[jcifs] NtlmHttpFilter can't find accountname after restarting Tomcat

Fri Jan 16 17:00:39 GMT 2009

Hi all,

I'm using jcifs-1.3.2 and I've got a weird problem using NtlmHttpFilter. 
After a fresh deploy of my war file, the filter works perfectly.  It uses
all the configuration parameters in wex.xml and successfully authenticates
me against the domain controller.  However, if I restart Tomcat the
accountName goes to 'GUEST' and the primaryDomain goes to '?' in the
sessionSetup part of the jcifs logging .  When I reload the webapp, it works
beautifully again.  

I've been googling for two days now and haven't been able to narrow down
where my problem might be.  I know the obvious answer is to not restart
Tomcat but I don't have sole access to the development server.  I'm hoping
that someone here might have some ideas.

These are the entries in web.xml:

<filter-name>NtlmHttpFilter</filter-name>
    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
    <init-param>
        <param-name>jcifs.netbios.wins</param-name>
        <param-value>148.186.120.216,148.186.188.50</param-value>
    </init-param>
     <init-param>
         <param-name>jcifs.smb.client.domain</param-name>
         <param-value>washoe</param-value>
     </init-param>
     <init-param>
         <param-name>jcifs.smb.client.username</param-name>
         <param-value>ldapsvc</param-value>
     </init-param>
    <init-param>
        <param-name>jcifs.smb.client.password</param-name>
        <param-value>password</param-value>
    </init-param> 
    <init-param>
        <param-name>jcifs.util.loglevel</param-name>
        <param-value>4</param-value>
    </init-param>
     <init-param>
        <param-name>jcifs.lmCompatibility</param-name>
        <param-value>0</param-value>
    </init-param>
      <init-param>
        <param-name>jcifs.smb.client.useExtendedSecurity</param-name>
        <param-value>false</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>NtlmHttpFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

This is what jcifs is logging:

