[jcifs] NTLM V2 authentication is failing with JCIFS (sample java program which uses JCIFS to contact the Proxy server with NTLMV2 authentication)

Nagaraja Joshi joshinagaraja at rediffmail.com
Fri Nov 7 08:19:56 GMT 2008


Hi Mike,

We need(have a requirement for) NTLM V2 authention with the proxy server
using the jcifs.

We tried your suggestion of setting the Just set jcifs.lmCompatibility  and
extended secutiry for NTLMV1 its giving the same problem.

We are using the jcifs_1.3.0 jar file for our work.

When we debugged with packet capture with wireshark we found that always the
jcifs client communicates with the different username and password (its not
taking the username and password which we have put in our program for the
proxy)

i.e when we set the   Config.setProperty("jcifs.smb.client.username", user);
>       Config.setProperty("jcifs.smb.client.password", password);

in our program its not taking the same when negotiating with the proxy
server ,,,so the proxy server is always denying the request for the webpage.


Regards,
Nagaraja



Michael B Allen wrote:
> 
> Hi Nagaraja,
> 
> Just set jcifs.lmCompatibility = 0 and
> jcifs.smb.client.useExtendedSecurity = false. That should cause JCIFS
> to use the old NTLMv1 behavior which is known to work with
> NtlmHttpURLConnection.
> 
> I have made a note of the NtlmHttpURLConnection w/ NTLMv2 issue but I
> have not addressed anything in the jcifs.http* packages as they will
> be removed in JCIFS 2.x. If I happen-stance across the issue I will
> fix it in 1.3 but otherwise, at this point, it is only important to
> JCIFS that NTLMv2 work correctly with the CIFS protocol. The other
> HTTP protocol stuff is only supported with NTLMv1. Instead, JCIFS will
> expose the NTLM implementation (v1 and v2) sufficiently so that other
> projects can handle other protocols. For example, the Apache HTTP
> client could use JCIFS to implement proper NTLM authentication
> behavior and in fact already does use some JCIFS code (albeit rather
> sloppily).
> 
> However, this issue sounds like it could be a problem with the NTLMv2
> code in general. If you would like to send me a packet capture, I will
> make sure that the NTLMv2 code can handle the various NTLMSSP flags
> and target information. That may or may not fix this issue.
> 
> Mike
> 
> On Thu, Nov 6, 2008 at 7:35 AM, Nagaraja Joshi
> <joshinagaraja at rediffmail.com> wrote:
>>
>> Hi,
>>
>> We are using a sample java program which uses JCIFS library to
>> communicate
>> using NTLMV2 authentication to a proxy server.
>>
>> Also we are using the proxy server credentails to communicate through our
>> sample program (i.e IAS proxy which uses NTLMV2 Authentication)
>>
>> However we are facing this issue when we execute the sample program :
>>
>> Exception in thread "main" java.lang.NullPointerException
>>        at
>> jcifs.smb.NtlmPasswordAuthentication.getNTLMv2Response(NtlmPasswordAuthentication.java:246)
>>        at
>> jcifs.ntlmssp.Type3Message.getNTLMv2Response(Type3Message.java:584)
>>        at jcifs.ntlmssp.Type3Message.<init>(Type3Message.java:229)
>>        at
>> jcifs.http.NtlmHttpURLConnection.attemptNegotiation(NtlmHttpURLConnection.java:566)
>>        at
>> jcifs.http.NtlmHttpURLConnection.doHandshake(NtlmHttpURLConnection.java:452)
>>        at
>> jcifs.http.NtlmHttpURLConnection.handshake(NtlmHttpURLConnection.java:103)
>>        at
>> jcifs.http.NtlmHttpURLConnection.getInputStream(NtlmHttpURLConnection.java:240)
>>        at java.net.URL.openStream(Unknown Source)
>>        at JCIFS.main(JCIFS.java:60)
>>
>> The above problem is caused due to  targetInfo value passed to the public
>> static byte[] getNTLMv2Response( ) method of the
