[jcifs] Need help with failed logins

Asaf Mesika asaf.mesika at gmail.com
Thu Apr 9 22:25:49 GMT 2009

On Thu, Apr 9, 2009 at 4:52 PM, MStreck <mark.strecker at siemens.com> wrote:

> Hello All,
> We are using the filter in production and have a couple of situations where
> people cannot login ... for everyone else it is working great. I am not
> sure
> how to debug this and need some guidance.
> I re-read the docs and
> http://jcifs.samba.org/src/docs/ntlmhttpauth.html#transparent implies that
> if something isn't setup correctly with IE or using Linux or MacOS would
> give the login box and they would be able to login. If I use Firefox, this
> is exactly what happens. So, I expected the same from non-MS OSs.
> The first situation is someone cannot login from MacOS. I also tried Linux
> with Konquerer and that also fails. What happens is that it just has a
> blank
> window and the browser says that it is waiting for a reply. I turned the
> jcifs logging to 10 and there is no output. I also turned on insecureBasic
> to see if that would work and it's exactly the same as before.(Yes, I
> restarted JBoss after I deployed the change.)
I never heard that it ever worked with non MS OS. I think FireFox have an
integrated code which uses some Windows OS calls to prepare the hashed
password for the 3rd response in the handshake.

> The second situation is that IE fails to login. This is limited to about 5
> machines and if they use Firefox, they can login. I also turned the logging
> to 10 and the communication from the browser stopped after the second
> request/response and just never sent the request for step 3 in the
> negotiation. It then displays the IE error page.
> We tried to set the DisableNTLMPreAuth describes in the FAQ and that didn't
> work. We haven't tried adding the website to the local intranet trusted
> sites ... but I don't have that in my IE and mine works.
Hmm, I think you should start by using WireShark and write down the packets
sent and received between the internet explorer (client) computer and your
Once I have that I can continue on to help you out.

> So, I am not sure what to do to debug these problems. Here is my config :
> jcifs 1.3.8
> Authenticating against a Win2k3 server
> <filter>
>  <filter-name>NtlmHttpFilter</filter-name>
>  <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>  <init-param>
>   <param-name>jcifs.http.domainController</param-name>
>   <param-value>OMITTED</param-value>
>  </init-param>
>  <init-param>
>   <param-name>jcifs.http.controllerTimeout</param-name>
>   <param-value>20</param-value>
>  </init-param>
>  <init-param>
>   <param-name>jcifs.util.loglevel</param-name>
>   <param-value>10</param-value>
>  </init-param>
>  <!--
>                always needed for preauthentication / SMB signatures
>        -->
>  <init-param>
>   <param-name>jcifs.smb.client.domain</param-name>
>   <param-value>MYDOMAIN</param-value>
>  </init-param>
>    <init-param>
>        <param-name>jcifs.smb.client.username</param-name>
>        <param-value>someuser</param-value>
>    </init-param>
>    <init-param>
>        <param-name>jcifs.smb.client.password</param-name>
>        <param-value>somepassword</param-value>
>    </init-param>
>  </filter>
> Any help would be greatly appreciated. TIA
> --
> View this message in context:
> http://www.nabble.com/Need-help-with-failed-logins-tp22971401p22971401.html
> Sent from the Samba - jcifs mailing list archive at Nabble.com.
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list