[jcifs] JCIFS Pops up dialog box for Authenticating certain users

Ti Lian Hwang lian_hwang.ti at fairprice.com.sg
Thu Jul 10 06:17:39 GMT 2008 

Refer to

http://lists.samba.org/archive/jcifs/2008-June/007991.html

setting as you requested.
This was using 1.2.22c.

To be sure, I just downloaded the latest copy, jcifs 1.2.22
and it STILL has the problem (see below)

NtlmHttpFilter: CHEERS\test6: 0xC0000005: jcifs.smb.SmbAuthException: Invalid access to memory location.

-----------------------------

INFO: Undeploying context [/JcifsTest]
#JCIFS PROPERTIES
#Thu Jul 10 14:09:48 GMT+08:00 2008
java.vendor=Sun Microsystems Inc.
jcifs.smb.lmCompatibility=3
catalina.base=C\:\\Documents and Settings\\lianhwang\\.netbeans\\5.5\\apache-tomcat-5.5.17_base
sun.management.compiler=HotSpot Client Compiler
jcifs.netbios.cachePolicy=1200
catalina.useNaming=true
https.proxyHost=proxy.fairprice.com.sg
os.name=Windows 2000
sun.boot.class.path=C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\rt.jar;C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\i18n.jar;C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\sunrsasign.jar;C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\jsse.jar;C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\jce.jar;C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\charsets.jar;C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\classes
java.util.logging.config.file=C\:\\Documents and Settings\\lianhwang\\.netbeans\\5.5\\apache-tomcat-5.5.17_base\\conf\\logging.properties
sun.desktop=windows
java.vm.specification.vendor=Sun Microsystems Inc.
java.runtime.version=1.5.0_06-b05
http.proxyPort=8080
user.name=lianhwang
shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar
tomcat.util.buf.StringCache.byte.enabled=true
jcifs.smb.client.domain=ZZZZZZ
user.language=en
java.naming.factory.initial=org.apache.naming.java.javaURLContextFactory
sun.boot.library.path=C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\bin
jcifs.smb.client.ssnLimit=1
java.version=1.5.0_06
java.util.logging.manager=org.apache.juli.ClassLoaderLogManager
user.timezone=GMT+08\:00
sun.arch.data.model=32
http.nonProxyHosts=localhost|127.0.0.1|IT24
java.endorsed.dirs=
jcifs.http.domainController=10.10.1.7
sun.cpu.isalist=
sun.jnu.encoding=Cp1252
file.encoding.pkg=sun.io
package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.,sun.beans.
file.separator=\\
java.specification.name=Java Platform API Specification
java.class.version=49.0
user.country=US
java.home=C\:\\Program Files\\Java\\jdk1.5.0_06\\jre
java.vm.info=mixed mode, sharing
os.version=5.0
https.proxyPort=8080
jcifs.smb.client.soTimeout=5000
jcifs.smb.client.password=xxxxxxxxxxxxxxxxxxxxxxxxxxx
path.separator=;
java.vm.version=1.5.0_06-b05
user.variant=
jcifs.smb.client.username=yyyyyyyyyyyyyyyyyyyyyyyyyyy
java.awt.printerjob=sun.awt.windows.WPrinterJob
sun.io.unicode.encoding=UnicodeLittle
awt.toolkit=sun.awt.windows.WToolkit
jcifs.util.loglevel=3
package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
java.naming.factory.url.pkgs=org.apache.naming
user.home=C\:\\Documents and Settings\\lianhwang
java.specification.vendor=Sun Microsystems Inc.
java.library.path=C\:\\Program Files\\Java\\jdk1.5.0_06\\bin;.;C\:\\WINNT\\system32;C\:\\WINNT;C\:\\WINNT\\system32;C\:\\WINNT;C\:\\WINNT\\System32\\Wbem;C\:\\Program Files\\Microsoft SQL Server\\80\\Tools\\BINN;C\:\\Program Files\\Microsoft SQL Server\\80\\Tools\\Binn\\;C\:\\Program Files\\Microsoft SQL Server\\90\\DTS\\Binn\\;C\:\\Program Files\\Microsoft SQL Server\\90\\Tools\\binn\\;C\:\\Program Files\\Microsoft SQL Server\\90\\Tools\\Binn\\VSShell\\Common7\\IDE\\;C\:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies\\;C\:\\Program Files\\cvsnt;C\:\\Program Files\\Common Files\\GTK\\2.0\\bin;C\:\\Program Files\\Subversion\\bin;C\:\\oracle\\ora92\\bin;C\:\\Sun\\jwsdp-2.0\\jwsdp-shared\\bin;C\:\\tilh\\usr\\local\\wbin;C\:\\tilh\\bin;C\:\\cygwin\\bin
java.vendor.url=http\://java.sun.com/
java.vm.vendor=Sun Microsystems Inc.
common.loader=${catalina.home}/common/classes,${catalina.home}/common/i18n/*.jar,${catalina.home}/common/lib/*.jar
java.runtime.name=Java(TM) 2 Runtime Environment, Standard Edition
java.class.path=C\:\\Program Files\\Java\\jdk1.5.0_06\\lib\\tools.jar;C\:\\Program Files\\netbeans-5.5\\enterprise3\\apache-tomcat-5.5.17\\bin\\bootstrap.jar
java.vm.specification.name=Java Virtual Machine Specification
java.vm.specification.version=1.0
catalina.home=C\:\\Program Files\\netbeans-5.5\\enterprise3\\apache-tomcat-5.5.17
sun.cpu.endian=little
sun.os.patch.level=Service Pack 4
java.io.tmpdir=C\:\\Documents and Settings\\lianhwang\\.netbeans\\5.5\\apache-tomcat-5.5.17_base\\temp
java.vendor.url.bug=http\://java.sun.com/cgi-bin/bugreport.cgi
server.loader=${catalina.home}/server/classes,${catalina.home}/server/lib/*.jar
http.proxyHost=proxy.fairprice.com.sg
os.arch=x86
java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment
java.ext.dirs=C\:\\Program Files\\Java\\jdk1.5.0_06\\jre\\lib\\ext
user.dir=C\:\\Program Files\\netbeans-5.5\\enterprise3\\apache-tomcat-5.5.17\\bin
line.separator=\r\n
java.vm.name=Java HotSpot(TM) Client VM
jcifs.smb.client.dfs.disabled=true
file.encoding=Cp1252
java.specification.version=1.5
Jul 10, 2008 2:09:49 PM org.apache.catalina.core.StandardContext start
INFO: Container org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/JcifsTest] has already been started
NtlmHttpFilter: ZZZZZZ\test6: 0xC0000005: jcifs.smb.SmbAuthException: Invalid access to memory location.
>> Failed to negotiate NTLM for null /JcifsTest/test
NtlmHttpFilter: CHEERS\test6: 0xC0000005: jcifs.smb.SmbAuthException: Invalid access to memory location.

