[jcifs] Meaning / usage of "ssnLimit"

Thu Dec 11 10:23:31 GMT 2008

Hello Mike,
> my suspicion would be that the DC requires NTLMv2.
Imho this isn't our customers problem, since in the test env. it works and 
in production the same DC is used...

> the JCIFS NTLM HTTP Authentication Filter does not and will never 
support NTLMv2
What does this mean? We don't know much about the JCIFS library that 
hasn't to do with the "JCIFS NTLM HTTP Authentication" chapter... our 
intention of using JCIFS was the "single sign on" feature which is 
realised by the filter - do we have a problem with this if NTLMv2 is 
required? Do we have to write an own filter via the API...?

> unfortunate that it's been flagged as a solution by people googling 
around
Well, we found it on the official jcifs page... :)
http://jcifs.samba.org/src/docs/ntlmhttpauth.html#signing

Best regards

Sascha

"Michael B Allen" <ioplex at gmail.com> 
Gesendet von: jcifs-bounces+aweber=comcast.net at lists.samba.org
10.12.2008 18:10

An
Sascha_Klamm at tonbeller.com
Kopie
jcifs at lists.samba.org
Thema
Re: [jcifs] Meaning / usage of "ssnLimit" 

Looks like pre-authentication is simply failing. If you're certain
that it's the right password my suspicion would be that the DC
requires NTLMv2.  But the JCIFS NTLM HTTP Authentication Filter does
not and will never support NTLMv2 (technically the preauth step could
work with NTLMv2 since you have the password but that wouldn't do you
much good since the Filter still wouldn't work).

If course I don't know what the problem is. This is just a guess.

Also, as I've said many times, setting ssnLimit=1 is not a good idea.
It's unfortunate that it's been flagged as a solution by people
googling around and then reposting it.

Mike

-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/

<div style="font-family:sans-serif;font-size:10pt;">
<p><b>TONBELLER AG</b><br>
Werner-von-Siemens-Str. 2<br>
D-64625 Bensheim <br>
Germany</p>

<a href="http://www.tonbeller.com" target="_blank">www.tonbeller.com</a>

<p>Register Court: District Court Darmstadt<br>
Registration: HRB 21474<br>
Managing Board: Rutger Hetzler (CEO), Sebastian Hetzler, Torsten Mayer<br>
Chairman of the Supervisory Board: R&uuml;diger Brand</p>

<hr noshade="noshade" size="1" style="margin:20px 0px;">

<p>This message is for the designated recipient only and may contain
privileged,
proprietary, or otherwise private information. If you have received it
in error,
please notify the sender immediately and delete the original. Any
unauthorised copying or
dissemination of this message is strictly prohibited.</p>

<p>Diese E-Mail enth&auml;lt vertrauliche und/oder rechtlich
gesch&uuml;tzte Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrt&uuml;mlich erhalten
haben, informieren Sie bitte sofort den Absender und vernichten Sie
diese E-Mail.
Das unerlaubte Kopieren sowie die Weitergabe dieser E-Mail ist nicht
gestattet.</p>

</div>