NtlmHttpFilter causing NT User Lockout.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

NtlmHttpFilter causing NT User Lockout.

Geoffrey Hebert
Initially I can get into my application and get my NT UserID (this.getRequest().getRemoteUser();) and store the information in session.  My application is multiple pages of forms (POST).
 
Somehow the NtlmHttpFilter causes an NT User Lockout.
 
I am using IE and Windows 2000 with TomCat.
 
Here is my filter:
 
 
<filter>
    <filter-name>NtlmHttpFilter</filter-name>
    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
 
    <init-param>
        <param-name>jcifs.netbios.wins</param-name>
        <param-value>eadsa10.mydomain.mycompany.com,eadsa11. mydomain.mycompany.com</param-value>
    </init-param>
    <init-param>
        <param-name>jcifs.smb.client.domain</param-name>
        <param-value>xxxx</param-value>
    </init-param>
 
 
</filter>
 
<filter-mapping>
    <filter-name>NtlmHttpFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
 
This comment in the documentation makes me think that my additional forms my be creating the lockout – “negotiating NTLM HTTP Authentication once, IE will not POST any form data until it has negotiated the password hashes again.”


Ring'em or ping'em. Make PC-to-phone calls as low as 1¢/min with Yahoo! Messenger with Voice.
Reply | Threaded
Open this post in threaded view
|

Re: NtlmHttpFilter causing NT User Lockout.

S Wagle
I use this same filter and the application has several POST forms.  I
don't get this same error.  But then I don't have this exact same
configuration.

Just noticed this utility that Windows Server 2003 Resource Kit has.
Not sure about Windows 2000.

See if this helps.

Lockoutstatus.exe: Account Lockout Status
Overview
Account Lockout Status (LockoutStatus) is a combination command-line and
GUI tool that displays lockout information about a particular user
account. LockoutStatus collects information from every contactable
domain controller in the target user account's domain.



Geoffrey Hebert wrote:

> Initially I can get into my application and get my NT UserID
> (this.getRequest().getRemoteUser();) and store the information in
> session.  My application is multiple pages of forms (POST).
>  
> Somehow the *NtlmHttpFilter*
> <http://news.gmane.org/find-root.php?message_id=%3cd34867f20606170537m5cc1449ei79fd38cadb3ea1c7%40mail.gmail.com%3e>
> causes an NT User Lockout.
>  
> I am using IE and Windows 2000 with TomCat.
>  
> Here is my filter:
>  
>  
> <filter>
>     <filter-name>NtlmHttpFilter</filter-name>
>     <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>  
>     <init-param>
>         <param-name>jcifs.netbios.wins</param-name>
>         <param-value>eadsa10.mydomain.mycompany.com,eadsa11.
> mydomain.mycompany.com</param-value>
>     </init-param>
>     <init-param>
>         <param-name>jcifs.smb.client.domain</param-name>
>         <param-value>xxxx</param-value>
>     </init-param>
>  
>  
> </filter>
>  
> <filter-mapping>
>     <filter-name>NtlmHttpFilter</filter-name>
>     <url-pattern>/*</url-pattern>
> </filter-mapping>
>  
> This comment in the documentation makes me think that my additional
> forms my be creating the lockout – “negotiating NTLM HTTP Authentication
> once, IE will not POST any form data until it has negotiated the
> password hashes again.”
>
> ------------------------------------------------------------------------
> Ring'em or ping'em. Make PC-to-phone calls as low as 1¢/min
> <http://us.rd.yahoo.com/mail_us/taglines/postman11/*http://us.rd.yahoo.com/evt=39666/*http://voice.yahoo.com>
> with Yahoo! Messenger with Voice.