[jcifs] NTLM V2 authentication is failing with JCIFS (sample java
program which uses JCIFS to contact the Proxy server with
NTLMV2 authentication)
Michael B Allen
ioplex at gmail.com
Thu Nov 6 16:25:43 GMT 2008
Hi Nagaraja,
Just set jcifs.lmCompatibility = 0 and
jcifs.smb.client.useExtendedSecurity = false. That should cause JCIFS
to use the old NTLMv1 behavior which is known to work with
NtlmHttpURLConnection.
I have made a note of the NtlmHttpURLConnection w/ NTLMv2 issue but I
have not addressed anything in the jcifs.http* packages as they will
be removed in JCIFS 2.x. If I happen-stance across the issue I will
fix it in 1.3 but otherwise, at this point, it is only important to
JCIFS that NTLMv2 work correctly with the CIFS protocol. The other
HTTP protocol stuff is only supported with NTLMv1. Instead, JCIFS will
expose the NTLM implementation (v1 and v2) sufficiently so that other
projects can handle other protocols. For example, the Apache HTTP
client could use JCIFS to implement proper NTLM authentication
behavior and in fact already does use some JCIFS code (albeit rather
sloppily).
However, this issue sounds like it could be a problem with the NTLMv2
code in general. If you would like to send me a packet capture, I will
make sure that the NTLMv2 code can handle the various NTLMSSP flags
and target information. That may or may not fix this issue.
Mike
On Thu, Nov 6, 2008 at 7:35 AM, Nagaraja Joshi
<joshinagaraja at rediffmail.com> wrote:
>
> Hi,
>
> We are using a sample java program which uses JCIFS library to communicate
> using NTLMV2 authentication to a proxy server.
>
> Also we are using the proxy server credentails to communicate through our
> sample program (i.e IAS proxy which uses NTLMV2 Authentication)
>
> However we are facing this issue when we execute the sample program :
>
> Exception in thread "main" java.lang.NullPointerException
> at
> jcifs.smb.NtlmPasswordAuthentication.getNTLMv2Response(NtlmPasswordAuthentication.java:246)
> at jcifs.ntlmssp.Type3Message.getNTLMv2Response(Type3Message.java:584)
> at jcifs.ntlmssp.Type3Message.<init>(Type3Message.java:229)
> at
> jcifs.http.NtlmHttpURLConnection.attemptNegotiation(NtlmHttpURLConnection.java:566)
> at
> jcifs.http.NtlmHttpURLConnection.doHandshake(NtlmHttpURLConnection.java:452)
> at
> jcifs.http.NtlmHttpURLConnection.handshake(NtlmHttpURLConnection.java:103)
> at
> jcifs.http.NtlmHttpURLConnection.getInputStream(NtlmHttpURLConnection.java:240)
> at java.net.URL.openStream(Unknown Source)
> at JCIFS.main(JCIFS.java:60)
>
> The above problem is caused due to targetInfo value passed to the public
> static byte[] getNTLMv2Response( ) method of the
> NtlmPasswordAuthentication.java file becoming null.
>
> The following line is causing the issue :
>
> byte[] temp = new byte[28 + targetInfo.length]; //here targetInfo is
> becoming null.
>
> Heres the Sample Program which we used to execute the same :
>
>
>
> import java.io.*;
>
> import java.net.*;
>
> import jcifs.*;
>
> public class JCIFS {
>
> public static void main(String[] args) throws Exception {
>
> // Normally set this outside application.
> // Note that as a side effect due to the way handlers are located,
> // you can also achieve this by simply doing:
> Config.registerSmbURLHandler();
> // which we already do to register the smb handler.
> // String pkgs = System.getProperty("java.protocol.handler.pkgs");
> // pkgs = (pkgs != null) ? "http|" + pkgs : "http";
> //System.setProperty("java.protocol.handler.pkgs", pkgs);
>
> String proxy = "64.104.136.241"; //IAS proxy or
> any proxy which is used to configure NTLMV2 authentication
> String port = "8080"; //IAS
> proxy or any proxy port
> System.setProperty("http.proxyHost",proxy);
> System.setProperty("http.proxyPort",port);
>
>
> //
>
> /* if (args == null || args.length < 4) {
> System.out.println("NtlmHttpClient <url> <domain> <user>
> <password>");
> System.exit(1);
> }*/
> // String location = "http://www.cisco.com/";
> String location = "http://www.cisco.com/";
> String domain = "cisco";
> String user = "nagaraja";
> String password = "nagaraja";
>
> // can also specify these in the URL, i.e.
> // http://DOMAIN%5cuser:password@host/dir/file.html
> // which will override these properties
> Config.setProperty("jcifs.smb.client.domain", domain);
> Config.setProperty("jcifs.smb.client.username", user);
> Config.setProperty("jcifs.smb.client.password", password);
> Config.setProperty("jcifs.smb.lmCompatibility ", "3");
> Config.setProperty("jcifs.http.domainController","cisco");
> // Config.setProperty("jcifs.smb.client.useUnicode ", "false");
>
> /* try {
> Config.setProperty("jcifs.netbios.hostname","64.103.135.182");
>
> System.out.println("host
> name"+Config.getProperty("jcifs.netbios.hostname",InetAddress.getLocalHost().getHostName()));
> } catch (Exception ex) { }
> //URL url = new URL(location);*/
>
> URL url = new URL("http://www.cisco.com/");
>
> BufferedReader reader = new BufferedReader(
> new InputStreamReader(url.openStream()));
> String line;
> while ((line = reader.readLine()) != null) {
> System.out.println(line);
> }
> }
>
> }
>
>
>
>
>
>
>
>
>
>
>
> It will be great if some body can help us on this.
>
>
>
>
> --
> View this message in context: http://www.nabble.com/NTLM-V2-authentication-is-failing-with-JCIFS-%28sample-java-program-which-uses-JCIFS-to-contact-the-Proxy-server-with-NTLMV2-authentication%29-tp20360187p20360187.html
> Sent from the Samba - jcifs mailing list archive at Nabble.com.
>
>
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the jcifs
mailing list