[jcifs] Very generic question about NTLM HTTP authentication

Michael B Allen ioplex at gmail.com
Mon Feb 9 01:46:32 GMT 2009

On Sun, Feb 8, 2009 at 8:15 PM, André Warnier <aw at ice-sa.com> wrote:
> I have a couple of additional questions :
> Referring to this section : http://jcifs.samba.org/src/docs/faq.html#ntlmv2
> a) in item 2. , what does the term "target server" refer to ? Is that the
> Tomcat host ? or the DC ?

It means the jcifs.http.domainController. Note that stuff about LMv2
is bogus. When the FAQ was written it was theorized that the LMv2
business might work. It won't. I really should update the FAQ. It's
very old.

> b) in the case in which I am having problems, the Vista/IE combination does
> not work, but the XP/IE combination is still working. The Tomcat server is
> the same, the jCIFS module is the same, and the DC is the same.  So I have
> to assume that it is the Vista/IE combination which does something
> differently. Do you know what it could be ?

The Vista clients are set to do NTLMv2 only. But the XP clients are
not. That doesn't surprise me.

Run regedit on each client and look at
HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel. Is it
set to 3 or above? If so, NTLMv2 is required and thus the JCIFS NTLM
HTTP Filter cannot be used.


Michael B Allen
Java Active Directory Integration

More information about the jcifs mailing list