param-name>
<param-value>6</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.ssnLimit</param-name>
<param-value>1</param-value>
</init-param>
</filter>
Error:
For every login try the user gets a dialog to enter his credentials. If he
does, the dialog reappears. This creates the following trace:
SmbComNegotiate[command=SMB_COM_NEGOTIATE,received=false,errorCode=0,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=30970,uid=0,mid=1,wordCount=0,byteCount=12,wordCount=0,dialects=NT
LM 0.12]
00000: FF 53 4D 42 72 00 00 00 00 18 03 C0 00 00 00 00 | SMBr......+....|
00010: 00 00 00 00 00 00 00 00 00 00 FA 78 00 00 01 00 |..........·x....|
00020: 00 0C 00 02 4E 54 20 4C 4D 20 30 2E 31 32 00 |....NT LM 0.12. |
New data read: Transport1[tbntsrv.tonbeller.com/193.203.163.80:0]
00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00 | SMBr......+....|
00010: 00 00 00 00 00 00 00 00 00 00 FA 78 00 00 01 00 |..........·x....|
byteCount=34 but readBytesWireFormat returned 16
SmbComNegotiateResponse[command=SMB_COM_NEGOTIATE,received=false,errorCode=0,flags=0x0098,flags2=0xC003,signSeq=0,tid=0,pid=30970,uid=0,mid=1,wordCount=17,byteCount=34,wordCount=17,dialectIndex=0,securityMode=0x7,security=user,encryptedPasswords=true,maxMpxCount=50,maxNumberVcs=1,maxBufferSize=16644,maxRawSize=65536,sessionKey=0x00000000,capabilities=0x0001F3FD,serverTime=Wed
Dec 10 11:58:51 CET
2008,serverTimeZone=65476,encryptionKeyLength=8,byteCount=34,oemDomainName=TBNT]
00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00 | SMBr......+....|
00010: 00 00 00 00 00 00 00 00 00 00 FA 78 00 00 01 00 |..........·x....|
00020: 11 00 00 07 32 00 01 00 04 41 00 00 00 00 01 |....2....A..... |
SmbComNegotiate[command=SMB_COM_NEGOTIATE,received=false,errorCode=0,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=30970,uid=0,mid=1,wordCount=0,byteCount=12,wordCount=0,dialects=NT
LM 0.12]
00000: FF 53 4D 42 72 00 00 00 00 18 03 C0 00 00 00 00 | SMBr......+....|
00010: 00 00 00 00 00 00 00 00 00 00 FA 78 00 00 01 00 |..........·x....|
00020: 00 0C 00 02 4E 54 20 4C 4D 20 30 2E 31 32 00 |....NT LM 0.12. |
New data read: Transport2[tbntsrv.tonbeller.com/193.203.163.80:0]
00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00 | SMBr......+....|
00010: 00 00 00 00 00 00 00 00 00 00 FA 78 00 00 01 00 |..........·x....|
byteCount=34 but readBytesWireFormat returned 16
SmbComNegotiateResponse[command=SMB_COM_NEGOTIATE,received=false,errorCode=0,flags=0x0098,flags2=0xC003,signSeq=0,tid=0,pid=30970,uid=0,mid=1,wordCount=17,byteCount=34,wordCount=17,dialectIndex=0,securityMode=0x7,security=user,encryptedPasswords=true,maxMpxCount=50,maxNumberVcs=1,maxBufferSize=16644,maxRawSize=65536,sessionKey=0x00000000,capabilities=0x0001F3FD,serverTime=Wed
Dec 10 11:58:51 CET
2008,serverTimeZone=65476,encryptionKeyLength=8,byteCount=34,oemDomainName=TBNT]
00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00 | SMBr......+....|
00010: 00 00 00 00 00 00 00 00 00 00 FA 78 00 00 01 00 |..........·x....|
00020: 11 00 00 07 32 00 01 00 04 41 00 00 00 00 01 |....2....A..... |
SmbComNegotiate[command=SMB_COM_NEGOTIATE,received=false,errorCode=0,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=30970,uid=0,mid=1,wordCount=0,byteCount=12,wordCount=0,dialects=NT
LM 0.12]
00000: FF 53 4D 42 72 00 00 00 00 18 03 C0 00 00 00 00 | SMBr......+....|
00010: 00 00 00 00 00 00 00 00 00 00 FA 78 00 00 01 00 |..........·x....|
00020: 00 0C 00 02 4E 54 20 4C 4D 20 30 2E 31 32 00 |....NT LM 0.12. |
New data read: Transport3[tbntsrv.tonbeller.com/193.203.163.80:0]
00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00 | SMBr......+....|
00010: 00 00 00 00 00 00 00 00 00 00 FA 78 00 00 01 00 |..........·x....|
byteCount=34 but readBytesWireFormat returned 16
SmbComNegotiateResponse[command=SMB_COM_NEGOTIATE,received=false,errorCode=0,flags=0x0098,flags2=0xC003,signSeq=0,tid=0,pid=30970,uid=0,mid=1,wordCount=17,byteCount=34,wordCount=17,dialectIndex=0,securityMode=0x7,security=user,encryptedPasswords=true,maxMpxCount=50,maxNumberVcs=1,maxBufferSize=16644,maxRawSize=65536,sessionKey=0x00000000,capabilities=0x0001F3FD,serverTime=Wed
Dec 10 11:58:51 CET
2008,serverTimeZone=65476,encryptionKeyLength=8,byteCount=34,oemDomainName=TBNT]
00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00 | SMBr......+....|
00010: 00 00 00 00 00 00 00 00 00 00 FA 78 00 00 01 00 |..........·x....|
00020: 11 00 00 07 32 00 01 00 04 41 00 00 00 00 01 |....2....A..... |
treeConnect: unc=\\tbntsrv.tonbeller.com\IPC$,service=?????
