Only the first login is successful

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Only the first login is successful

Mike Bennett-2
Using a plain jboss-3.2.7 server, I have a web app configured to use
NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
multiple users/browsers cannot log on to the server at the same time.
The first login goes through correctly and the user can access the
app.  Any login thereafter (from a different machine, from a different
user, from the same user on the same computer but with a different
browser) fails with no error message just as if the user or password
were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
I've been using for quite a while.  I was hoping to upgrade to take
advantage of some of the other fixes.

Is this a configuration problem or something else?  My web.xml section
is pretty plain :

<filter>
    <filter-name>NTML HTTP Authentication Filter</filter-name>
    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
    <init-param>
        <param-name>jcifs.smb.client.domain</param-name>
        <param-value>MYDOMAIN</param-value>
        </init-param>
    <init-param>
        <param-name>jcifs.http.domainController</param-name>
        <param-value>mydc</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>NTML HTTP Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
Reply | Threaded
Open this post in threaded view
|

Re: Only the first login is successful

Yannick-9
Hi Mike,

You probably need to use pre-authentication. So you need to setup a user
account on the domain that you can use to do so, then add the following
parameters in your web.xml file:

    <init-param>
        <param-name>jcifs.smb.client.username</param-name>
        <param-value>UserAccountName</param-value>
    </init-param>

    <init-param>
        <param-name>jcifs.smb.client.password</param-name>
        <param-value>PasswordOfTheUserAccount</param-value>
    </init-param>

Hope this helps
Regards
Yannick

Mike Bennett wrote:

>Using a plain jboss-3.2.7 server, I have a web app configured to use
>NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
>multiple users/browsers cannot log on to the server at the same time.
>The first login goes through correctly and the user can access the
>app.  Any login thereafter (from a different machine, from a different
>user, from the same user on the same computer but with a different
>browser) fails with no error message just as if the user or password
>were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
>I've been using for quite a while.  I was hoping to upgrade to take
>advantage of some of the other fixes.
>
>Is this a configuration problem or something else?  My web.xml section
>is pretty plain :
>
><filter>
>    <filter-name>NTML HTTP Authentication Filter</filter-name>
>    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>    <init-param>
>        <param-name>jcifs.smb.client.domain</param-name>
>        <param-value>MYDOMAIN</param-value>
> </init-param>
>    <init-param>
>        <param-name>jcifs.http.domainController</param-name>
>        <param-value>mydc</param-value>
>    </init-param>
></filter>
><filter-mapping>
>    <filter-name>NTML HTTP Authentication Filter</filter-name>
>    <url-pattern>/*</url-pattern>
></filter-mapping>
>
>  
>

Reply | Threaded
Open this post in threaded view
|

Re: Only the first login is successful

Mike Bennett-2
If I put a valid normal user account in those parameters, then no
login works.  If this requires a special user account on the domain
then I don't think it's viable for my situation, where the app will
reside on another corporation's server.

Thanks for the suggestion, though.

On 12/6/05, Yannick <[hidden email]> wrote:

> Hi Mike,
>
> You probably need to use pre-authentication. So you need to setup a user
> account on the domain that you can use to do so, then add the following
> parameters in your web.xml file:
>
>     <init-param>
>         <param-name>jcifs.smb.client.username</param-name>
>         <param-value>UserAccountName</param-value>
>     </init-param>
>
>     <init-param>
>         <param-name>jcifs.smb.client.password</param-name>
>         <param-value>PasswordOfTheUserAccount</param-value>
>     </init-param>
>
> Hope this helps
> Regards
> Yannick
>
> Mike Bennett wrote:
>
> >Using a plain jboss-3.2.7 server, I have a web app configured to use
> >NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> >multiple users/browsers cannot log on to the server at the same time.
> >The first login goes through correctly and the user can access the
> >app.  Any login thereafter (from a different machine, from a different
> >user, from the same user on the same computer but with a different
> >browser) fails with no error message just as if the user or password
> >were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
> >I've been using for quite a while.  I was hoping to upgrade to take
> >advantage of some of the other fixes.
> >
> >Is this a configuration problem or something else?  My web.xml section
> >is pretty plain :
> >
> ><filter>
> >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> >    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> >    <init-param>
> >        <param-name>jcifs.smb.client.domain</param-name>
> >        <param-value>MYDOMAIN</param-value>
> >       </init-param>
> >    <init-param>
> >        <param-name>jcifs.http.domainController</param-name>
> >        <param-value>mydc</param-value>
> >    </init-param>
> ></filter>
> ><filter-mapping>
> >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> >    <url-pattern>/*</url-pattern>
> ></filter-mapping>
> >
> >
> >
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Only the first login is successful

Andrew Miller-3
I had a similar problem.  I don't have time right now for a more
thorough response, but you might want to see the thread from Nov 10th
called "Load balancing required for preauthentication?"

http://lists.samba.org/archive/jcifs/2005-November/005683.html

I don't think anything has changed in the source since that
discussion.  You might just try turning on load balancing if it's not
already.

-Andy

On 12/6/05, Mike Bennett <[hidden email]> wrote:

> If I put a valid normal user account in those parameters, then no
> login works.  If this requires a special user account on the domain
> then I don't think it's viable for my situation, where the app will
> reside on another corporation's server.
>
> Thanks for the suggestion, though.
>
> On 12/6/05, Yannick <[hidden email]> wrote:
> > Hi Mike,
> >
> > You probably need to use pre-authentication. So you need to setup a user
> > account on the domain that you can use to do so, then add the following
> > parameters in your web.xml file:
> >
> >     <init-param>
> >         <param-name>jcifs.smb.client.username</param-name>
> >         <param-value>UserAccountName</param-value>
> >     </init-param>
> >
> >     <init-param>
> >         <param-name>jcifs.smb.client.password</param-name>
> >         <param-value>PasswordOfTheUserAccount</param-value>
> >     </init-param>
> >
> > Hope this helps
> > Regards
> > Yannick
> >
> > Mike Bennett wrote:
> >
> > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > >NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > >multiple users/browsers cannot log on to the server at the same time.
> > >The first login goes through correctly and the user can access the
> > >app.  Any login thereafter (from a different machine, from a different
> > >user, from the same user on the same computer but with a different
> > >browser) fails with no error message just as if the user or password
> > >were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
> > >I've been using for quite a while.  I was hoping to upgrade to take
> > >advantage of some of the other fixes.
> > >
> > >Is this a configuration problem or something else?  My web.xml section
> > >is pretty plain :
> > >
> > ><filter>
> > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > >    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > >    <init-param>
> > >        <param-name>jcifs.smb.client.domain</param-name>
> > >        <param-value>MYDOMAIN</param-value>
> > >       </init-param>
> > >    <init-param>
> > >        <param-name>jcifs.http.domainController</param-name>
> > >        <param-value>mydc</param-value>
> > >    </init-param>
> > ></filter>
> > ><filter-mapping>
> > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > >    <url-pattern>/*</url-pattern>
> > ></filter-mapping>
> > >
> > >
> > >
> >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Only the first login is successful

Mike Bennett-2
Enabling load balancing (which the documenation says is on by default) via :
    <init-param>
        <param-name>jcifs.http.loadBalance</param-name>
        <param-value>true</param-value>
    </init-param>

Didn't fix the problem.  I only specified the one domain controller,
anyway, so there was nothing to balance against.

