[jcifs] JCIFS and Windows 7
aweber at comcast.net
Thu Oct 13 09:21:38 MDT 2011
I know this is slightly OT, but,
Has anyone tried the ioplex filter with the sample/local authentication
option for testing (their MyNtlmSecurityProvider)? No matter what I
try, it doesn't like the properties I've supplied, and ioplex isn't
responding to my emails.
In particular, it currently complains that:
Authentication failed: Property not set or constructed: domain.dns.name
But during startup, it clearly finds this property in my properties
file, and I have tried setting this to a FQDN, a Netbios Name
(hostname), and just the dns suffix. Regardless, it doesn't think it is
I like the idea of using their OOTB solution and paying for it, but if
they won't respond to a valid request for eval support, I can't imagine
shelling-out the money with that experience.
On 4/30/2010 10:28 AM, André Warnier wrote:
> Melinda wrote:
>> André Warnier <aw <at> ice-sa.com> writes:
>>> Sudhakar M Santhanam wrote:
>>>> I am currently using JCIFS 1.3.14 and I am encountering this
>>>> problem 'The
>> parameter is incorrect.' I am
>>> using a Servlet filter to intercept request from browsers to
>> users using JCIFS. While this
>>> works perfectly fine on Windows XP without any problems, the filter
>>> fails to
>> authenticate users if
>>> requests come from browsers on Windows 7.
>>>> I have given below the snap shot of the stack trace from the server
>>>> Does anyone know a solution to this problem?
>>> There isn't any.
>>> You apparently failed to read the notice at the top of the page for
>>> the jCIFS HTTP filter.
>> Can you provide the link to the "page for the jCIFS HTTP filter" that
>> you eluded
>> to in your response above? I went to the JCIFS home page:
>> http://jcifs.samba.org/ but cannot find this page and I could not
>> find a search
>> on this page to look for windows 7. I am also having to find a way
>> to make this
>> work with Windows 7 by next month and wondered if that is not
>> possible with
>> jcifs or not. A response would be appreciated. Thanks.
> To make a long story short, and really in the spirit of avoiding you
> all losing time on ultimately unproductive research :
> Go to www.ioplex.com, download the Jespa filter and try it (that is
> free). It is also free up to, as far as I recall, 25 Windows user-ids.
> It is possible that there exist other similar modules out there, but I
> do not know any, and I am happy with Jespa and its support so far.
> It is almost an out-of-the-box replacement for the jCIFS filter, it
> works with NTLMv2, it has additional features, it is developed and
> supported, and it is not expensive.
> The reason (as also indicated in the top blue note on the above page)
> : most recent installations (or upgrades) of Windows networks by
> default use NTLMv2, which is a more secure version of the basic (v1)
> Windows NTLM authentication mechanism. By default, Windows Vista and
> Windows 7 are set up to use the NTLMv2 version if available.
> The jCIFS NTLM HTTP filter does not support NTLMv2, and never will,
> because it is no longer being developed/maintained.
> To make the jCIFS filter work nowadays, you would need to have all of
> the following conditions in place :
> - all workstations still support NTLMv1
> - all Domain Controllers still support and admit NTLMv1
> - you can convince the network admins to "force" NTLMv1 authentication
> if needed
> If you can achieve that, fine. But the chances of achieving that are
> low and diminishing over time.
> So, it is *possible*, if you have installed and are testing the jCIFS
> NTLM HTTP filter, that in the particular case of the Windows network
> and Windows workstations which you have been testing/using so far,
> NTLMv1 is still in use, and consequently that the jCIFS filter still
> works. (I have still a couple of customers who use it, and so far it
> works for them; they are not yet using Vista or Windows 7.)
> But it is unpredictable and you cannot count on it in the future : any
> future Windows update to the workstations, or to the Domain
> Controllers, or to the "network policies" in place at such a site,
> could make it so that it suddenly stops working.
> And if that happens, there is nothing to do about it with the jCIFS
> filter, because there is nobody developing or supporting it anymore.
More information about the jCIFS