[jcifs] Domain based DFS support in Kerberos code, or NTLMv2
support in Java 1.4?
Michael B Allen
ioplex at gmail.com
Wed Feb 25 17:50:34 GMT 2009
On Wed, Feb 25, 2009 at 12:49 PM, Michael B Allen <ioplex at gmail.com> wrote:
> On Wed, Feb 25, 2009 at 11:48 AM, Darren Taft <daztop at rocketmail.com> wrote:
>>
>>> > I'm using a Java 1.4 environment (WebLogic 8.1.4) that I cannot upgrade.
>>> > I've been having issues connecting to a specific server using JCIFS,
>>> > so I've been trying different JCIFS versions. See the following results:
>>> >
>>> > jcifs-1.2.25.jar - works for Domain-Based DFS, but doesn't work when
>>> > connecting to the "fault" server.
>>> > jcifs-krb5-1.3.1.jar - doesn't work for Domain-Based DFS, but does work
>>> > when connecting to any server (including "fault" server).
>>> > jcifs-1.3.3.jar - doesn't work in a Java 1.4 environment (requires some
>>> > Java 1.5 classes)
>>> >
>>> > Based on the above results, I'm assuming that the "fault" server is either
>>> > using NTLMv2 or Kerberos for authentication (for which jcifs-krb5-1.3.1.jar
>>> > includes support for both) - would that be a valid assumption? The other
>>> > possibility is that there's a bug fix somewhere in the 1.3.1 code that just
>>> > happens to be resolving the fault.
>>> >
>>> > So based on the above assumption, how can I get both domain-based DFS and
>>> > this "fault" server working? i.e. I need a JAR that includes the
>>> > NTLMv2/Kerberos (I don't know how to tell which one it's using) and/or the
>>> > possible fix, and the Domain-Based DFS.
>>> >
>>> > Anyone have any ideas?
>>>
>>> What's the "fault"?
>>
>> I wish I knew.
>>
>> If I provide a path of: \\SERVERNAME\ it lists all the shares that are available, but if I try and
>> access any of them it fails with this error:
>>
>> jcifs.smb.SmbException: Transport0 timedout waiting for response to
>> SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=4736,uid=6147,mid=19,wordCount=4,byteCount
>> =63,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\SERVERNAME\SHARE
>> NAME,service=?????]
>> jcifs.util.transport.TransportException: Transport0 timedout waiting for response to
>> SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=4736,uid=6147,mid=19,word
>> Count=4,byteCount=63,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\SERVERNAME\SHARE
>> NAME,service=?????]
>> at jcifs.util.transport.Transport.sendrecv(Transport.java:76)
>>
>> Note - the SHARE NAME does contain a space (I don't know if that makes any difference).
>>
>> It's definitely not a timeout issue though - the server responds within a reasonable time from
>> Windows, and with jcifs-krb5-1.3.1.jar it responds within a few seconds.
>>
>>> NTLMv2 needs the RC4 cipher. That is only supported by Java 1.5 upate
>>> 7 or later or another version of Java with a different crypto package
>>> like bounty castle.
>>
>> I'm using jrockit81sp4_142_05 - I don't know if that includes RC4 support.
>
> My guess is that is your problem. Does the issue occur without this
> JVM? Does it work with that JVM and another server?
>
> I doubt that a timeout issue has anything to do with RC4 or NTLMv2.
> It's more likely a VM or environmental issue. You'll need to get a
> thread dump, try different VMs, servers and hosts machines to identify
> the pattern.
PS: Please send all messages through the JCIFS mailing list.
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
More information about the jcifs
mailing list