On 12/6/05, Andrew Miller <[hidden email]> wrote:

> I had a similar problem.  I don't have time right now for a more
> thorough response, but you might want to see the thread from Nov 10th
> called "Load balancing required for preauthentication?"
>
> http://lists.samba.org/archive/jcifs/2005-November/005683.html
>
> I don't think anything has changed in the source since that
> discussion.  You might just try turning on load balancing if it's not
> already.
>
> -Andy
>
> On 12/6/05, Mike Bennett <[hidden email]> wrote:
> > If I put a valid normal user account in those parameters, then no
> > login works.  If this requires a special user account on the domain
> > then I don't think it's viable for my situation, where the app will
> > reside on another corporation's server.
> >
> > Thanks for the suggestion, though.
> >
> > On 12/6/05, Yannick <[hidden email]> wrote:
> > > Hi Mike,
> > >
> > > You probably need to use pre-authentication. So you need to setup a user
> > > account on the domain that you can use to do so, then add the following
> > > parameters in your web.xml file:
> > >
> > >     <init-param>
> > >         <param-name>jcifs.smb.client.username</param-name>
> > >         <param-value>UserAccountName</param-value>
> > >     </init-param>
> > >
> > >     <init-param>
> > >         <param-name>jcifs.smb.client.password</param-name>
> > >         <param-value>PasswordOfTheUserAccount</param-value>
> > >     </init-param>
> > >
> > > Hope this helps
> > > Regards
> > > Yannick
> > >
> > > Mike Bennett wrote:
> > >
> > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > >NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > >multiple users/browsers cannot log on to the server at the same time.
> > > >The first login goes through correctly and the user can access the
> > > >app.  Any login thereafter (from a different machine, from a different
> > > >user, from the same user on the same computer but with a different
> > > >browser) fails with no error message just as if the user or password
> > > >were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
> > > >I've been using for quite a while.  I was hoping to upgrade to take
> > > >advantage of some of the other fixes.
> > > >
> > > >Is this a configuration problem or something else?  My web.xml section
> > > >is pretty plain :
> > > >
> > > ><filter>
> > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > >    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > >    <init-param>
> > > >        <param-name>jcifs.smb.client.domain</param-name>
> > > >        <param-value>MYDOMAIN</param-value>
> > > >       </init-param>
> > > >    <init-param>
> > > >        <param-name>jcifs.http.domainController</param-name>
> > > >        <param-value>mydc</param-value>
> > > >    </init-param>
> > > ></filter>
> > > ><filter-mapping>
> > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > >    <url-pattern>/*</url-pattern>
> > > ></filter-mapping>
> > > >
> > > >
> > > >
> > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Only the first login is successful

Michael B Allen-4
Load balancing (and thus preauthentication) will only be used if the
jcifs.http.domainController is NOT specified.

An easier fix is probably to just change the code to perform
preauthentiction without load balancing. I *think* all you need to do
is apply the following changes to src/jcifs/smb/SmbSession.java:

--- SmbSession.java 2005-10-07 19:56:56.000000000 -0400
+++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
@@ -67,8 +67,7 @@
     static long dc_list_expiration;
     static int dc_list_counter;
 
-    private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
-        UniAddress dc = new UniAddress( addr );
+    private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
         SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
         if (USERNAME == null) {
             trans.connect();
@@ -108,7 +107,7 @@
                 int i = dc_list_counter++ % max;
                 if (dc_list[i] != null) {
                     try {
-                        return interrogate( dc_list[i] );
+                        return interrogate( new UniAddress( dc_list[i] ));
                     } catch (SmbException se) {
                         if (SmbTransport.log.level > 1) {
                             SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
@@ -129,7 +128,7 @@
 
     public static byte[] getChallenge( UniAddress dc )
                 throws SmbException, UnknownHostException {
-        return getChallenge(dc, 0);
+        return interrogate( dc );
     }
 
     public static byte[] getChallenge( UniAddress dc, int port )

I don't know why this wasn't done in the first place. Just an oversight
I guess. It happends.

The patchfile is also attached. On unix systems (at least) you can apply
this patch like:

  $ cd src/jcifs/smb
  $ patch -p0 < /tmp/PreauthWithoutLoadBal.patch

This is all TOTALLY untested though. Please let us know if it doesn't
compile and/or work.

Mike


On Mon, 12 Dec 2005 12:15:39 -0700
Mike Bennett <[hidden email]> wrote:

> Enabling load balancing (which the documenation says is on by default) via :
>     <init-param>
>         <param-name>jcifs.http.loadBalance</param-name>
>         <param-value>true</param-value>
>     </init-param>
>
> Didn't fix the problem.  I only specified the one domain controller,
> anyway, so there was nothing to balance against.
>
> On 12/6/05, Andrew Miller <[hidden email]> wrote:
> > I had a similar problem.  I don't have time right now for a more
> > thorough response, but you might want to see the thread from Nov 10th
> > called "Load balancing required for preauthentication?"
> >
> > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> >
> > I don't think anything has changed in the source since that
> > discussion.  You might just try turning on load balancing if it's not
> > already.
> >
> > -Andy
> >
> > On 12/6/05, Mike Bennett <[hidden email]> wrote:
> > > If I put a valid normal user account in those parameters, then no
> > > login works.  If this requires a special user account on the domain
> > > then I don't think it's viable for my situation, where the app will
> > > reside on another corporation's server.
> > >
> > > Thanks for the suggestion, though.
> > >
> > > On 12/6/05, Yannick <[hidden email]> wrote:
> > > > Hi Mike,
> > > >
> > > > You probably need to use pre-authentication. So you need to setup a user
> > > > account on the domain that you can use to do so, then add the following
> > > > parameters in your web.xml file:
> > > >
> > > >     <init-param>
> > > >         <param-name>jcifs.smb.client.username</param-name>
> > > >         <param-value>UserAccountName</param-value>
> > > >     </init-param>
> > > >
> > > >     <init-param>
> > > >         <param-name>jcifs.smb.client.password</param-name>
> > > >         <param-value>PasswordOfTheUserAccount</param-value>
> > > >     </init-param>
> > > >
> > > > Hope this helps
> > > > Regards
> > > > Yannick
> > > >
> > > > Mike Bennett wrote:
> > > >
> > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > >NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > >The first login goes through correctly and the user can access the
> > > > >app.  Any login thereafter (from a different machine, from a different
> > > > >user, from the same user on the same computer but with a different
> > > > >browser) fails with no error message just as if the user or password
> > > > >were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
> > > > >I've been using for quite a while.  I was hoping to upgrade to take
> > > > >advantage of some of the other fixes.
> > > > >
> > > > >Is this a configuration problem or something else?  My web.xml section
> > > > >is pretty plain :
> > > > >
> > > > ><filter>
> > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > >    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > >    <init-param>
> > > > >        <param-name>jcifs.smb.client.domain</param-name>
> > > > >        <param-value>MYDOMAIN</param-value>
> > > > >       </init-param>
> > > > >    <init-param>
> > > > >        <param-name>jcifs.http.domainController</param-name>
> > > > >        <param-value>mydc</param-value>
> > > > >    </init-param>
> > > > ></filter>
> > > > ><filter-mapping>
> > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > >    <url-pattern>/*</url-pattern>
> > > > ></filter-mapping>
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Only the first login is successful

Mike Bennett-2
It doesn't compile.
In this change :
      public static byte[] getChallenge( UniAddress dc )
                  throws SmbException, UnknownHostException {
 -        return getChallenge(dc, 0);
 +        return interrogate( dc );
      }
it's expecting a byte[], but interrogate returns NtlmChallenge.


On 12/12/05, Michael B Allen <[hidden email]> wrote:

