[jcifs] NtlmHttpFilter issue: jcifs.smb.client.useExtendedSecurity seemingly not recognized

Phillip Rhodes Phillip.Rhodes at redwood.com
Thu Oct 29 11:25:27 MDT 2009


 

Hi all, I have a question that I'm hoping someone can shed some light
on. We are using

NtlmHttpFilter for SSO with our application at a customer.  The server
is Tomcat, and the client OS is Windows XP.  Not sure, ATM, what OS is
the domain controller is running.

This occurs using the latest jcifs.jar, FWIW.

 

We are getting the (seemingly infamous)

"jcifs.smb.client.useExtendedSecurity must be true if
jcifs.smb.lmCompatibility >= 3" error message.  Looking at the archives
from this list suggest that the solution is to set "useExtendedSecurity"
to false and "lmCompatibility" to 0.  However, even with those settings
in place, we still get this same error.  Below is the relevant section
from our web.xml

 

<filter>

    <filter-name>NtlmHttpFilter</filter-name>

    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>

    <init-param>

      <param-name>jcifs.http.domainController</param-name>

      <param-value>10.10.1.15</param-value>

    </init-param>

    <init-param>

      <param-name>jcifs.smb.client.useExtendedSecurity</param-name>

      <param-value>false</param-value>

    </init-param>

    <init-param>

      <param-name>jcifs.smb.lmCompatibility</param-name>

      <param-value>0</param-value>

    </init-param>

  </filter>

 

Can anybody explain why we're still seeing this, even with these
settings in place?  Can it have something to do with the settings on the
domain controller (eg, something there attempting to force NTLMv2
usage)?  Do the client settings (on the XP box) affect this at all?

 

 

Thanks,

 

 

Phillip Rhodes

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/jcifs/attachments/20091029/46a5227d/attachment.html>


More information about the jCIFS mailing list