Subject: NtmlHttpAuthenticationFilter - msg#00187

Previous Message by Date: click to view message preview

Re: NtmlHttpAuthenticationFilter

On Thu, 29 Jul 2004 15:35:05 +0200 (MEST) tinytoony@xxxxxx wrote: > Hi there, > > I have been using the NtlmHttpAuthenticationFilter, and I have not had a > problem for a very long time, but since my admins have upgraded to Windows > 2003, the authentication often failed... Still, it works most of the time > - http://jcifs.samba.org/src/docs/ntlmhttpauth.html#signing The user account used for "preauthentication" should only have enough privledges to access IPC$ on the domain controller. This is effectively the server's "workstation account". Mike -- Greedo shoots first? Not in my Star Wars.

Next Message by Date: click to view message preview

Re: Re: Signing is required by the server but passwords are external

Guys, I've changed the web.xml to include some of the additional setting as suggested , i tried all the lmCompatibility setting as well but with no joy. Please can you take a quick look at the web.xml below, just incase i'm doing something really stupid. With the log level set to 10 I get an error straight away. I've attached the output below. Thanks again for you help and patience. Re M <web-app> <filter> <filter-name>NTLM Authentication Filter</filter-name> <filter-class>jcifs.http.NtlmHttpFilter</filter-class> <init-param> <param-name>jcifs.http.domainController</param-name> <param-value>localhost</param-value> </init-param> <init-param> <param-name>jcifs.util.loglevel</param-name> <param-value>10</param-value> </init-param> <init-param> <param-name>jcifs.smb.lmCompatibility</param-name> <param-value>3</param-value> </init-param> <init-param> <param-name>jcifs.smb.username</param-name> <param-value>administrator</param-value> </init-param> <init-param> <param-name>jcifs.smb.password</param-name> <param-value>MYPASSWORD</param-value> </init-param> </filter> <filter-mapping> <filter-name>NTLM Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> jcifs.smb.SmbException: An error occured sending the request. java.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158) at java.net.Socket.connect(Socket.java:452) at java.net.Socket.connect(Socket.java:402) at java.net.Socket.(Socket.java:309) at java.net.Socket.(Socket.java:211) at jcifs.netbios.NbtSocket.(NbtSocket.java:59) at jcifs.smb.SmbTransport.ensureOpen(SmbTransport.java:275) at jcifs.smb.SmbTransport.send(SmbTransport.java:600) at jcifs.smb.SmbTransport.negotiate(SmbTransport.java:854) at jcifs.smb.SmbSession.getChallenge(SmbSession.java:64) at jcifs.smb.SmbSession.getChallenge(SmbSession.java:58) at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:109) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1040) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1151) at java.lang.Thread.run(Thread.java:534) at jcifs.smb.SmbTransport.send(SmbTransport.java:630) at jcifs.smb.SmbTransport.negotiate(SmbTransport.java:854) at jcifs.smb.SmbSession.getChallenge(SmbSession.java:64) at jcifs.smb.SmbSession.getChallenge(SmbSession.java:58) at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:109) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1040) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1151) at java.lang.Thread.run(Thread.java:534) From: Eric Glass <eric.glass@xxxxxxxxx> To: Michael B Allen <mba2000@xxxxxxxxxx> CC: Mush Salee <nimrod786@xxxxxxxxxxx>, jcifs@xxxxxxxxxxxxxxx Subject: Re: Re: [jcifs] Signing is required by the server but passwords are external Date: Wed, 28 Jul 2004 19:55:08 -0400 > > Sounds like it's quite simply not working. Three-strikes-you're-out sounds > like the account is getting locked out. Look at the lmCompatibility > property maybe. Try enabling logging with a jcifs.util.loglevel > init-param. Collect a packet trace [1]. Ask your network admins if the > server supports NTLMv1. Etc.... > This could just be client retries (IE will prompt for a retry three times if the authentication fails, then it just gives up). At this point, a packet capture run on the Tomcat server would be your best bet; send it to Mike and/or myself directly and we can have a look. If you could repost the current version of your web.xml, I can take a final look and make sure nothing seems wrong. Eric _________________________________________________________________ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger

Previous Message by Thread: click to view message preview

Re: NtmlHttpAuthenticationFilter

On Thu, 29 Jul 2004 15:35:05 +0200 (MEST) tinytoony@xxxxxx wrote: > Hi there, > > I have been using the NtlmHttpAuthenticationFilter, and I have not had a > problem for a very long time, but since my admins have upgraded to Windows > 2003, the authentication often failed... Still, it works most of the time > - http://jcifs.samba.org/src/docs/ntlmhttpauth.html#signing The user account used for "preauthentication" should only have enough privledges to access IPC$ on the domain controller. This is effectively the server's "workstation account". Mike -- Greedo shoots first? Not in my Star Wars.

Next Message by Thread: click to view message preview

jcifs-ext password change - UserManagement

When I use the following code against a samba server (RHEL 3, Samba 3.0.4,) I can change exactly 1 password. Subsequent executions against the same user or any other user generate a RapException 86. Have also tried using a bean and persisting the UserManagement object, rather than creating new each time. Am guessing since there are no docs or examples in the latest release on sourceforge (api docs also lack all comments.) Seems as though the connection isn't clearing or something like that, as it will not work again for some time after initial success. Any help would be greatly appreciated. import jcifs.smb.*; import jcifs.rap.*; import jcifs.rap.user.*; public class test { public static void main(String args[]) { java.security.Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); NtlmPasswordAuthentication auth = new NtlmPasswordAuthentication(args[0], args[1], args[2]); try { new UserManagement("127.0.0.1",auth).netUserChangePassword(args[1], args[2], args[3]); } catch (Exception e) { e.printStackTrace(); System.out.println(e.getMessage()); } } } Jim Klein Director Information Services & Technology CNA/CNE 4-6, RHCT/RHCE 3 Saugus Union School District 661-294-5300 X 162