[jcifs] NTLM authentication unreliable

Bill Comer bill.comer at gmail.com
Wed Jan 7 14:12:16 GMT 2009 

I am using jcifs-1.2.25 with spring-security-2.0.4

I have an application which has been running either locally or on test
servers happily authenticating myself
with the companies Active Directory.

Very occasionally for me and almost 100% of the time for other users
authentication will fail with:

05-01-2009 12:12:50 [http-7070-Processor25] DEBUG - /inTray.htm at position
2 of 4 in additional filter chain; firing Filter:
'org.springframework.security.ui.ExceptionTranslationFilter[ order=1400; ]'
05-01-2009 12:12:50 [http-7070-Processor25] DEBUG - /inTray.htm at position
3 of 4 in additional filter chain; firing Filter:
'uk.co.formfill.dfweb.security.DFWebNtlmProcessingFilter[ order=1500; ]'
05-01-2009 12:12:50 [http-7070-Processor25] DEBUG - Processing NTLM Type 3
Message
05-01-2009 12:12:50 [http-7070-Processor25] DEBUG - NTLM negotiation
complete
05-01-2009 12:12:50 [http-7070-Processor25] ERROR - Credentials
FORMFILL\laup were not accepted by the domain controller FF-AD-01<20>/
10.20.1.1
05-01-2009 12:12:50 [http-7070-Processor25] DEBUG - Restarting NTLM
authentication handshake
05-01-2009 12:12:50 [http-7070-Processor25] DEBUG - Authentication exception
occurred; redirecting to authentication entry point
org.springframework.security.ui.ntlm.NtlmBeginHandshakeException: NTLM
    at
uk.co.formfill.dfweb.security.DFWebNtlmProcessingFilter.logon(DFWebNtlmProcessingFilter.java:427)
    at
uk.co.formfill.dfweb.security.DFWebNtlmProcessingFilter.doFilterHttp(DFWebNtlmProcessingFilter.java:344)
    at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

uk.co.formfill.dfweb.security.DFWebNtlmProcessingFilter is a local copy of
NtlmProcessingFilter just to add extra debug.

The Exception is coming from:
2009 11:36:51 [http-7070-Processor24] DEBUG - NTLM negotiation complete
jcifs.smb.SmbAuthException: Access is denied.
    at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:515)
    at jcifs.smb.SmbTransport.send(SmbTransport.java:629)
    at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:288)
    at jcifs.smb.SmbSession.send(SmbSession.java:233)
    at jcifs.smb.SmbTree.treeConnect(SmbTree.java:161)
    at jcifs.smb.SmbSession.logon(SmbSession.java:169)
    at jcifs.smb.SmbSession.logon(SmbSession.java:162)

I have confirmed that the LM_COMPATIBILITY == 0

Possibly not an issue but I was wonderring what the '<20>' is in the log
message.
     05-01-2009 12:12:50 [http-7070-Processor25] ERROR - Credentials
FORMFILL\laup were not accepted by the domain controller FF-AD-01<20>/
10.20.1.1

I have looked at the ActiveDirectory configuration and can see no difference
between myself and other users.

Any thoughts please ?

-- 
Regards
Bill Comer
blog: http://billcomer.blogspot.com/
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list