>> NtlmPasswordAuthentication.java file becoming null.
>>
>> The following line is causing the issue :
>>
>> byte[] temp = new byte[28 + targetInfo.length];  //here targetInfo is
>> becoming null.
>>
>> Heres the Sample Program which we used to execute the same :
>>
>>
>>
>> import java.io.*;
>>
>> import java.net.*;
>>
>> import jcifs.*;
>>
>> public class JCIFS {
>>
>>    public static void main(String[] args) throws Exception {
>>
>>        // Normally set this outside application.
>>        // Note that as a side effect due to the way handlers are located,
>>        // you can also achieve this by simply doing:
>>           Config.registerSmbURLHandler();
>>        // which we already do to register the smb handler.
>>       // String pkgs = System.getProperty("java.protocol.handler.pkgs");
>>       // pkgs = (pkgs != null) ? "http|" + pkgs : "http";
>>        //System.setProperty("java.protocol.handler.pkgs", pkgs);
>>
>>           String proxy = "64.104.136.241";                 //IAS proxy or
>> any proxy which is used to configure NTLMV2 authentication
>>           String port = "8080";                                   //IAS
>> proxy or any proxy port
>>           System.setProperty("http.proxyHost",proxy);
>>           System.setProperty("http.proxyPort",port);
>>
>>
>>        //
>>
>>      /*  if (args == null || args.length < 4) {
>>            System.out.println("NtlmHttpClient <url> <domain> <user>
>> <password>");
>>            System.exit(1);
>>        }*/
>>      // String location = "http://www.cisco.com/";
>>       String location = "http://www.cisco.com/";
>>        String domain = "cisco";
>>        String user = "nagaraja";
>>        String password = "nagaraja";
>>
>>        // can also specify these in the URL, i.e.
>>        //     http://DOMAIN%5cuser:password@host/dir/file.html
>>        // which will override these properties
>>       Config.setProperty("jcifs.smb.client.domain", domain);
>>        Config.setProperty("jcifs.smb.client.username", user);
>>       Config.setProperty("jcifs.smb.client.password", password);
>>        Config.setProperty("jcifs.smb.lmCompatibility ", "3");
>>        Config.setProperty("jcifs.http.domainController","cisco");
>>      //  Config.setProperty("jcifs.smb.client.useUnicode ", "false");
>>
>>       /* try {
>>               
>> Config.setProperty("jcifs.netbios.hostname","64.103.135.182");
>>
>>            System.out.println("host
>> name"+Config.getProperty("jcifs.netbios.hostname",InetAddress.getLocalHost().getHostName()));
>>        } catch (Exception ex) { }
>>        //URL url = new URL(location);*/
>>
>>        URL url = new URL("http://www.cisco.com/");
>>
>>        BufferedReader reader = new BufferedReader(
>>                new InputStreamReader(url.openStream()));
>>        String line;
>>        while ((line = reader.readLine()) != null) {
>>            System.out.println(line);
>>        }
>>    }
>>
>> }
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> It will be great if some body can help us on this.
>>
>>
>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/NTLM-V2-authentication-is-failing-with-JCIFS-%28sample-java-program-which-uses-JCIFS-to-contact-the-Proxy-server-with-NTLMV2-authentication%29-tp20360187p20360187.html
>> Sent from the Samba - jcifs mailing list archive at Nabble.com.
>>
>>
> 
> 
> 
> -- 
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/
> 
> 

-- 
View this message in context: http://www.nabble.com/NTLM-V2-authentication-is-failing-with-JCIFS-%28sample-java-program-which-uses-JCIFS-to-contact-the-Proxy-server-with-NTLMV2-authentication%29-tp20360187p20376260.html
Sent from the Samba - jcifs mailing list archive at Nabble.com.



More information about the jcifs mailing list