> Load balancing (and thus preauthentication) will only be used if the
> jcifs.http.domainController is NOT specified.
>
> An easier fix is probably to just change the code to perform
> preauthentiction without load balancing. I *think* all you need to do
> is apply the following changes to src/jcifs/smb/SmbSession.java:
>
> --- SmbSession.java     2005-10-07 19:56:56.000000000 -0400
> +++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
> @@ -67,8 +67,7 @@
>      static long dc_list_expiration;
>      static int dc_list_counter;
>
> -    private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
> -        UniAddress dc = new UniAddress( addr );
> +    private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
>          SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
>          if (USERNAME == null) {
>              trans.connect();
> @@ -108,7 +107,7 @@
>                  int i = dc_list_counter++ % max;
>                  if (dc_list[i] != null) {
>                      try {
> -                        return interrogate( dc_list[i] );
> +                        return interrogate( new UniAddress( dc_list[i] ));
>                      } catch (SmbException se) {
>                          if (SmbTransport.log.level > 1) {
>                              SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
> @@ -129,7 +128,7 @@
>
>      public static byte[] getChallenge( UniAddress dc )
>                  throws SmbException, UnknownHostException {
> -        return getChallenge(dc, 0);
> +        return interrogate( dc );
>      }
>
>      public static byte[] getChallenge( UniAddress dc, int port )
>
> I don't know why this wasn't done in the first place. Just an oversight
> I guess. It happends.
>
> The patchfile is also attached. On unix systems (at least) you can apply
> this patch like:
>
>   $ cd src/jcifs/smb
>   $ patch -p0 < /tmp/PreauthWithoutLoadBal.patch
>
> This is all TOTALLY untested though. Please let us know if it doesn't
> compile and/or work.
>
> Mike
>
>
> On Mon, 12 Dec 2005 12:15:39 -0700
> Mike Bennett <[hidden email]> wrote:
>
> > Enabling load balancing (which the documenation says is on by default) via :
> >     <init-param>
> >         <param-name>jcifs.http.loadBalance</param-name>
> >         <param-value>true</param-value>
> >     </init-param>
> >
> > Didn't fix the problem.  I only specified the one domain controller,
> > anyway, so there was nothing to balance against.
> >
> > On 12/6/05, Andrew Miller <[hidden email]> wrote:
> > > I had a similar problem.  I don't have time right now for a more
> > > thorough response, but you might want to see the thread from Nov 10th
> > > called "Load balancing required for preauthentication?"
> > >
> > > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> > >
> > > I don't think anything has changed in the source since that
> > > discussion.  You might just try turning on load balancing if it's not
> > > already.
> > >
> > > -Andy
> > >
> > > On 12/6/05, Mike Bennett <[hidden email]> wrote:
> > > > If I put a valid normal user account in those parameters, then no
> > > > login works.  If this requires a special user account on the domain
> > > > then I don't think it's viable for my situation, where the app will
> > > > reside on another corporation's server.
> > > >
> > > > Thanks for the suggestion, though.
> > > >
> > > > On 12/6/05, Yannick <[hidden email]> wrote:
> > > > > Hi Mike,
> > > > >
> > > > > You probably need to use pre-authentication. So you need to setup a user
> > > > > account on the domain that you can use to do so, then add the following
> > > > > parameters in your web.xml file:
> > > > >
> > > > >     <init-param>
> > > > >         <param-name>jcifs.smb.client.username</param-name>
> > > > >         <param-value>UserAccountName</param-value>
> > > > >     </init-param>
> > > > >
> > > > >     <init-param>
> > > > >         <param-name>jcifs.smb.client.password</param-name>
> > > > >         <param-value>PasswordOfTheUserAccount</param-value>
> > > > >     </init-param>
> > > > >
> > > > > Hope this helps
> > > > > Regards
> > > > > Yannick
> > > > >
> > > > > Mike Bennett wrote:
> > > > >
> > > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > > >NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > > >The first login goes through correctly and the user can access the
> > > > > >app.  Any login thereafter (from a different machine, from a different
> > > > > >user, from the same user on the same computer but with a different
> > > > > >browser) fails with no error message just as if the user or password
> > > > > >were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
> > > > > >I've been using for quite a while.  I was hoping to upgrade to take
> > > > > >advantage of some of the other fixes.
> > > > > >
> > > > > >Is this a configuration problem or something else?  My web.xml section
> > > > > >is pretty plain :
> > > > > >
> > > > > ><filter>
> > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > >    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > > >    <init-param>
> > > > > >        <param-name>jcifs.smb.client.domain</param-name>
> > > > > >        <param-value>MYDOMAIN</param-value>
> > > > > >       </init-param>
> > > > > >    <init-param>
> > > > > >        <param-name>jcifs.http.domainController</param-name>
> > > > > >        <param-value>mydc</param-value>
> > > > > >    </init-param>
> > > > > ></filter>
> > > > > ><filter-mapping>
> > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > >    <url-pattern>/*</url-pattern>
> > > > > ></filter-mapping>
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Only the first login is successful

Michael B Allen-4
On Mon, 12 Dec 2005 13:47:11 -0700
Mike Bennett <[hidden email]> wrote:

> It doesn't compile.
> In this change :
>       public static byte[] getChallenge( UniAddress dc )
>                   throws SmbException, UnknownHostException {
>  -        return getChallenge(dc, 0);
>  +        return interrogate( dc );

Then make it:

  return interrogate( dc ).challenge;

Mike

>       }
> it's expecting a byte[], but interrogate returns NtlmChallenge.
>
>
> On 12/12/05, Michael B Allen <[hidden email]> wrote:
> > Load balancing (and thus preauthentication) will only be used if the
> > jcifs.http.domainController is NOT specified.
> >
> > An easier fix is probably to just change the code to perform
> > preauthentiction without load balancing. I *think* all you need to do
> > is apply the following changes to src/jcifs/smb/SmbSession.java:
> >
> > --- SmbSession.java     2005-10-07 19:56:56.000000000 -0400
> > +++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
> > @@ -67,8 +67,7 @@
> >      static long dc_list_expiration;
> >      static int dc_list_counter;
> >
> > -    private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
> > -        UniAddress dc = new UniAddress( addr );
> > +    private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
> >          SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
> >          if (USERNAME == null) {
> >              trans.connect();
> > @@ -108,7 +107,7 @@
> >                  int i = dc_list_counter++ % max;
> >                  if (dc_list[i] != null) {
> >                      try {
> > -                        return interrogate( dc_list[i] );
> > +                        return interrogate( new UniAddress( dc_list[i] ));
> >                      } catch (SmbException se) {
> >                          if (SmbTransport.log.level > 1) {
> >                              SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
> > @@ -129,7 +128,7 @@
> >
> >      public static byte[] getChallenge( UniAddress dc )
> >                  throws SmbException, UnknownHostException {
> > -        return getChallenge(dc, 0);
> > +        return interrogate( dc );
> >      }
> >
> >      public static byte[] getChallenge( UniAddress dc, int port )
> >
> > I don't know why this wasn't done in the first place. Just an oversight
> > I guess. It happends.
> >
> > The patchfile is also attached. On unix systems (at least) you can apply
> > this patch like:
> >
> >   $ cd src/jcifs/smb
> >   $ patch -p0 < /tmp/PreauthWithoutLoadBal.patch
> >
> > This is all TOTALLY untested though. Please let us know if it doesn't
> > compile and/or work.
> >
> > Mike
> >
> >
> > On Mon, 12 Dec 2005 12:15:39 -0700
> > Mike Bennett <[hidden email]> wrote:
> >
> > > Enabling load balancing (which the documenation says is on by default) via :
> > >     <init-param>
> > >         <param-name>jcifs.http.loadBalance</param-name>
> > >         <param-value>true</param-value>
> > >     </init-param>
> > >
> > > Didn't fix the problem.  I only specified the one domain controller,
> > > anyway, so there was nothing to balance against.
> > >
> > > On 12/6/05, Andrew Miller <[hidden email]> wrote:
> > > > I had a similar problem.  I don't have time right now for a more
> > > > thorough response, but you might want to see the thread from Nov 10th
> > > > called "Load balancing required for preauthentication?"
> > > >
> > > > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> > > >
> > > > I don't think anything has changed in the source since that
> > > > discussion.  You might just try turning on load balancing if it's not
> > > > already.
> > > >
> > > > -Andy
> > > >
> > > > On 12/6/05, Mike Bennett <[hidden email]> wrote:
> > > > > If I put a valid normal user account in those parameters, then no
> > > > > login works.  If this requires a special user account on the domain
> > > > > then I don't think it's viable for my situation, where the app will
> > > > > reside on another corporation's server.
> > > > >
> > > > > Thanks for the suggestion, though.
> > > > >
> > > > > On 12/6/05, Yannick <[hidden email]> wrote:
> > > > > > Hi Mike,
> > > > > >
> > > > > > You probably need to use pre-authentication. So you need to setup a user
> > > > > > account on the domain that you can use to do so, then add the following
> > > > > > parameters in your web.xml file:
> > > > > >
> > > > > >     <init-param>
> > > > > >         <param-name>jcifs.smb.client.username</param-name>
> > > > > >         <param-value>UserAccountName</param-value>
> > > > > >     </init-param>
> > > > > >
> > > > > >     <init-param>
> > > > > >         <param-name>jcifs.smb.client.password</param-name>
> > > > > >         <param-value>PasswordOfTheUserAccount</param-value>
> > > > > >     </init-param>
> > > > > >
> > > > > > Hope this helps
> > > > > > Regards
> > > > > > Yannick
> > > > > >
> > > > > > Mike Bennett wrote:
> > > > > >
> > > > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > > > >NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > > > >The first login goes through correctly and the user can access the
> > > > > > >app.  Any login thereafter (from a different machine, from a different
> > > > > > >user, from the same user on the same computer but with a different
> > > > > > >browser) fails with no error message just as if the user or password
> > > > > > >were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
> > > > > > >I've been using for quite a while.  I was hoping to upgrade to take
> > > > > > >advantage of some of the other fixes.
> > > > > > >
> > > > > > >Is this a configuration problem or something else?  My web.xml section
> > > > > > >is pretty plain :
> > > > > > >
> > > > > > ><filter>
> > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > >    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > > > >    <init-param>
> > > > > > >        <param-name>jcifs.smb.client.domain</param-name>
> > > > > > >        <param-value>MYDOMAIN</param-value>
> > > > > > >       </init-param>
> > > > > > >    <init-param>
> > > > > > >        <param-name>jcifs.http.domainController</param-name>
> > > > > > >        <param-value>mydc</param-value>
> > > > > > >    </init-param>
> > > > > > ></filter>
> > > > > > ><filter-mapping>
> > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > >    <url-pattern>/*</url-pattern>
> > > > > > ></filter-mapping>
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Only the first login is successful

