[jcifs] JCIFS authentication: errorCode=The parameter is incorrect.
André Warnier
aw at ice-sa.com
Mon Sep 20 12:31:36 MDT 2010
mbeedell wrote:
> I am using jCifs HTTP authentication module. It has been working OK in the
> target environment for some time. The jCIFS version was 1.2.1.
>
...
>
> Users connect from a Windows Server 2007 Enterprise Terminal Server user
> instance with Internet Explorer 8. The web site has been specified as a
> Trusted Site. Nothing has changed on the Terminal Servers or domain
> controller.
>
> A user on a Windows 2003 Server, interestingly, performs SSO without issue.
>
Hi.
I respond to this as a former user of the JCIFS HTTP filter, having since switched to
Jespa. I am not one of the jCIFS developers.
First, I believe that you should read the blue message that is at the top of the jCIFS
HTTP filter page. I believe that this message has been there for several years, yet there
are constantly people keeping asking the same questions. As a result, the original
developers of that filter are so tired of answering the same questions ever again, that
they mostly just ignore them nowadays.
Personally, I believe that your problem originates in what you write above : the win2007
servers, by defaut, will require user workstations to use the NTLMv2 authentication
mechanism, which the jCIFS HTTP filter does not, and cannot support.
The users on the win2003 servers still do fine, because in that case, the server only
requires NTLMv1.
NTLMv2 has been the default for all Windows servers and workstations for a while now, and
newer versions will probably *only* support NTLMv2.
So basically, you do not have a choice: the jCIFS HTTP filter will not work anymore in an
increasing number of cases, and it will never be upgraded to work with NTLMv2.
What you decide to switch to, as an authentication method, is up to you. There are
probably other solutions available than Jespa.
But if you have used the jCIFS filter so far, Jespa is an almost plugin replacement.
As a user, I can tell you that for my corporate customers, it works flawlessly.
Anyway, take this as friendly advice : do not spend more time looking for a solution with
the jCIFS HTTP filter, because in reality there isn't any. The earlier you accept this
and find another mechanism, the less time you will lose in the end.
More information about the jCIFS
mailing list