sessionSetup: accountName=skl,primaryDomain=TBNT
SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=30970,uid=0,mid=2,wordCount=13,byteCount=101,andxCommand=0x75,andxOffset=162,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,lmHash.length=24,ntHash.length=24,capabilities=4180,accountName=skl,primaryDomain=TBNT,NATIVE_OS=Windows
XP,NATIVE_LANMAN=jCIFS]
SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0x0000,signSeq=0,tid=0,pid=30970,uid=0,mid=0,wordCount=4,byteCount=65,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\tbntsrv.tonbeller.com\IPC$,service=?????]
00000: FF 53 4D 42 73 00 00 00 00 18 03 C0 00 00 00 00 | SMBs......+....|
00010: 00 00 00 00 00 00 00 00 00 00 FA 78 00 00 02 00 |..........·x....|
00020: 0D 75 00 A2 00 04 41 0A 00 01 00 00 00 00 00 18 |.u.ó..A.........|
00030: 00 18 00 00 00 00 00 54 10 00 00 65 00 62 94 A2 |.......T...e.b.ó|
00040: E8 3A C3 E1 95 4F A0 77 25 E9 5D 24 75 F7 BB E9 |Þ:+ß.Oáw%Ú]$u¸+Ú|
00050: 1E D4 D9 97 B8 D1 43 2D 67 0C 5D B2 C3 4F 1E DF |.È+.©ÐC-g.]¦+O.¯|
00060: 3C 90 69 BD 95 B7 F8 FE 64 36 30 59 BF 00 73 00 |<.i¢.À°¦d60Y+.s.|
00070: 6B 00 6C 00 00 00 54 00 42 00 4E 00 54 00 00 00 |k.l...T.B.N.T...|
00080: 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 |W.i.n.d.o.w.s. .|
00090: 58 00 50 00 00 00 6A 00 43 00 49 00 46 00 53 00 |X.P...j.C.I.F.S.|
000A0: 00 00 04 FF 00 DE DE 00 00 01 00 41 00 00 5C 00 |... .ÌÌ....A..\.|
000B0: 5C 00 74 00 62 00 6E 00 74 00 73 00 72 00 76 00 |\.t.b.n.t.s.r.v.|
000C0: 2E 00 74 00 6F 00 6E 00 62 00 65 00 6C 00 6C 00 |..t.o.n.b.e.l.l.|
000D0: 65 00 72 00 2E 00 63 00 6F 00 6D 00 5C 00 49 00 |e.r...c.o.m.\.I.|
000E0: 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 |P.C.$...?????. |
New data read: Transport3[tbntsrv.tonbeller.com/193.203.163.80:0]
00000: FF 53 4D 42 73 6D 00 00 C0 98 03 C0 00 00 00 00 | SMBsm..+..+....|
00010: 00 00 00 00 00 00 00 00 00 00 FA 78 00 00 02 00 |..........·x....|
SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=Logon
failure: unknown user name or bad
password.,flags=0x0098,flags2=0xC003,signSeq=0,tid=0,pid=30970,uid=0,mid=2,wordCount=0,byteCount=0,andxCommand=0xFF,andxOffset=0,isLoggedInAsGuest=false,nativeOs=,nativeLanMan=,primaryDomain=]
00000: FF 53 4D 42 73 6D 00 00 C0 98 03 C0 00 00 00 00 | SMBsm..+..+....|
00010: 00 00 00 00 00 00 00 00 00 00 FA 78 00 00 02 00 |..........·x....|
00020: 00 00 00 |... |
NtlmHttpFilter: TBNT\skl: 0xC000006D: jcifs.smb.SmbAuthException: Logon
failure: unknown user name or bad password.
Thanks in advance for any hints :)
Greetings
Sascha
<div style="font-family:sans-serif;font-size:10pt;">
<p><b>TONBELLER AG</b><br>
Werner-von-Siemens-Str. 2<br>
D-64625 Bensheim <br>
Germany</p>
<a href="http://www.tonbeller.com" target="_blank">www.tonbeller.com</a>
<p>Register Court: District Court Darmstadt<br>
Registration: HRB 21474<br>
Managing Board: Rutger Hetzler (CEO), Sebastian Hetzler, Torsten Mayer<br>
Chairman of the Supervisory Board: Rüdiger Brand</p>
<hr noshade="noshade" size="1" style="margin:20px 0px;">
<p>This message is for the designated recipient only and may contain
privileged,
proprietary, or otherwise private information. If you have received it
in error,
please notify the sender immediately and delete the original. Any
unauthorised copying or
dissemination of this message is strictly prohibited.</p>
<p>Diese E-Mail enthält vertrauliche und/oder rechtlich
geschützte Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten
haben, informieren Sie bitte sofort den Absender und vernichten Sie
diese E-Mail.
Das unerlaubte Kopieren sowie die Weitergabe dieser E-Mail ist nicht
gestattet.</p>
</div>
More information about the jcifs
mailing list