Mike Bennett-2
Using load balancing and a specified username and password
(preauthentication?) with unmodified 1.2.7 gives the same "first login
only" behaviour.

Using the modifed version with a specified username and password
causes the error :
jcifs.smb.SmbAuthException: Logon failure: account currently disabled.

Using the modifed version without a specified username and password
gives the same "first login only" behaviour.

On 12/12/05, Michael B Allen <[hidden email]> wrote:

> On Mon, 12 Dec 2005 13:47:11 -0700
> Mike Bennett <[hidden email]> wrote:
>
> > It doesn't compile.
> > In this change :
> >       public static byte[] getChallenge( UniAddress dc )
> >                   throws SmbException, UnknownHostException {
> >  -        return getChallenge(dc, 0);
> >  +        return interrogate( dc );
>
> Then make it:
>
>   return interrogate( dc ).challenge;
>
> Mike
>
> >       }
> > it's expecting a byte[], but interrogate returns NtlmChallenge.
> >
> >
> > On 12/12/05, Michael B Allen <[hidden email]> wrote:
> > > Load balancing (and thus preauthentication) will only be used if the
> > > jcifs.http.domainController is NOT specified.
> > >
> > > An easier fix is probably to just change the code to perform
> > > preauthentiction without load balancing. I *think* all you need to do
> > > is apply the following changes to src/jcifs/smb/SmbSession.java:
> > >
> > > --- SmbSession.java     2005-10-07 19:56:56.000000000 -0400
> > > +++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
> > > @@ -67,8 +67,7 @@
> > >      static long dc_list_expiration;
> > >      static int dc_list_counter;
> > >
> > > -    private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
> > > -        UniAddress dc = new UniAddress( addr );
> > > +    private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
> > >          SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
> > >          if (USERNAME == null) {
> > >              trans.connect();
> > > @@ -108,7 +107,7 @@
> > >                  int i = dc_list_counter++ % max;
> > >                  if (dc_list[i] != null) {
> > >                      try {
> > > -                        return interrogate( dc_list[i] );
> > > +                        return interrogate( new UniAddress( dc_list[i] ));
> > >                      } catch (SmbException se) {
> > >                          if (SmbTransport.log.level > 1) {
> > >                              SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
> > > @@ -129,7 +128,7 @@
> > >
> > >      public static byte[] getChallenge( UniAddress dc )
> > >                  throws SmbException, UnknownHostException {
> > > -        return getChallenge(dc, 0);
> > > +        return interrogate( dc );
> > >      }
> > >
> > >      public static byte[] getChallenge( UniAddress dc, int port )
> > >
> > > I don't know why this wasn't done in the first place. Just an oversight
> > > I guess. It happends.
> > >
> > > The patchfile is also attached. On unix systems (at least) you can apply
> > > this patch like:
> > >
> > >   $ cd src/jcifs/smb
> > >   $ patch -p0 < /tmp/PreauthWithoutLoadBal.patch
> > >
> > > This is all TOTALLY untested though. Please let us know if it doesn't
> > > compile and/or work.
> > >
> > > Mike
> > >
> > >
> > > On Mon, 12 Dec 2005 12:15:39 -0700
> > > Mike Bennett <[hidden email]> wrote:
> > >
> > > > Enabling load balancing (which the documenation says is on by default) via :
> > > >     <init-param>
> > > >         <param-name>jcifs.http.loadBalance</param-name>
> > > >         <param-value>true</param-value>
> > > >     </init-param>
> > > >
> > > > Didn't fix the problem.  I only specified the one domain controller,
> > > > anyway, so there was nothing to balance against.
> > > >
> > > > On 12/6/05, Andrew Miller <[hidden email]> wrote:
> > > > > I had a similar problem.  I don't have time right now for a more
> > > > > thorough response, but you might want to see the thread from Nov 10th
> > > > > called "Load balancing required for preauthentication?"
> > > > >
> > > > > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> > > > >
> > > > > I don't think anything has changed in the source since that
> > > > > discussion.  You might just try turning on load balancing if it's not
> > > > > already.
> > > > >
> > > > > -Andy
> > > > >
> > > > > On 12/6/05, Mike Bennett <[hidden email]> wrote:
> > > > > > If I put a valid normal user account in those parameters, then no
> > > > > > login works.  If this requires a special user account on the domain
> > > > > > then I don't think it's viable for my situation, where the app will
> > > > > > reside on another corporation's server.
> > > > > >
> > > > > > Thanks for the suggestion, though.
> > > > > >
> > > > > > On 12/6/05, Yannick <[hidden email]> wrote:
> > > > > > > Hi Mike,
> > > > > > >
> > > > > > > You probably need to use pre-authentication. So you need to setup a user
> > > > > > > account on the domain that you can use to do so, then add the following
> > > > > > > parameters in your web.xml file:
> > > > > > >
> > > > > > >     <init-param>
> > > > > > >         <param-name>jcifs.smb.client.username</param-name>
> > > > > > >         <param-value>UserAccountName</param-value>
> > > > > > >     </init-param>
> > > > > > >
> > > > > > >     <init-param>
> > > > > > >         <param-name>jcifs.smb.client.password</param-name>
> > > > > > >         <param-value>PasswordOfTheUserAccount</param-value>
> > > > > > >     </init-param>
> > > > > > >
> > > > > > > Hope this helps
> > > > > > > Regards
> > > > > > > Yannick
> > > > > > >
> > > > > > > Mike Bennett wrote:
> > > > > > >
> > > > > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > > > > >NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > > > > >The first login goes through correctly and the user can access the
> > > > > > > >app.  Any login thereafter (from a different machine, from a different
> > > > > > > >user, from the same user on the same computer but with a different
> > > > > > > >browser) fails with no error message just as if the user or password
> > > > > > > >were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
> > > > > > > >I've been using for quite a while.  I was hoping to upgrade to take
> > > > > > > >advantage of some of the other fixes.
> > > > > > > >
> > > > > > > >Is this a configuration problem or something else?  My web.xml section
> > > > > > > >is pretty plain :
> > > > > > > >
> > > > > > > ><filter>
> > > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > >    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > > > > >    <init-param>
> > > > > > > >        <param-name>jcifs.smb.client.domain</param-name>
> > > > > > > >        <param-value>MYDOMAIN</param-value>
> > > > > > > >       </init-param>
> > > > > > > >    <init-param>
> > > > > > > >        <param-name>jcifs.http.domainController</param-name>
> > > > > > > >        <param-value>mydc</param-value>
> > > > > > > >    </init-param>
> > > > > > > ></filter>
> > > > > > > ><filter-mapping>
> > > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > >    <url-pattern>/*</url-pattern>
> > > > > > > ></filter-mapping>
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Only the first login is successful

Michael B Allen-4
Well I don't know how to get preauth with jcifs.http.domainController to
work then. Why can't you use the default method (jcifs.smb.client.domain
and not jcifs.http.domainController)?

