[jcifs] Logon failure: unknown user name or bad password
Michael B Allen
ioplex at gmail.com
Tue Jul 26 20:59:24 MDT 2011
On Tue, Jul 26, 2011 at 1:31 PM, Jason Millard <jsm174 at gmail.com> wrote:
>> I captured all the traffic with wireshark. I'm going to start going
>> through it now.
>>
>>
>> Thanks,
>> -- Jason
>>
>
> After going through the logs, I noticed in WireShark that the servers
> that work, all report back NTLMSSP during the Negotiate Protocol
> Response:
>
> mechTypes: 4 items
> MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
> MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
> MechType: 1.2.840.113554.1.2.2.3 (KRB5 - Kerberos 5 - User to User)
> MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security
> Support Provider)
>
> The server the does not work does not return does not:
>
> mechTypes: 3 items
> MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
> MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
> MechType: 1.2.840.113554.1.2.2.3 (KRB5 - Kerberos 5 - User to User)
Well that explains it. The server simply does not offer NTLM.
However I have NEVER heard of a server that does not support NTLM.
Kerberos does not work if the client does not have access to a DC, if
DNS isn't exactly right or if time is not synchronized on all
machines. And this is not a complete list of requirements for Kerberos
to work. So I'm mildly shocked that this server does not do NTLM.
What is the server? Is it Windows? Or is it some kind of appliance?
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
More information about the jCIFS
mailing list