[jcifs] JCIFS and Windows 7

AJ Weber aweber at comcast.net
Thu Oct 13 09:21:38 MDT 2011 

I know this is slightly OT, but,
Has anyone tried the ioplex filter with the sample/local authentication 
option for testing (their MyNtlmSecurityProvider)?  No matter what I 
try, it doesn't like the properties I've supplied, and ioplex isn't 
responding to my emails.

In particular, it currently complains that:
Authentication failed: Property not set or constructed: domain.dns.name

But during startup, it clearly finds this property in my properties 
file, and I have tried setting this to a FQDN, a Netbios Name 
(hostname), and just the dns suffix.  Regardless, it doesn't think it is 
right.

I like the idea of using their OOTB solution and paying for it, but if 
they won't respond to a valid request for eval support, I can't imagine 
shelling-out the money with that experience.

Thanks,
AJ


On 4/30/2010 10:28 AM, André Warnier wrote:
> Melinda wrote:
>> André Warnier <aw <at> ice-sa.com> writes:
>>
>>> Sudhakar M Santhanam wrote:
>>>> I am currently using JCIFS 1.3.14 and I am encountering this 
>>>> problem 'The
>> parameter is incorrect.'  I am
>>> using a Servlet filter to intercept request from browsers to 
>>> authenticate
>> users using JCIFS. While this
>>> works perfectly fine on Windows XP without any problems, the filter 
>>> fails to
>> authenticate users if
>>> requests come from browsers on Windows 7.
>>>> I have given below the snap shot of the stack trace from the server 
>>>> logs.
>>>>
>>>> Does anyone know a solution to this problem?
>>>>
>>> There isn't any.
>>> You apparently failed to read the notice at the top of the page for 
>>> the jCIFS HTTP filter.
>>>
>>>
>> Can you provide the link to the "page for the jCIFS HTTP filter" that 
>> you eluded
>> to in your response above?  I went to the JCIFS home page: 
>> http://jcifs.samba.org/ but cannot find this page and I could not 
>> find a search
>> on this page to look for windows 7.  I am also having to find a way 
>> to make this
>> work with Windows 7 by next month and wondered if that is not 
>> possible with
>> jcifs or not.  A response would be appreciated.  Thanks.
>>
> http://jcifs.samba.org/src/docs/ntlmhttpauth.html
>
> To make a long story short, and really in the spirit of avoiding you 
> all losing time on ultimately unproductive research :
> Go to www.ioplex.com, download the Jespa filter and try it (that is 
> free).  It is also free up to, as far as I recall, 25 Windows user-ids.
> It is possible that there exist other similar modules out there, but I 
> do not know any, and I am happy with Jespa and its support so far.
> It is almost an out-of-the-box replacement for the jCIFS filter, it 
> works with NTLMv2, it has additional features, it is developed and 
> supported, and it is not expensive.
>
> The reason (as also indicated in the top blue note on the above page) 
> : most recent installations (or upgrades) of Windows networks by 
> default use NTLMv2, which is a more secure version of the basic (v1) 
> Windows NTLM authentication mechanism. By default, Windows Vista and 
> Windows 7 are set up to use the NTLMv2 version if available.
> The jCIFS NTLM HTTP filter does not support NTLMv2, and never will, 
> because it is no longer being developed/maintained.
>
> To make the jCIFS filter work nowadays, you would need to have all of 
> the following conditions in place :
> - all workstations still support NTLMv1
> - all Domain Controllers still support and admit NTLMv1
> - you can convince the network admins to "force" NTLMv1 authentication 
> if needed
> If you can achieve that, fine. But the chances of achieving that are 
> low and diminishing over time.
>
> So, it is *possible*, if you have installed and are testing the jCIFS 
> NTLM HTTP filter, that in the particular case of the Windows network 
> and Windows workstations which you have been testing/using so far, 
> NTLMv1 is still in use, and consequently that the jCIFS filter still 
> works.  (I have still a couple of customers who use it, and so far it 
> works for them; they are not yet using Vista or Windows 7.)
> But it is unpredictable and you cannot count on it in the future : any 
> future Windows update to the workstations, or to the Domain 
> Controllers, or to the "network policies" in place at such a site, 
> could make it so that it suddenly stops working.
> And if that happens, there is nothing to do about it with the jCIFS 
> filter, because there is nobody developing or supporting it anymore.
>
>
>

More information about the jCIFS mailing list