[jcifs] Problem with auto ntlm authentication
Jay Kraly
jaykraly at gmail.com
Wed Mar 12 20:51:31 GMT 2008
BTW - I figured out the problem. It appears that my organization requires
ntlm2 via the ntlmminclientsec registry key set to 0x20080030. I removed
the 8 and everything works fine from both browsers. Guess I should have
checked this first :)
Are there any plans (hacks?) to support NTLM2 or do I have to look for a new
solution?
2008/3/11 Jay Kraly <jaykraly at gmail.com>:
> Please let me know if I can give you this information in a different
> format, but here is what I see in WireShark :
>
> 1) GET /timesheets/index.action HTTP/1.1
> 2) HTTP/1.1 401 Unauthorized
> 3) GET /timesheets/index.action HTTP/1.1, NTLMSSP_NEGOTIATE
> 4) HTTP/1.1 401 Unauthorized, NTLMSSP_CHALLENGE
>
> This is where it stops and firefox just goes blank. IE stops here as well
> but displays an error page. Headers and negotation steps are the same
> though. As far as the detailed HTTP headers I see the following associated
> with the numbered steps above:
>
> 2) WWW-Authenticate: NTLM
> 3) Authorization: NTLM
> TlRMTVNTUAMBAAAAB7IIogMOAwAyAADACgAKACgAIAAFAFgKAAIAD0xBCE1LUkFDWUpOSUg=
> 4) WWW-Authenticate: NTLM
> TlRMTVNTUAACAAAABgAGMDAAAAAFOoEADxnXuIsuA5IAIAAAAAAAAF4ALgA2AIAATEBJAEgAAgAGAE4ASQBIAAEADABKAEMASQBGAFMANgAzAF8AMQAwADEAXwBDADgAAAAAAA==
>
> Thanks for any help you can give me. Also, it is worth re-pointing out
> that if I remove the server from my list of trusted sites so that I login
> through the popup everything authenticates successfully.
>
> -J
>
> 2008/3/11 Asaf Mesika <asaf.mesika at gmail.com>:
>
> Can you please list down the negotiation steps and the exact point it has
> > stopped?
> > You can use WireShark to see the content of the HTTP headers. Mainly
> > imporant are the following headers:
> > www-authenticate
> > www-authorize
> >
> > We'll start with that until we'll get to the root of the problem.
> >
> > Asaf
> >
> >
> > 2008/3/8 Jay Kraly <jaykraly at gmail.com>:
> >
> > I have a jboss 4.2.2 server using jcifs_1.2.18 with jdk1.6.0_03. The
> > > domain controller is win 2003. When I hit a protected page in IE7 I see
> > > some negotation with the server and then the debug output just stops and IE
> > > displays a "Internet Explorer cannot display the webpage" error. Thinking
> > > it was an IE7 problem I tried with Firefox, and was able to login
> > > successfully using a basic authentication popup. Next I tried switching
> > > firefox to allow automatic authentication to the site, and it now also stops
> > > at the same place as IE7.
> > >
> > > How can I fix this problem? I have seen other similar posts in the
> > > archive, but none with an answer. Thanks in advance. Sample config file
> > > and output is below.
> > >
> > > -J
> > >
> > > <filter>
> > > <filter-name>NTLM HTTP Authentication Filter</filter-name>
> > > <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > >
> > > <init-param>
> > > <param-name>jcifs.http.domainController</param-name>
> > > <param-value>BLAH</param-value>
> > > </init-param>
> > >
> > > <init-param>
> > > <param-name>jcifs.netbios.hostname</param-name>
> > > <param-value>BLAH</param-value>
> > > </init-param>
> > >
> > > <init-param>
> > > <param-name>jcifs.smb.client.domain</param-name>
> > > <param-value>BLAH</param-value>
> > > </init-param>
> > >
> > > <init-param>
> > > <param-name>jcifs.util.loglevel</param-name>
> > > <param-value>8</param-value>
> > > </init-param>
> > > </filter>
> > >
> > >
> > > 18:44:12,607 ERROR [STDERR] session established ok with
> > > BLAH<00>/156.40.41
> > > .206
> > > 18:44:12,607 ERROR [STDERR]
> > > SmbComNegotiate[command=SMB_COM_NEGOTIATE,received=f
> > >
> > > alse,errorCode=0,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=11880,uid=0,mid=
> > > 4,wordCount=0,byteCount=12,wordCount=0,dialects=NT LM 0.12]
> > > 18:44:12,607 ERROR [STDERR] 00000: FF 53 4D 42 72 00 00 00 00 18 03 C0
> > > 00 00 00
> > > 00 | SMBr......└....|
> > > 00010: 00 00 00 00 00 00 00 00 00 00 68 2E 00 00 04 00
> > > |..........h.....|
> > > 00020: 00 0C 00 02 4E 54 20 4C 4D 20 30 2E 31 32 00 |....NT LM
> > > 0.12. |
> > > 18:44:12,607 ERROR [STDERR] New data read:
> > > Transport1[BLAH<00>/BLAH:139]
> > > 18:44:12,623 ERROR [STDERR] 00000: FF 53 4D 42 72 00 00 00 00 98 03 C0
> > > 00 00 00
> > > 00 | SMBr......└....|
> > > 00010: 00 00 00 00 00 00 00 00 00 00 68 2E 00 00 04 00
> > > |..........h.....|
> > > 18:44:12,623 ERROR [STDERR] byteCount=38 but readBytesWireFormat
> > > returned 14
> > > 18:44:12,623 ERROR [STDERR]
> > > SmbComNegotiateResponse[command=SMB_COM_NEGOTIATE,re
> > >
> > > ceived=false,errorCode=0,flags=0x0098,flags2=0xC003,signSeq=0,tid=0,pid=11880,ui
> > >
> > > d=0,mid=4,wordCount=17,byteCount=38,wordCount=17,dialectIndex=0,securityMode=0x7
> > >
> > > ,security=user,encryptedPasswords=true,maxMpxCount=10,maxNumberVcs=1,maxBufferSi
> > >
> > > ze=4356,maxRawSize=65536,sessionKey=0x00000000,capabilities=0x0000E3FD,serverTim
> > > e=Fri Mar 07 18:44:12 EST
> > > 2008,serverTimeZone=300,encryptionKeyLength=8,byteCoun
> > > t=38,encryptionKey=0xC18EE8D8F33FEEF9,oemDomainName=BLAH]
> > > 18:44:12,623 ERROR [STDERR] 00000: FF 53 4D 42 72 00 00 00 00 98 03 C0
> > > 00 00 00
> > > 00 | SMBr......└....|
> > > 00010: 00 00 00 00 00 00 00 00 00 00 68 2E 00 00 04 00
> > > |..........h.....|
> > > 00020: 11 00 00 07 0A 00 01 00 04 11 00 00 00 00 01
> > > |............... |
> > >
> >
> >
>
-------------- next part --------------
3�j?Zr�???
???y??v?????
More information about the jcifs
mailing list