#JCIFS PROPERTIES
#Thu Jan 15 16:11:12 PST 2009
java.vendor=Sun Microsystems Inc.
sun.java.launcher=SUN_STANDARD
catalina.base=C\:\\dev\\wtp201\\.metadata\\.plugins\\org.eclipse.wst.server.core\\tmp0
sun.management.compiler=HotSpot Client Compiler
jcifs.netbios.cachePolicy=1200
catalina.useNaming=true
os.name=Windows XP
sun.boot.class.path=C\:\\Program
Files\\Java\\jre1.6.0_03\\lib\\resources.jar;C\:\\Program
Files\\Java\\jre1.6.0_03\\lib\\rt.jar;C\:\\Program
Files\\Java\\jre1.6.0_03\\lib\\sunrsasign.jar;C\:\\Program
Files\\Java\\jre1.6.0_03\\lib\\jsse.jar;C\:\\Program
Files\\Java\\jre1.6.0_03\\lib\\jce.jar;C\:\\Program
Files\\Java\\jre1.6.0_03\\lib\\charsets.jar;C\:\\Program
Files\\Java\\jre1.6.0_03\\classes
sun.desktop=windows
java.vm.specification.vendor=Sun Microsystems Inc.
java.runtime.version=1.6.0_03-b05
user.name=mbradshaw
shared.loader=
tomcat.util.buf.StringCache.byte.enabled=true
jcifs.smb.client.domain=washoe
user.language=en
java.naming.factory.initial=org.apache.naming.java.javaURLContextFactory
sun.boot.library.path=C\:\\Program Files\\Java\\jre1.6.0_03\\bin
jcifs.netbios.wins=148.186.120.216,148.186.188.50
java.version=1.6.0_03
user.timezone=America/Los_Angeles
sun.arch.data.model=32
java.endorsed.dirs=C\:\\tools\\apache-tomcat-6.0.14\\common\\endorsed
sun.cpu.isalist=pentium_pro+mmx pentium_pro pentium+mmx pentium i486 i386
i86
sun.jnu.encoding=Cp1252
file.encoding.pkg=sun.io
package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.,sun.beans.
file.separator=\\
java.specification.name=Java Platform API Specification
java.class.version=50.0
user.country=US
java.home=C\:\\Program Files\\Java\\jre1.6.0_03
java.vm.info=mixed mode
os.version=5.1
jcifs.smb.client.soTimeout=300000
jcifs.smb.client.password=password
path.separator=;
java.vm.version=1.6.0_03-b05
user.variant=
jcifs.smb.client.username=ldapsvc
java.awt.printerjob=sun.awt.windows.WPrinterJob
sun.io.unicode.encoding=UnicodeLittle
jcifs.smb.client.useExtendedSecurity=false
awt.toolkit=sun.awt.windows.WToolkit
jcifs.util.loglevel=4
package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
java.naming.factory.url.pkgs=org.apache.naming
user.home=C\:\\Documents and Settings\\mbradshaw
java.specification.vendor=Sun Microsystems Inc.
jcifs.lmCompatibility=0
java.library.path=C\:\\Program
Files\\Java\\jre1.6.0_03\\bin;.;C\:\\WINDOWS\\Sun\\Java\\bin;C\:\\WINDOWS\\system32;C\:\\WINDOWS;C\:\\Program
Files\\Java\\jre1.6.0_03\\bin\\client;C\:\\Program
Files\\Java\\jre1.6.0_03\\bin;C\:\\Program Files\\PHP\\;C\:\\Program
Files\\Java\\jre1.6.0_03\\bin;C\:\\Program
Files\\Java\\jre1.6.0_03\\bin\\Client;C\:\\Program Files\\ActiveState Komodo
IDE
4\\;C\:\\WINDOWS\\system32;C\:\\WINDOWS;C\:\\WINDOWS\\System32\\Wbem;C\:\\Program
Files\\Microsoft SQL Server\\80\\Tools\\Binn\\;C\:\\Program Files\\Microsoft
SQL Server\\90\\Tools\\binn\\;C\:\\Program Files\\Microsoft SQL
Server\\90\\DTS\\Binn\\;C\:\\Program Files\\Microsoft SQL
Server\\90\\Tools\\Binn\\VSShell\\Common7\\IDE\\;C\:\\informix\\bin;C\:\\Program
Files\\MySQL\\MySQL Server 5.0\\bin;c\:\\php\\;C\:\\Program
Files\\QuickTime\\QTSystem\\;c\:\\ruby\\bin;C\:\\Program Files\\Common
Files\\Business Objects\\3.0\\bin\\;C\:\\Program
Files\\Java\\jre1.6.0_03\\bin;C\:\\Program
Files\\Java\\jre1.6.0_03\\bin\\Client;C\:\\INFORMIX\\BIN
java.vendor.url=http\://java.sun.com/
java.vm.vendor=Sun Microsystems Inc.
common.loader=${catalina.home}/lib,${catalina.home}/lib/*.jar
java.runtime.name=Java(TM) SE Runtime Environment
java.class.path=C\:\\tools\\apache-tomcat-6.0.14\\bin\\bootstrap.jar;C\:\\tools\\apache-tomcat-6.0.14\\bin\\tomcat-juli.jar
java.vm.specification.name=Java Virtual Machine Specification
java.vm.specification.version=1.0
catalina.home=C\:\\tools\\apache-tomcat-6.0.14
sun.cpu.endian=little
sun.os.patch.level=Service Pack 3
java.io.tmpdir=C\:\\DOCUME~1\\MBRADS~1\\LOCALS~1\\Temp\\
java.vendor.url.bug=http\://java.sun.com/cgi-bin/bugreport.cgi
server.loader=
os.arch=x86
java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment
java.ext.dirs=C\:\\Program
Files\\Java\\jre1.6.0_03\\lib\\ext;C\:\\WINDOWS\\Sun\\Java\\lib\\ext
user.dir=C\:\\tools\\wtp201\\eclipse
line.separator=\r\n
wtp.deploy=C\:\\dev\\wtp201\\.metadata\\.plugins\\org.eclipse.wst.server.core\\tmp0\\wtpwebapps
java.vm.name=Java HotSpot(TM) Client VM
file.encoding=Cp1252
java.specification.version=1.6
Jan 15, 2009 4:11:12 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8090
Jan 15, 2009 4:11:12 PM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Jan 15, 2009 4:11:12 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/16  config=null
Jan 15, 2009 4:11:12 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 779 ms
NameQueryRequest[nameTrnId=1,isResponse=false,opCode=QUERY,isAuthAnswer=false,isTruncated=false,isRecurAvailable=false,isRecurDesired=true,isBroadcast=false,resultCode=0,questionCount=1,answerCount=0,authorityCount=0,additionalCount=0,questionName=WASHOE<1C>,questionType=NB,questionClass=IN,recordName=null,recordType=0x0000,recordClass=0x0000,ttl=0,rDataLength=0]
00000: 00 01 01 00 00 01 00 00 00 00 00 00 20 46 48 45  |............ FHE|
00010: 42 46 44 45 49 45 50 45 46 43 41 43 41 43 41 43  |BFDEIEPEFCACACAC|
00020: 41 43 41 43 41 43 41 43 41 43 41 42 4D 00 00 20  |ACACACACACABM.. |
00030: 00 01                                            |..              |

