[jcifs] NTLM version help

Bret Comstock Waldow bcw1000 at yahoo.com
Thu Oct 20 04:47:31 MDT 2011


I'm newly assigned to support a java app that runs on Windows only and
uses jCIFS.  Authentication is against an Active Directory server via
NTLM, and it appears to be single-sign-on with the user's Windows

A few months ago, before I joined to company, they had problems with
authentications failing with no apparent changes.  Someone tried the
pre-authentication work-around as below, and that appears to have
completely stopped the problem:


I am investigating whether there is some deeper issue we can know of and
possibly fix, or whether this is just the way it is.  As it has worked
for years before without this, it's easy to think something changed. 
Note that we don't maintain the Active Directory server and getting
information is difficult, but they swear they changed nothing.

I'm reading about the components, but not getting a good understanding
of what is involved.

Question 1: Does the presence of the above work-around mean we are using
the JCIFS NTLM HTTP Authentication Filter?  I read this can't work with

Question 2: Fiddler shows me this authentication information:
-[NTLM Type1: Negotiation]------------------------------
Provider: NTLMSSP
Type: 1
OS Version: 5.1:2600
Flags:    0xa208b207
    Unicode supported in security buffer.
    OEM strings supported in security buffer.
    Request server's authentication realm included in Type2 reply.
    NTLM authentication.
    Client workstation domain provided.  Server can determine if the
client eligible for local authentication.
    Client workstation name provided.  Server can determine if the
client eligible for local authentication.
    Negotiate Always Sign.
    Negotiate NTLM2 Key.
    Supports 56-bit encryption.
    Supports 128-bit encryption.
Domain_Offset: 48; Domain_Length: 4; Domain_Length2: 4
Host_Offset: 40; Host_Length: 8; Host_Length2: 8
Host: AF368408
Domain: APAC

Does this mean the connection is using NTLMv2, or just that it would be
willing to if the server provides it?

Thanks in advance for your help.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/jcifs/attachments/20111020/360c3976/attachment.html>

More information about the jCIFS mailing list