[jcifs] Need help with failed logins

MStreck mark.strecker at siemens.com
Thu Apr 9 13:52:33 GMT 2009 

Hello All,

We are using the filter in production and have a couple of situations where
people cannot login ... for everyone else it is working great. I am not sure
how to debug this and need some guidance.

I re-read the docs and
http://jcifs.samba.org/src/docs/ntlmhttpauth.html#transparent implies that
if something isn't setup correctly with IE or using Linux or MacOS would
give the login box and they would be able to login. If I use Firefox, this
is exactly what happens. So, I expected the same from non-MS OSs.

The first situation is someone cannot login from MacOS. I also tried Linux
with Konquerer and that also fails. What happens is that it just has a blank
window and the browser says that it is waiting for a reply. I turned the
jcifs logging to 10 and there is no output. I also turned on insecureBasic
to see if that would work and it's exactly the same as before.(Yes, I
restarted JBoss after I deployed the change.)

The second situation is that IE fails to login. This is limited to about 5
machines and if they use Firefox, they can login. I also turned the logging
to 10 and the communication from the browser stopped after the second
request/response and just never sent the request for step 3 in the
negotiation. It then displays the IE error page.
We tried to set the DisableNTLMPreAuth describes in the FAQ and that didn't
work. We haven't tried adding the website to the local intranet trusted
sites ... but I don't have that in my IE and mine works.

So, I am not sure what to do to debug these problems. Here is my config :
jcifs 1.3.8
Authenticating against a Win2k3 server
<filter>
  <filter-name>NtlmHttpFilter</filter-name>
  <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
  
  <init-param>
   <param-name>jcifs.http.domainController</param-name>
   <param-value>OMITTED</param-value>
  </init-param>
  <init-param>
   <param-name>jcifs.http.controllerTimeout</param-name>
   <param-value>20</param-value>
  </init-param>
  <init-param>
   <param-name>jcifs.util.loglevel</param-name>
   <param-value>10</param-value>
  </init-param>
  <!--
   		always needed for preauthentication / SMB signatures
   	-->
  <init-param>
   <param-name>jcifs.smb.client.domain</param-name>
   <param-value>MYDOMAIN</param-value>
  </init-param>
    <init-param>
        <param-name>jcifs.smb.client.username</param-name>
        <param-value>someuser</param-value>
    </init-param>
    <init-param>
        <param-name>jcifs.smb.client.password</param-name>
        <param-value>somepassword</param-value>
    </init-param>
 </filter>

Any help would be greatly appreciated. TIA
-- 
View this message in context: http://www.nabble.com/Need-help-with-failed-logins-tp22971401p22971401.html
Sent from the Samba - jcifs mailing list archive at Nabble.com.

More information about the jcifs mailing list