NetBIOS: new data read from socket
NameQueryResponse[nameTrnId=1,isResponse=true,opCode=QUERY,isAuthAnswer=true,isTruncated=false,isRecurAvailable=true,isRecurDesired=true,isBroadcast=false,resultCode=0,questionCount=0,answerCount=1,authorityCount=0,additionalCount=0,questionName=null,questionType=0x0000,questionClass=IN,recordName=WASHOE<1C>,recordType=NB,recordClass=IN,ttl=0,rDataLength=24,addrEntry=[Ljcifs.netbios.NbtAddress;@4204]
00000: 00 01 85 80 00 00 00 01 00 00 00 00 20 46 48 45  |............ FHE|
00010: 42 46 44 45 49 45 50 45 46 43 41 43 41 43 41 43  |BFDEIEPEFCACACAC|
00020: 41 43 41 43 41 43 41 43 41 43 41 42 4D 00 00 20  |ACACACACACABM.. |
00030: 00 01 00 00 00 00 00 18 80 00 94 BA 78 E1 80 00  |...........ºxá..|
00040: 94 BA 78 E1 80 00 94 BA 78 8D 80 00 94 BA C0 37  |.ºxá...ºx....ºÀ7|

SmbComNegotiate[command=SMB_COM_NEGOTIATE,received=false,errorCode=0,flags=0x0018,flags2=0xC003,signSeq=0,tid=0,pid=19458,uid=0,mid=1,wordCount=0,byteCount=12,wordCount=0,dialects=NT
LM 0.12]
New data read: Transport1[WASHOE<1C>/148.186.120.225:0]
00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00  |ÿSMBr......À....|
00010: 00 00 00 00 00 00 00 00 00 00 02 4C 00 00 01 00  |...........L....|

SmbComNegotiateResponse[command=SMB_COM_NEGOTIATE,received=false,errorCode=0,flags=0x0098,flags2=0xC003,signSeq=0,tid=0,pid=19458,uid=0,mid=1,wordCount=17,byteCount=40,wordCount=17,dialectIndex=0,securityMode=0xF,security=user,encryptedPasswords=true,maxMpxCount=50,maxNumberVcs=1,maxBufferSize=16644,maxRawSize=65536,sessionKey=0x00000000,capabilities=0x0001F3FD,serverTime=Thu
Jan 15 16:11:28 PST
2009,serverTimeZone=480,encryptionKeyLength=8,byteCount=40,encryptionKey=0x59C4C2314BF838DA,oemDomainName=WASHOE]
treeConnect: unc=\\WASHOE\IPC$,service=?????
sessionSetup: accountName=GUEST,primaryDomain=?
SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0xC007,signSeq=0,tid=0,pid=19458,uid=0,mid=2,wordCount=13,byteCount=51,andxCommand=0x75,andxOffset=112,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=0,unicodePasswordLength=0,capabilities=4180,accountName=GUEST,primaryDomain=?,NATIVE_OS=Windows
XP,NATIVE_LANMAN=jCIFS]
SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0x0000,signSeq=0,tid=0,pid=19458,uid=0,mid=0,wordCount=4,byteCount=35,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\WASHOE\IPC$,service=?????]
New data read: Transport1[WASHOE<1C>/148.186.120.225:0]
00000: FF 53 4D 42 73 64 00 00 C0 98 07 C0 00 00 9C 97  |ÿSMBsd..À..À....|
00010: 76 B1 79 4A 93 7A 00 00 00 00 02 4C 00 00 02 00  |v±yJ.z.....L....|

SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=The
specified user does not
exist.,flags=0x0098,flags2=0xC007,signSeq=1,tid=0,pid=19458,uid=0,mid=2,wordCount=0,byteCount=0,andxCommand=0xFF,andxOffset=0,isLoggedInAsGuest=false,nativeOs=,nativeLanMan=,primaryDomain=]
Failed validate DC: WASHOE<1C>/148.186.120.225
jcifs.smb.SmbException: The specified user does not exist.
	at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:527)
	at jcifs.smb.SmbTransport.send(SmbTransport.java:629)
	at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:288)
	at jcifs.smb.SmbSession.send(SmbSession.java:233)
	at jcifs.smb.SmbTree.treeConnect(SmbTree.java:161)
	at jcifs.smb.SmbSession.interrogate(SmbSession.java:82)
	at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:114)
	at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
	at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
	at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
	at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
	at java.lang.Thread.run(Unknown Source)

Thanks for any help on this.

-- 
View this message in context: http://www.nabble.com/NtlmHttpFilter-can%27t-find-accountname-after-restarting-Tomcat-tp21503819p21503819.html
Sent from the Samba - jcifs mailing list archive at Nabble.com.