-----Original Message-----
From: Michael B Allen [mailto:ioplex at gmail.com]
Sent: Thursday, July 10, 2008 12:03 PM
To: Ti Lian Hwang
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] JCIFS Pops up dialog box for Authenticating certain
users


On 7/9/08, Ti Lian Hwang <lian_hwang.ti at fairprice.com.sg> wrote:
> Setting jcifs.smb.client.ssnLimit = 1
>
>
> does not work when using jcifs.smb.client.username/password
>  It does NOT cause a NPE, but "Invalid access to memory location."
>
>  Please refer again to
>
>  http://lists.samba.org/archive/jcifs/2008-June/007993.html

So did you try 1.2.22+ with jcifs.smb.client.dfs.disabled = true?

>
>
>  NTLM HTTP Filter has been so popular and solves a great
>  problem; it would be sad to see it go.
>
>  OSS has always been about hacks, CIFS is a hack itself.
>
>
>
>  -----Original Message-----
>  From: Michael B Allen [mailto:ioplex at gmail.com]
>  Sent: Thursday, July 10, 2008 10:23 AM
>  To: Ti Lian Hwang
>  Cc: jcifs at lists.samba.org
>  Subject: Re: [jcifs] JCIFS Pops up dialog box for Authenticating certain
>  users
>
>
>  On 7/9/08, Ti Lian Hwang <lian_hwang.ti at fairprice.com.sg> wrote:
>  >
>  > Sorry, I gotta keep refering to this ...
>  >
>  > http://lists.samba.org/archive/jcifs/2008-January/007602.html
>  >
>  > which has worked for me ever since.
>
>  That's not a "fix" for anything. It just disables reusing transports.
>  Setting jcifs.smb.client.ssnLimit = 1 would work equally well
>  (although we recently fixed a bug that caused an NPE when setting that
>  property to 1). But without transport reuse every authentication has
>  to build up and tear down a socket which completely obliterates
>  scalability and that is the greatest strength of the JCIFS NTLM HTTP
>  Filter.
>
>  The only known issue regarding the filter is the "hiccup bug" where
>  transports shutdown in the middle of the NTLM exchange thereby
>  invalidating any in-flight nonces. This is likely to be the issue that
>  you are seeing. It's just a bad interaction between the stateful
>  NTLMSSP and stateless HTTP protocols. The proposed fix for this issue
>  is discussed here:
>
>   http://lists.samba.org/archive/jcifs/2008-June/008019.html
>
>  However this fix will likely never be incorporated. Is is more likely
>  that the NTLM HTTP Filter in general will be dropped with the release
>  of JCIFS 2.0 (assuming a 2.0 ever happens) because the Filter has
>  nothing to do with the CIFS protocol and, more important, the
>  man-in-the-middle hack the Filter uses will not work with NTLMv2 which
>  is gaining popularity (and it's at the center of the "hiccup" bug).
>
>  I believe that an OSS project can actually do harm to the community
>  because it can block the development of a proper solution. The JCIFS
>  NTLM HTTP Filter was an easy solution that was very popular and it
>  actually worked very well all things considered. But it's a hack, it's
>  giving JCIFS a bad name and it needs to be put down.
>
>  I reconnoiter that by removing the NTLM HTTP Filter from JCIFS the
>  community will be forced to act to create a proper SSO Filter for Java
>  Servlet containers. I would be happy to describe how a proper SSO
>  Filter should operate to anyone who is serious about starting such a
>  project.
>
>  Mike
>
>  --
>  Michael B Allen
>  PHP Active Directory SPNEGO SSO
>  http://www.ioplex.com/
>


-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/

More information about the jcifs mailing list