[jcifs] JCIFS Pops up dialog box for Authenticating certain users
Ti Lian Hwang
lian_hwang.ti at fairprice.com.sg
Thu Jul 10 06:17:39 GMT 2008
Refer to
http://lists.samba.org/archive/jcifs/2008-June/007991.html
setting as you requested.
This was using 1.2.22c.
To be sure, I just downloaded the latest copy, jcifs 1.2.22
and it STILL has the problem (see below)
NtlmHttpFilter: CHEERS\test6: 0xC0000005: jcifs.smb.SmbAuthException: Invalid access to memory location.
-----------------------------
INFO: Undeploying context [/JcifsTest]
#JCIFS PROPERTIES
#Thu Jul 10 14:09:48 GMT+08:00 2008
java.vendor=Sun Microsystems Inc.
jcifs.smb.lmCompatibility=3
catalina.base=C\:\\Documents and Settings\\lianhwang\\.netbeans\\5.5\\apache-tomcat-5.5.17_base
sun.management.compiler=HotSpot Client Compiler
jcifs.netbios.cachePolicy=1200
catalina.useNaming=true
https.proxyHost=proxy.fairprice.com.sg
os.name=Windows 2000
sun.boot.class.path=C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\rt.jar;C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\i18n.jar;C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\sunrsasign.jar;C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\jsse.jar;C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\jce.jar;C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\charsets.jar;C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\classes
java.util.logging.config.file=C\:\\Documents and Settings\\lianhwang\\.netbeans\\5.5\\apache-tomcat-5.5.17_base\\conf\\logging.properties
sun.desktop=windows
java.vm.specification.vendor=Sun Microsystems Inc.
java.runtime.version=1.5.0_06-b05
http.proxyPort=8080
user.name=lianhwang
shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar
tomcat.util.buf.StringCache.byte.enabled=true
jcifs.smb.client.domain=ZZZZZZ
user.language=en
java.naming.factory.initial=org.apache.naming.java.javaURLContextFactory
sun.boot.library.path=C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\bin
jcifs.smb.client.ssnLimit=1
java.version=1.5.0_06
java.util.logging.manager=org.apache.juli.ClassLoaderLogManager
user.timezone=GMT+08\:00
sun.arch.data.model=32
http.nonProxyHosts=localhost|127.0.0.1|IT24
java.endorsed.dirs=
jcifs.http.domainController=10.10.1.7
sun.cpu.isalist=
sun.jnu.encoding=Cp1252
file.encoding.pkg=sun.io
package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.,sun.beans.
file.separator=\\
java.specification.name=Java Platform API Specification
java.class.version=49.0
user.country=US
java.home=C\:\\Program Files\\Java\\jdk1.5.0_06\\jre
java.vm.info=mixed mode, sharing
os.version=5.0
https.proxyPort=8080
jcifs.smb.client.soTimeout=5000
jcifs.smb.client.password=xxxxxxxxxxxxxxxxxxxxxxxxxxx
path.separator=;
java.vm.version=1.5.0_06-b05
user.variant=
jcifs.smb.client.username=yyyyyyyyyyyyyyyyyyyyyyyyyyy
java.awt.printerjob=sun.awt.windows.WPrinterJob
sun.io.unicode.encoding=UnicodeLittle
awt.toolkit=sun.awt.windows.WToolkit
jcifs.util.loglevel=3
package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
java.naming.factory.url.pkgs=org.apache.naming
user.home=C\:\\Documents and Settings\\lianhwang
java.specification.vendor=Sun Microsystems Inc.
java.library.path=C\:\\Program Files\\Java\\jdk1.5.0_06\\bin;.;C\:\\WINNT\\system32;C\:\\WINNT;C\:\\WINNT\\system32;C\:\\WINNT;C\:\\WINNT\\System32\\Wbem;C\:\\Program Files\\Microsoft SQL Server\\80\\Tools\\BINN;C\:\\Program Files\\Microsoft SQL Server\\80\\Tools\\Binn\\;C\:\\Program Files\\Microsoft SQL Server\\90\\DTS\\Binn\\;C\:\\Program Files\\Microsoft SQL Server\\90\\Tools\\binn\\;C\:\\Program Files\\Microsoft SQL Server\\90\\Tools\\Binn\\VSShell\\Common7\\IDE\\;C\:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies\\;C\:\\Program Files\\cvsnt;C\:\\Program Files\\Common Files\\GTK\\2.0\\bin;C\:\\Program Files\\Subversion\\bin;C\:\\oracle\\ora92\\bin;C\:\\Sun\\jwsdp-2.0\\jwsdp-shared\\bin;C\:\\tilh\\usr\\local\\wbin;C\:\\tilh\\bin;C\:\\cygwin\\bin
java.vendor.url=http\://java.sun.com/
java.vm.vendor=Sun Microsystems Inc.