On Mon, 12 Dec 2005 14:57:32 -0700
Mike Bennett <[hidden email]> wrote:

> Using load balancing and a specified username and password
> (preauthentication?) with unmodified 1.2.7 gives the same "first login
> only" behaviour.
>
> Using the modifed version with a specified username and password
> causes the error :
> jcifs.smb.SmbAuthException: Logon failure: account currently disabled.
>
> Using the modifed version without a specified username and password
> gives the same "first login only" behaviour.
>
> On 12/12/05, Michael B Allen <[hidden email]> wrote:
> > On Mon, 12 Dec 2005 13:47:11 -0700
> > Mike Bennett <[hidden email]> wrote:
> >
> > > It doesn't compile.
> > > In this change :
> > >       public static byte[] getChallenge( UniAddress dc )
> > >                   throws SmbException, UnknownHostException {
> > >  -        return getChallenge(dc, 0);
> > >  +        return interrogate( dc );
> >
> > Then make it:
> >
> >   return interrogate( dc ).challenge;
> >
> > Mike
> >
> > >       }
> > > it's expecting a byte[], but interrogate returns NtlmChallenge.
> > >
> > >
> > > On 12/12/05, Michael B Allen <[hidden email]> wrote:
> > > > Load balancing (and thus preauthentication) will only be used if the
> > > > jcifs.http.domainController is NOT specified.
> > > >
> > > > An easier fix is probably to just change the code to perform
> > > > preauthentiction without load balancing. I *think* all you need to do
> > > > is apply the following changes to src/jcifs/smb/SmbSession.java:
> > > >
> > > > --- SmbSession.java     2005-10-07 19:56:56.000000000 -0400
> > > > +++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
> > > > @@ -67,8 +67,7 @@
> > > >      static long dc_list_expiration;
> > > >      static int dc_list_counter;
> > > >
> > > > -    private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
> > > > -        UniAddress dc = new UniAddress( addr );
> > > > +    private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
> > > >          SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
> > > >          if (USERNAME == null) {
> > > >              trans.connect();
> > > > @@ -108,7 +107,7 @@
> > > >                  int i = dc_list_counter++ % max;
> > > >                  if (dc_list[i] != null) {
> > > >                      try {
> > > > -                        return interrogate( dc_list[i] );
> > > > +                        return interrogate( new UniAddress( dc_list[i] ));
> > > >                      } catch (SmbException se) {
> > > >                          if (SmbTransport.log.level > 1) {
> > > >                              SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
> > > > @@ -129,7 +128,7 @@
> > > >
> > > >      public static byte[] getChallenge( UniAddress dc )
> > > >                  throws SmbException, UnknownHostException {
> > > > -        return getChallenge(dc, 0);
> > > > +        return interrogate( dc );
> > > >      }
> > > >
> > > >      public static byte[] getChallenge( UniAddress dc, int port )
> > > >
> > > > I don't know why this wasn't done in the first place. Just an oversight
> > > > I guess. It happends.
> > > >
> > > > The patchfile is also attached. On unix systems (at least) you can apply
> > > > this patch like:
> > > >
> > > >   $ cd src/jcifs/smb
> > > >   $ patch -p0 < /tmp/PreauthWithoutLoadBal.patch
> > > >
> > > > This is all TOTALLY untested though. Please let us know if it doesn't
> > > > compile and/or work.
> > > >
> > > > Mike
> > > >
> > > >
> > > > On Mon, 12 Dec 2005 12:15:39 -0700
> > > > Mike Bennett <[hidden email]> wrote:
> > > >
> > > > > Enabling load balancing (which the documenation says is on by default) via :
> > > > >     <init-param>
> > > > >         <param-name>jcifs.http.loadBalance</param-name>
> > > > >         <param-value>true</param-value>
> > > > >     </init-param>
> > > > >
> > > > > Didn't fix the problem.  I only specified the one domain controller,
> > > > > anyway, so there was nothing to balance against.
> > > > >
> > > > > On 12/6/05, Andrew Miller <[hidden email]> wrote:
> > > > > > I had a similar problem.  I don't have time right now for a more
> > > > > > thorough response, but you might want to see the thread from Nov 10th
> > > > > > called "Load balancing required for preauthentication?"
> > > > > >
> > > > > > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> > > > > >
> > > > > > I don't think anything has changed in the source since that
> > > > > > discussion.  You might just try turning on load balancing if it's not
> > > > > > already.
> > > > > >
> > > > > > -Andy
> > > > > >
> > > > > > On 12/6/05, Mike Bennett <[hidden email]> wrote:
> > > > > > > If I put a valid normal user account in those parameters, then no
> > > > > > > login works.  If this requires a special user account on the domain
> > > > > > > then I don't think it's viable for my situation, where the app will
> > > > > > > reside on another corporation's server.
> > > > > > >
> > > > > > > Thanks for the suggestion, though.
> > > > > > >
> > > > > > > On 12/6/05, Yannick <[hidden email]> wrote:
> > > > > > > > Hi Mike,
> > > > > > > >
> > > > > > > > You probably need to use pre-authentication. So you need to setup a user
> > > > > > > > account on the domain that you can use to do so, then add the following
> > > > > > > > parameters in your web.xml file:
> > > > > > > >
> > > > > > > >     <init-param>
> > > > > > > >         <param-name>jcifs.smb.client.username</param-name>
> > > > > > > >         <param-value>UserAccountName</param-value>
> > > > > > > >     </init-param>
> > > > > > > >
> > > > > > > >     <init-param>
> > > > > > > >         <param-name>jcifs.smb.client.password</param-name>
> > > > > > > >         <param-value>PasswordOfTheUserAccount</param-value>
> > > > > > > >     </init-param>
> > > > > > > >
> > > > > > > > Hope this helps
> > > > > > > > Regards
> > > > > > > > Yannick
> > > > > > > >
> > > > > > > > Mike Bennett wrote:
> > > > > > > >
> > > > > > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > > > > > >NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > > > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > > > > > >The first login goes through correctly and the user can access the
> > > > > > > > >app.  Any login thereafter (from a different machine, from a different
> > > > > > > > >user, from the same user on the same computer but with a different
> > > > > > > > >browser) fails with no error message just as if the user or password
> > > > > > > > >were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
> > > > > > > > >I've been using for quite a while.  I was hoping to upgrade to take
> > > > > > > > >advantage of some of the other fixes.
> > > > > > > > >
> > > > > > > > >Is this a configuration problem or something else?  My web.xml section
> > > > > > > > >is pretty plain :
> > > > > > > > >
> > > > > > > > ><filter>
> > > > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > > >    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > > > > > >    <init-param>
> > > > > > > > >        <param-name>jcifs.smb.client.domain</param-name>
> > > > > > > > >        <param-value>MYDOMAIN</param-value>
> > > > > > > > >       </init-param>
> > > > > > > > >    <init-param>
> > > > > > > > >        <param-name>jcifs.http.domainController</param-name>
> > > > > > > > >        <param-value>mydc</param-value>
> > > > > > > > >    </init-param>
> > > > > > > > ></filter>
> > > > > > > > ><filter-mapping>
> > > > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > > >    <url-pattern>/*</url-pattern>
> > > > > > > > ></filter-mapping>
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Only the first login is successful

Mike Bennett-2
Doing so with the modified version gives the error :
java.net.UnknownHostException: Failed to negotiate with a suitable
domain controller for MYDOMAIN

On 12/12/05, Michael B Allen <[hidden email]> wrote:

