[jcifs] Occasionally NTLM Filter fails...Please Help.
jbaker at javasystemsolutions.com
Wed May 20 21:32:49 GMT 2009
The NtlmFilter doesn't do an awful lot - it's mostly jcifs core code and in
answer to your question:
grep -r \"jcifs.smb.client.domain\" *
jcifs/ntlmssp/Type1Message.java: DEFAULT_DOMAIN =
jcifs/ntlmssp/Type2Message.java: DEFAULT_DOMAIN =
jcifs/ntlmssp/Type3Message.java: DEFAULT_DOMAIN =
jcifs/http/NtlmHttpFilter.java: defaultDomain =
jcifs/http/NetworkExplorer.java: defaultDomain =
jcifs/http/NtlmServlet.java: defaultDomain =
jcifs/smb/NtlmPasswordAuthentication.java: DEFAULT_DOMAIN =
So, I can count three classes that are HTTP/NtlmFilter (?) speciifc, and five
that are not. Or perhaps they are all NtlmFilter specific?
In answer to your question, I set the jcifs.smb.client.domain to the domain
name, and I set the jcifs.netbios.wins and jcifs.http.domainController to the
hostname/IP of the domain controller. I also set the username/password for
pre-auth, and the filter mostly works.
I could figure out a percentage of core jcifs code in the NtlmFilter if I had
a little more time, but a little bit of work with Eclipse and "show
references to" will answer the question for you.
However, the error you report (user/pass failure) is something I've already
posted about, and I'm still not convinced it's the fault of the filter, but a
bug in the jcifs core code. See previous post (Sunday) for my odd findings.
On Wednesday 20 May 2009 22:10:05 you wrote:
> Thanks. no problem. I will try to take a look at the code as well to get
> some understanding.
> However, has anybody else in this forum tried out working only with
> jcifs.smb.client.domain property and see any issues/risks please?
> Michael B Allen wrote:
> > Again, it's literally been like 7 years since I've even looked at the
> > HTTP Filter code so I'm really not qualified to answer questions about
> > it. I know how it interacts with the CIFS code and it's security
> > limitations but otherwise I try to ignore all JCIFS filter questions.
> > Good luck,
> > Mike
> > On Wed, May 20, 2009 at 6:14 AM, shivsn <shivsn2008 at yahoo.com> wrote:
> >> Thanks for the repsonse. In that case is it advisable that I use ONLY
> >> jcifs.smb.client.domain property (i.e. (i.e. I use neither
> >> jcifs.smb.client.domainController or jcifs.netbios.wins). Which domain
> >> controller will this set up use to authenticate against and are their
> >> any risk with this?
> >> This URL
> >> (http://eckhart.stderr.org/doc/libjcifs-java-doc/ntlmhttpauth.html)
> >> says "Either a jcifs.smb.client.domain or
> >> jcifs.smb.client.domainController
> >> property is required". 90% of my users belong to one specific domain
> >> while
> >> others are third party users and need not require SSO.
> >> Thanks,
> >> Shiv.
> >> Michael B Allen wrote:
> >>> On Tue, May 19, 2009 at 11:42 AM, shivsn <shivsn2008 at yahoo.com> wrote:
> >>>> Thanks Mike.
> >>>> I have another small question if you could please answer.
> >>>> Currently we are using jcifs.netbios.wins as jcifs param and seeing
> >>>> this
> >>>> issue. We noticed that when we use the DC (not WINS) the problem goes
> >>>> away.
> >>>> We tried jcifs.http.domainController and it works. Not sure why??
> >>> Honestly I don't even remember how to use the filter. I haven't tried
> >>> it in many many years.
> >>>> My quesiton is regarding jcifs.http.domainController - can you please
> >>>> let
> >>>> me
> >>>> know if I can provide 2 (or more) DC seperated by commas i.e. if one
> >>>> of the
> >>>> DC is down will it take the second one (similar to jcifs.netbios.wins
> >>>> parameter where we have provision to provide more than one WINS)?
> >>> No but there is a patch for that in the patches directory. Not sure if
> >>> it actually works though.
> >>>> If not,
> >>>> then what happens if the DC entered for this jcifs parameter is down?
> >>> You'll get a big exception and it will fail miserably.
> >>> Mike
> >>> --
> >>> Michael B Allen
> >>> Java Active Directory Integration
> >>> http://www.ioplex.com/
> >> --
> >> View this message in context:
> >> http://www.nabble.com/Occasionally-NTLM-Filter-fails...Please-Help.-tp17
> >>262705p23632650.html Sent from the Samba - jcifs mailing list archive at
> >> Nabble.com.
> > --
> > Michael B Allen
> > Java Active Directory Integration
> > http://www.ioplex.com/
More information about the jcifs