common.loader=${catalina.home}/common/classes,${catalina.home}/common/i18n/*.jar,${catalina.home}/common/lib/*.jar
java.runtime.name=Java(TM) 2 Runtime Environment, Standard Edition
java.class.path=C\:\\Program Files\\Java\\jdk1.5.0_06\\lib\\tools.jar;C\:\\Program Files\\netbeans-5.5\\enterprise3\\apache-tomcat-5.5.17\\bin\\bootstrap.jar
java.vm.specification.name=Java Virtual Machine Specification
java.vm.specification.version=1.0
catalina.home=C\:\\Program Files\\netbeans-5.5\\enterprise3\\apache-tomcat-5.5.17
sun.cpu.endian=little
sun.os.patch.level=Service Pack 4
java.io.tmpdir=C\:\\Documents and Settings\\lianhwang\\.netbeans\\5.5\\apache-tomcat-5.5.17_base\\temp
java.vendor.url.bug=http\://java.sun.com/cgi-bin/bugreport.cgi
server.loader=${catalina.home}/server/classes,${catalina.home}/server/lib/*.jar
http.proxyHost=proxy.fairprice.com.sg
os.arch=x86
java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment
java.ext.dirs=C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\ext
user.dir=C\:\\Program Files\\netbeans-5.5\\enterprise3\\apache-tomcat-5.5.17\\bin
line.separator=\r\n
java.vm.name=Java HotSpot(TM) Client VM
jcifs.smb.client.dfs.disabled=true
file.encoding=Cp1252
java.specification.version=1.5
Jul 10, 2008 2:09:49 PM org.apache.catalina.core.StandardContext start
INFO: Container org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/JcifsTest] has already been started
NtlmHttpFilter: ZZZZZZ\test6: 0xC0000005: jcifs.smb.SmbAuthException: Invalid access to memory location.
>> Failed to negotiate NTLM for null /JcifsTest/test
NtlmHttpFilter: CHEERS\test6: 0xC0000005: jcifs.smb.SmbAuthException: Invalid access to memory location.
-----Original Message-----
From: Michael B Allen [mailto:ioplex at gmail.com]
Sent: Thursday, July 10, 2008 12:03 PM
To: Ti Lian Hwang
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] JCIFS Pops up dialog box for Authenticating certain
users
On 7/9/08, Ti Lian Hwang <lian_hwang.ti at fairprice.com.sg> wrote:
> Setting jcifs.smb.client.ssnLimit = 1
>
>
> does not work when using jcifs.smb.client.username/password
> It does NOT cause a NPE, but "Invalid access to memory location."
>
> Please refer again to
>
> http://lists.samba.org/archive/jcifs/2008-June/007993.html
So did you try 1.2.22+ with jcifs.smb.client.dfs.disabled = true?
>
>
> NTLM HTTP Filter has been so popular and solves a great
> problem; it would be sad to see it go.
>
> OSS has always been about hacks, CIFS is a hack itself.
>
>
>
> -----Original Message-----
> From: Michael B Allen [mailto:ioplex at gmail.com]
> Sent: Thursday, July 10, 2008 10:23 AM
> To: Ti Lian Hwang
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] JCIFS Pops up dialog box for Authenticating certain
> users
>
>
> On 7/9/08, Ti Lian Hwang <lian_hwang.ti at fairprice.com.sg> wrote:
> >
> > Sorry, I gotta keep refering to this ...
> >
> > http://lists.samba.org/archive/jcifs/2008-January/007602.html
> >
> > which has worked for me ever since.
>
> That's not a "fix" for anything. It just disables reusing transports.
> Setting jcifs.smb.client.ssnLimit = 1 would work equally well
> (although we recently fixed a bug that caused an NPE when setting that
> property to 1). But without transport reuse every authentication has
> to build up and tear down a socket which completely obliterates
> scalability and that is the greatest strength of the JCIFS NTLM HTTP
> Filter.
>
> The only known issue regarding the filter is the "hiccup bug" where
> transports shutdown in the middle of the NTLM exchange thereby
> invalidating any in-flight nonces. This is likely to be the issue that
> you are seeing. It's just a bad interaction between the stateful
> NTLMSSP and stateless HTTP protocols. The proposed fix for this issue
> is discussed here:
>
> http://lists.samba.org/archive/jcifs/2008-June/008019.html
>
> However this fix will likely never be incorporated. Is is more likely
> that the NTLM HTTP Filter in general will be dropped with the release
> of JCIFS 2.0 (assuming a 2.0 ever happens) because the Filter has
> nothing to do with the CIFS protocol and, more important, the
> man-in-the-middle hack the Filter uses will not work with NTLMv2 which
> is gaining popularity (and it's at the center of the "hiccup" bug).
>
> I believe that an OSS project can actually do harm to the community
> because it can block the development of a proper solution. The JCIFS
> NTLM HTTP Filter was an easy solution that was very popular and it
> actually worked very well all things considered. But it's a hack, it's
> giving JCIFS a bad name and it needs to be put down.
>
> I reconnoiter that by removing the NTLM HTTP Filter from JCIFS the
> community will be forced to act to create a proper SSO Filter for Java
> Servlet containers. I would be happy to describe how a proper SSO
> Filter should operate to anyone who is serious about starting such a
> project.
>
> Mike
>
> --
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/
>
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the jcifs
mailing list