> Well I don't know how to get preauth with jcifs.http.domainController to
> work then. Why can't you use the default method (jcifs.smb.client.domain
> and not jcifs.http.domainController)?
>
> On Mon, 12 Dec 2005 14:57:32 -0700
> Mike Bennett <[hidden email]> wrote:
>
> > Using load balancing and a specified username and password
> > (preauthentication?) with unmodified 1.2.7 gives the same "first login
> > only" behaviour.
> >
> > Using the modifed version with a specified username and password
> > causes the error :
> > jcifs.smb.SmbAuthException: Logon failure: account currently disabled.
> >
> > Using the modifed version without a specified username and password
> > gives the same "first login only" behaviour.
> >
> > On 12/12/05, Michael B Allen <[hidden email]> wrote:
> > > On Mon, 12 Dec 2005 13:47:11 -0700
> > > Mike Bennett <[hidden email]> wrote:
> > >
> > > > It doesn't compile.
> > > > In this change :
> > > >       public static byte[] getChallenge( UniAddress dc )
> > > >                   throws SmbException, UnknownHostException {
> > > >  -        return getChallenge(dc, 0);
> > > >  +        return interrogate( dc );
> > >
> > > Then make it:
> > >
> > >   return interrogate( dc ).challenge;
> > >
> > > Mike
> > >
> > > >       }
> > > > it's expecting a byte[], but interrogate returns NtlmChallenge.
> > > >
> > > >
> > > > On 12/12/05, Michael B Allen <[hidden email]> wrote:
> > > > > Load balancing (and thus preauthentication) will only be used if the
> > > > > jcifs.http.domainController is NOT specified.
> > > > >
> > > > > An easier fix is probably to just change the code to perform
> > > > > preauthentiction without load balancing. I *think* all you need to do
> > > > > is apply the following changes to src/jcifs/smb/SmbSession.java:
> > > > >
> > > > > --- SmbSession.java     2005-10-07 19:56:56.000000000 -0400
> > > > > +++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
> > > > > @@ -67,8 +67,7 @@
> > > > >      static long dc_list_expiration;
> > > > >      static int dc_list_counter;
> > > > >
> > > > > -    private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
> > > > > -        UniAddress dc = new UniAddress( addr );
> > > > > +    private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
> > > > >          SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
> > > > >          if (USERNAME == null) {
> > > > >              trans.connect();
> > > > > @@ -108,7 +107,7 @@
> > > > >                  int i = dc_list_counter++ % max;
> > > > >                  if (dc_list[i] != null) {
> > > > >                      try {
> > > > > -                        return interrogate( dc_list[i] );
> > > > > +                        return interrogate( new UniAddress( dc_list[i] ));
> > > > >                      } catch (SmbException se) {
> > > > >                          if (SmbTransport.log.level > 1) {
> > > > >                              SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
> > > > > @@ -129,7 +128,7 @@
> > > > >
> > > > >      public static byte[] getChallenge( UniAddress dc )
> > > > >                  throws SmbException, UnknownHostException {
> > > > > -        return getChallenge(dc, 0);
> > > > > +        return interrogate( dc );
> > > > >      }
> > > > >
> > > > >      public static byte[] getChallenge( UniAddress dc, int port )
> > > > >
> > > > > I don't know why this wasn't done in the first place. Just an oversight
> > > > > I guess. It happends.
> > > > >
> > > > > The patchfile is also attached. On unix systems (at least) you can apply
> > > > > this patch like:
> > > > >
> > > > >   $ cd src/jcifs/smb
> > > > >   $ patch -p0 < /tmp/PreauthWithoutLoadBal.patch
> > > > >
> > > > > This is all TOTALLY untested though. Please let us know if it doesn't
> > > > > compile and/or work.
> > > > >
> > > > > Mike
> > > > >
> > > > >
> > > > > On Mon, 12 Dec 2005 12:15:39 -0700
> > > > > Mike Bennett <[hidden email]> wrote:
> > > > >
> > > > > > Enabling load balancing (which the documenation says is on by default) via :
> > > > > >     <init-param>
> > > > > >         <param-name>jcifs.http.loadBalance</param-name>
> > > > > >         <param-value>true</param-value>
> > > > > >     </init-param>
> > > > > >
> > > > > > Didn't fix the problem.  I only specified the one domain controller,
> > > > > > anyway, so there was nothing to balance against.
> > > > > >
> > > > > > On 12/6/05, Andrew Miller <[hidden email]> wrote:
> > > > > > > I had a similar problem.  I don't have time right now for a more
> > > > > > > thorough response, but you might want to see the thread from Nov 10th
> > > > > > > called "Load balancing required for preauthentication?"
> > > > > > >
> > > > > > > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> > > > > > >
> > > > > > > I don't think anything has changed in the source since that
> > > > > > > discussion.  You might just try turning on load balancing if it's not
> > > > > > > already.
> > > > > > >
> > > > > > > -Andy
> > > > > > >
> > > > > > > On 12/6/05, Mike Bennett <[hidden email]> wrote:
> > > > > > > > If I put a valid normal user account in those parameters, then no
> > > > > > > > login works.  If this requires a special user account on the domain
> > > > > > > > then I don't think it's viable for my situation, where the app will
> > > > > > > > reside on another corporation's server.
> > > > > > > >
> > > > > > > > Thanks for the suggestion, though.
> > > > > > > >
> > > > > > > > On 12/6/05, Yannick <[hidden email]> wrote:
> > > > > > > > > Hi Mike,
> > > > > > > > >
> > > > > > > > > You probably need to use pre-authentication. So you need to setup a user
> > > > > > > > > account on the domain that you can use to do so, then add the following
> > > > > > > > > parameters in your web.xml file:
> > > > > > > > >
> > > > > > > > >     <init-param>
> > > > > > > > >         <param-name>jcifs.smb.client.username</param-name>
> > > > > > > > >         <param-value>UserAccountName</param-value>
> > > > > > > > >     </init-param>
> > > > > > > > >
> > > > > > > > >     <init-param>
> > > > > > > > >         <param-name>jcifs.smb.client.password</param-name>
> > > > > > > > >         <param-value>PasswordOfTheUserAccount</param-value>
> > > > > > > > >     </init-param>
> > > > > > > > >
> > > > > > > > > Hope this helps
> > > > > > > > > Regards
> > > > > > > > > Yannick
> > > > > > > > >
> > > > > > > > > Mike Bennett wrote:
> > > > > > > > >
> > > > > > > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > > > > > > >NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > > > > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > > > > > > >The first login goes through correctly and the user can access the
> > > > > > > > > >app.  Any login thereafter (from a different machine, from a different
> > > > > > > > > >user, from the same user on the same computer but with a different
> > > > > > > > > >browser) fails with no error message just as if the user or password
> > > > > > > > > >were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
> > > > > > > > > >I've been using for quite a while.  I was hoping to upgrade to take
> > > > > > > > > >advantage of some of the other fixes.
> > > > > > > > > >
> > > > > > > > > >Is this a configuration problem or something else?  My web.xml section
> > > > > > > > > >is pretty plain :
> > > > > > > > > >
> > > > > > > > > ><filter>
> > > > > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > > > >    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > > > > > > >    <init-param>
> > > > > > > > > >        <param-name>jcifs.smb.client.domain</param-name>
> > > > > > > > > >        <param-value>MYDOMAIN</param-value>
> > > > > > > > > >       </init-param>
> > > > > > > > > >    <init-param>
> > > > > > > > > >        <param-name>jcifs.http.domainController</param-name>
> > > > > > > > > >        <param-value>mydc</param-value>
> > > > > > > > > >    </init-param>
> > > > > > > > > ></filter>
> > > > > > > > > ><filter-mapping>
> > > > > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > > > >    <url-pattern>/*</url-pattern>
> > > > > > > > > ></filter-mapping>
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Only the first login is successful

Michael B Allen-4
On Tue, 13 Dec 2005 10:58:31 -0700
Mike Bennett <[hidden email]> wrote:

> Doing so with the modified version gives the error :
> java.net.UnknownHostException: Failed to negotiate with a suitable
> domain controller for MYDOMAIN

Then it's not a valid domain name in WINs. Try the IP and change
resolvOrder to use DNS before NBT. Ask your network administrator for
help. Are you sure you know what the different properties do (e.g. do
you know what WINS is?)?

