[jcifs] Authentication denied issue

Barsky, Geora (Contractor) Geora.Barsky at DexOne.com
Tue Feb 1 10:44:38 MST 2011 

Hello, 

Here are some details regarding our problem:

 

Our platform : Java 1.6, Tomcat 6, JCIFS version 1.3.15. We invoke JCIFS
through HttpFilter defined in web.xml

JCIFS configuration:

<filter>

    <filter-name>NtlmHttpFilter</filter-name>

    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>

    <init-param>

        <param-name>jcifs.http.domainController</param-name>

        <param-value><DOMAIN_CONTROLLER></param-value>

    </init-param>

    <init-param>

        <param-name>jcifs.resolveOrder</param-name>

        <param-value>DNS</param-value>

    </init-param>

    <init-param>

        <param-name>jcifs.http.loadBalance</param-name>

        <param-value>false</param-value>

    </init-param>

    <init-param>

        <param-name>jcifs.smb.client.domain</param-name>

        <param-value><DOMAIN></param-value>

    </init-param>

    <init-param>

        <param-name>jcifs.smb.client.username</param-name>

        <param-value><JCIFS_PRE_AUTHENTICATION_USER></param-value>

    </init-param>

    <init-param>

        <param-name>jcifs.smb.client.password</param-name>

        <param-value><JCIFS_PRE_AUTHENTICATION_PWD></param-value>

    </init-param>

    <init-param>

        <param-name>jcifs.util.loglevel</param-name>

        <param-value>3</param-value>

    </init-param>

</filter>

 

 

Using version 1.2.17, we sporadically experienced the problem during the
authentication
for some users, while other users are authenticated successfully at the
same time. The error message is :  "jcifs.smb.SmbAuthException: Access
is denied".
After upgrade to 1.3.15 we get now another  exception:

"jcifs.smb.SmbException: NTLMv2 requires extended security
(jcifs.smb.client.useExtendedSecurity must be true if
jcifs.smb.lmCompatibility >= 3)", 

regardless that we don't override any of these two settings and by
default they should be :

jcifs.smb.lmCompatibility = 0 

jcifs.smb.client.useExtenededSecurity = false

 

Please advise what might be a reason for this exception?

 

We also suspect that possible reason for our authentication failures
might be JCIFS caching mechanism.

We see that there are three relevant parameters:

jcifs.smb.client.soTimeout

jcifs.smb.client.responseTimeout

jcifs.netbios.cachePolicy

 

Please advise whether caching might be one of causes to authentication
failures and what are the recommended values for these settings.

 

Thanks

Geora

 

 
 
 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/jcifs/attachments/20110201/e2278b9e/attachment.html>

More information about the jCIFS mailing list