>
> On 12/12/05, Michael B Allen <[hidden email]> wrote:
> > Well I don't know how to get preauth with jcifs.http.domainController to
> > work then. Why can't you use the default method (jcifs.smb.client.domain
> > and not jcifs.http.domainController)?
> >
> > On Mon, 12 Dec 2005 14:57:32 -0700
> > Mike Bennett <[hidden email]> wrote:
> >
> > > Using load balancing and a specified username and password
> > > (preauthentication?) with unmodified 1.2.7 gives the same "first login
> > > only" behaviour.
> > >
> > > Using the modifed version with a specified username and password
> > > causes the error :
> > > jcifs.smb.SmbAuthException: Logon failure: account currently disabled.
> > >
> > > Using the modifed version without a specified username and password
> > > gives the same "first login only" behaviour.
> > >
> > > On 12/12/05, Michael B Allen <[hidden email]> wrote:
> > > > On Mon, 12 Dec 2005 13:47:11 -0700
> > > > Mike Bennett <[hidden email]> wrote:
> > > >
> > > > > It doesn't compile.
> > > > > In this change :
> > > > >       public static byte[] getChallenge( UniAddress dc )
> > > > >                   throws SmbException, UnknownHostException {
> > > > >  -        return getChallenge(dc, 0);
> > > > >  +        return interrogate( dc );
> > > >
> > > > Then make it:
> > > >
> > > >   return interrogate( dc ).challenge;
> > > >
> > > > Mike
> > > >
> > > > >       }
> > > > > it's expecting a byte[], but interrogate returns NtlmChallenge.
> > > > >
> > > > >
> > > > > On 12/12/05, Michael B Allen <[hidden email]> wrote:
> > > > > > Load balancing (and thus preauthentication) will only be used if the
> > > > > > jcifs.http.domainController is NOT specified.
> > > > > >
> > > > > > An easier fix is probably to just change the code to perform
> > > > > > preauthentiction without load balancing. I *think* all you need to do
> > > > > > is apply the following changes to src/jcifs/smb/SmbSession.java:
> > > > > >
> > > > > > --- SmbSession.java     2005-10-07 19:56:56.000000000 -0400
> > > > > > +++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
> > > > > > @@ -67,8 +67,7 @@
> > > > > >      static long dc_list_expiration;
> > > > > >      static int dc_list_counter;
> > > > > >
> > > > > > -    private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
> > > > > > -        UniAddress dc = new UniAddress( addr );
> > > > > > +    private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
> > > > > >          SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
> > > > > >          if (USERNAME == null) {
> > > > > >              trans.connect();
> > > > > > @@ -108,7 +107,7 @@
> > > > > >                  int i = dc_list_counter++ % max;
> > > > > >                  if (dc_list[i] != null) {
> > > > > >                      try {
> > > > > > -                        return interrogate( dc_list[i] );
> > > > > > +                        return interrogate( new UniAddress( dc_list[i] ));
> > > > > >                      } catch (SmbException se) {
> > > > > >                          if (SmbTransport.log.level > 1) {
> > > > > >                              SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
> > > > > > @@ -129,7 +128,7 @@
> > > > > >
> > > > > >      public static byte[] getChallenge( UniAddress dc )
> > > > > >                  throws SmbException, UnknownHostException {
> > > > > > -        return getChallenge(dc, 0);
> > > > > > +        return interrogate( dc );
> > > > > >      }
> > > > > >
> > > > > >      public static byte[] getChallenge( UniAddress dc, int port )
> > > > > >
> > > > > > I don't know why this wasn't done in the first place. Just an oversight
> > > > > > I guess. It happends.
> > > > > >
> > > > > > The patchfile is also attached. On unix systems (at least) you can apply
> > > > > > this patch like:
> > > > > >
> > > > > >   $ cd src/jcifs/smb
> > > > > >   $ patch -p0 < /tmp/PreauthWithoutLoadBal.patch
> > > > > >
> > > > > > This is all TOTALLY untested though. Please let us know if it doesn't
> > > > > > compile and/or work.
> > > > > >
> > > > > > Mike
> > > > > >
> > > > > >
> > > > > > On Mon, 12 Dec 2005 12:15:39 -0700
> > > > > > Mike Bennett <[hidden email]> wrote:
> > > > > >
> > > > > > > Enabling load balancing (which the documenation says is on by default) via :
> > > > > > >     <init-param>
> > > > > > >         <param-name>jcifs.http.loadBalance</param-name>
> > > > > > >         <param-value>true</param-value>
> > > > > > >     </init-param>
> > > > > > >
> > > > > > > Didn't fix the problem.  I only specified the one domain controller,
> > > > > > > anyway, so there was nothing to balance against.
> > > > > > >
> > > > > > > On 12/6/05, Andrew Miller <[hidden email]> wrote:
> > > > > > > > I had a similar problem.  I don't have time right now for a more
> > > > > > > > thorough response, but you might want to see the thread from Nov 10th
> > > > > > > > called "Load balancing required for preauthentication?"
> > > > > > > >
> > > > > > > > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> > > > > > > >
> > > > > > > > I don't think anything has changed in the source since that
> > > > > > > > discussion.  You might just try turning on load balancing if it's not
> > > > > > > > already.
> > > > > > > >
> > > > > > > > -Andy
> > > > > > > >
> > > > > > > > On 12/6/05, Mike Bennett <[hidden email]> wrote:
> > > > > > > > > If I put a valid normal user account in those parameters, then no
> > > > > > > > > login works.  If this requires a special user account on the domain
> > > > > > > > > then I don't think it's viable for my situation, where the app will
> > > > > > > > > reside on another corporation's server.
> > > > > > > > >
> > > > > > > > > Thanks for the suggestion, though.
> > > > > > > > >
> > > > > > > > > On 12/6/05, Yannick <[hidden email]> wrote:
> > > > > > > > > > Hi Mike,
> > > > > > > > > >
> > > > > > > > > > You probably need to use pre-authentication. So you need to setup a user
> > > > > > > > > > account on the domain that you can use to do so, then add the following
> > > > > > > > > > parameters in your web.xml file:
> > > > > > > > > >
> > > > > > > > > >     <init-param>
> > > > > > > > > >         <param-name>jcifs.smb.client.username</param-name>
> > > > > > > > > >         <param-value>UserAccountName</param-value>
> > > > > > > > > >     </init-param>
> > > > > > > > > >
> > > > > > > > > >     <init-param>
> > > > > > > > > >         <param-name>jcifs.smb.client.password</param-name>
> > > > > > > > > >         <param-value>PasswordOfTheUserAccount</param-value>
> > > > > > > > > >     </init-param>
> > > > > > > > > >
> > > > > > > > > > Hope this helps
> > > > > > > > > > Regards
> > > > > > > > > > Yannick
> > > > > > > > > >
> > > > > > > > > > Mike Bennett wrote:
> > > > > > > > > >
> > > > > > > > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > > > > > > > >NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > > > > > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > > > > > > > >The first login goes through correctly and the user can access the
> > > > > > > > > > >app.  Any login thereafter (from a different machine, from a different
> > > > > > > > > > >user, from the same user on the same computer but with a different
> > > > > > > > > > >browser) fails with no error message just as if the user or password
> > > > > > > > > > >were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
> > > > > > > > > > >I've been using for quite a while.  I was hoping to upgrade to take
> > > > > > > > > > >advantage of some of the other fixes.
> > > > > > > > > > >
> > > > > > > > > > >Is this a configuration problem or something else?  My web.xml section
> > > > > > > > > > >is pretty plain :
> > > > > > > > > > >
> > > > > > > > > > ><filter>
> > > > > > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > > > > >    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > > > > > > > >    <init-param>
> > > > > > > > > > >        <param-name>jcifs.smb.client.domain</param-name>
> > > > > > > > > > >        <param-value>MYDOMAIN</param-value>
> > > > > > > > > > >       </init-param>
> > > > > > > > > > >    <init-param>
> > > > > > > > > > >        <param-name>jcifs.http.domainController</param-name>
> > > > > > > > > > >        <param-value>mydc</param-value>
> > > > > > > > > > >    </init-param>
> > > > > > > > > > ></filter>
> > > > > > > > > > ><filter-mapping>
> > > > > > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > > > > >    <url-pattern>/*</url-pattern>
> > > > > > > > > > ></filter-mapping>
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Only the first login is successful

Mike Bennett-2
I don't get that error with 1.2.7.  I just get the same old
single-login problem.  It's the version with your suggested
modifications that gives that error.

On 12/13/05, Michael B Allen <[hidden email]> wrote:

> On Tue, 13 Dec 2005 10:58:31 -0700
> Mike Bennett <[hidden email]> wrote:
>
> > Doing so with the modified version gives the error :
> > java.net.UnknownHostException: Failed to negotiate with a suitable
> > domain controller for MYDOMAIN
>
> Then it's not a valid domain name in WINs. Try the IP and change
> resolvOrder to use DNS before NBT. Ask your network administrator for
> help. Are you sure you know what the different properties do (e.g. do
> you know what WINS is?)?
>
> >
> > On 12/12/05, Michael B Allen <[hidden email]> wrote:
> > > Well I don't know how to get preauth with jcifs.http.domainController to
> > > work then. Why can't you use the default method (jcifs.smb.client.domain
> > > and not jcifs.http.domainController)?
> > >
> > > On Mon, 12 Dec 2005 14:57:32 -0700
> > > Mike Bennett <[hidden email]> wrote:
> > >
> > > > Using load balancing and a specified username and password
> > > > (preauthentication?) with unmodified 1.2.7 gives the same "first login
> > > > only" behaviour.
> > > >
> > > > Using the modifed version with a specified username and password
> > > > causes the error :
> > > > jcifs.smb.SmbAuthException: Logon failure: account currently disabled.
> > > >
> > > > Using the modifed version without a specified username and password
> > > > gives the same "first login only" behaviour.
> > > >
> > > > On 12/12/05, Michael B Allen <[hidden email]> wrote:
> > > > > On Mon, 12 Dec 2005 13:47:11 -0700
> > > > > Mike Bennett <[hidden email]> wrote:
> > > > >
> > > > > > It doesn't compile.
> > > > > > In this change :
> > > > > >       public static byte[] getChallenge( UniAddress dc )
> > > > > >                   throws SmbException, UnknownHostException {
> > > > > >  -        return getChallenge(dc, 0);
> > > > > >  +        return interrogate( dc );
> > > > >
> > > > > Then make it:
> > > > >
> > > > >   return interrogate( dc ).challenge;
> > > > >
> > > > > Mike
> > > > >
> > > > > >       }
> > > > > > it's expecting a byte[], but interrogate returns NtlmChallenge.
> > > > > >
> > > > > >
> > > > > > On 12/12/05, Michael B Allen <[hidden email]> wrote:
> > > > > > > Load balancing (and thus preauthentication) will only be used if the
> > > > > > > jcifs.http.domainController is NOT specified.
> > > > > > >
> > > > > > > An easier fix is probably to just change the code to perform
> > > > > > > preauthentiction without load balancing. I *think* all you need to do
> > > > > > > is apply the following changes to src/jcifs/smb/SmbSession.java:
> > > > > > >
> > > > > > > --- SmbSession.java     2005-10-07 19:56:56.000000000 -0400
> > > > > > > +++ SmbSession.java.NEW 2005-12-12 15:00:49.000000000 -0500
> > > > > > > @@ -67,8 +67,7 @@
> > > > > > >      static long dc_list_expiration;
> > > > > > >      static int dc_list_counter;
> > > > > > >
> > > > > > > -    private static NtlmChallenge interrogate( NbtAddress addr ) throws SmbException {
> > > > > > > -        UniAddress dc = new UniAddress( addr );
> > > > > > > +    private static NtlmChallenge interrogate( UniAddress dc ) throws SmbException {
> > > > > > >          SmbTransport trans = SmbTransport.getSmbTransport( dc, 0 );
> > > > > > >          if (USERNAME == null) {
> > > > > > >              trans.connect();
> > > > > > > @@ -108,7 +107,7 @@
> > > > > > >                  int i = dc_list_counter++ % max;
> > > > > > >                  if (dc_list[i] != null) {
> > > > > > >                      try {
> > > > > > > -                        return interrogate( dc_list[i] );
> > > > > > > +                        return interrogate( new UniAddress( dc_list[i] ));
> > > > > > >                      } catch (SmbException se) {
> > > > > > >                          if (SmbTransport.log.level > 1) {
> > > > > > >                              SmbTransport.log.println( "Failed validate DC: " + dc_list[i] );
> > > > > > > @@ -129,7 +128,7 @@
> > > > > > >
> > > > > > >      public static byte[] getChallenge( UniAddress dc )
> > > > > > >                  throws SmbException, UnknownHostException {
> > > > > > > -        return getChallenge(dc, 0);
> > > > > > > +        return interrogate( dc );
> > > > > > >      }
> > > > > > >
> > > > > > >      public static byte[] getChallenge( UniAddress dc, int port )
> > > > > > >
> > > > > > > I don't know why this wasn't done in the first place. Just an oversight
> > > > > > > I guess. It happends.
> > > > > > >
> > > > > > > The patchfile is also attached. On unix systems (at least) you can apply
> > > > > > > this patch like:
> > > > > > >
> > > > > > >   $ cd src/jcifs/smb
> > > > > > >   $ patch -p0 < /tmp/PreauthWithoutLoadBal.patch
> > > > > > >
> > > > > > > This is all TOTALLY untested though. Please let us know if it doesn't
> > > > > > > compile and/or work.
> > > > > > >
> > > > > > > Mike
> > > > > > >
> > > > > > >
> > > > > > > On Mon, 12 Dec 2005 12:15:39 -0700
> > > > > > > Mike Bennett <[hidden email]> wrote:
> > > > > > >
> > > > > > > > Enabling load balancing (which the documenation says is on by default) via :
> > > > > > > >     <init-param>
> > > > > > > >         <param-name>jcifs.http.loadBalance</param-name>
> > > > > > > >         <param-value>true</param-value>
> > > > > > > >     </init-param>
> > > > > > > >
> > > > > > > > Didn't fix the problem.  I only specified the one domain controller,
> > > > > > > > anyway, so there was nothing to balance against.
> > > > > > > >
> > > > > > > > On 12/6/05, Andrew Miller <[hidden email]> wrote:
> > > > > > > > > I had a similar problem.  I don't have time right now for a more
> > > > > > > > > thorough response, but you might want to see the thread from Nov 10th
> > > > > > > > > called "Load balancing required for preauthentication?"
> > > > > > > > >
> > > > > > > > > http://lists.samba.org/archive/jcifs/2005-November/005683.html
> > > > > > > > >
> > > > > > > > > I don't think anything has changed in the source since that
> > > > > > > > > discussion.  You might just try turning on load balancing if it's not
> > > > > > > > > already.
> > > > > > > > >
> > > > > > > > > -Andy
> > > > > > > > >
> > > > > > > > > On 12/6/05, Mike Bennett <[hidden email]> wrote:
> > > > > > > > > > If I put a valid normal user account in those parameters, then no
> > > > > > > > > > login works.  If this requires a special user account on the domain
> > > > > > > > > > then I don't think it's viable for my situation, where the app will
> > > > > > > > > > reside on another corporation's server.
> > > > > > > > > >
> > > > > > > > > > Thanks for the suggestion, though.
> > > > > > > > > >
> > > > > > > > > > On 12/6/05, Yannick <[hidden email]> wrote:
> > > > > > > > > > > Hi Mike,
> > > > > > > > > > >
> > > > > > > > > > > You probably need to use pre-authentication. So you need to setup a user
> > > > > > > > > > > account on the domain that you can use to do so, then add the following
> > > > > > > > > > > parameters in your web.xml file:
> > > > > > > > > > >
> > > > > > > > > > >     <init-param>
> > > > > > > > > > >         <param-name>jcifs.smb.client.username</param-name>
> > > > > > > > > > >         <param-value>UserAccountName</param-value>
> > > > > > > > > > >     </init-param>
> > > > > > > > > > >
> > > > > > > > > > >     <init-param>
> > > > > > > > > > >         <param-name>jcifs.smb.client.password</param-name>
> > > > > > > > > > >         <param-value>PasswordOfTheUserAccount</param-value>
> > > > > > > > > > >     </init-param>
> > > > > > > > > > >
> > > > > > > > > > > Hope this helps
> > > > > > > > > > > Regards
> > > > > > > > > > > Yannick
> > > > > > > > > > >
> > > > > > > > > > > Mike Bennett wrote:
> > > > > > > > > > >
> > > > > > > > > > > >Using a plain jboss-3.2.7 server, I have a web app configured to use
> > > > > > > > > > > >NTLM login through jcifs.  Using jcifs-1.2.7.jar or jcifs-1.2.6.jar,
> > > > > > > > > > > >multiple users/browsers cannot log on to the server at the same time.
> > > > > > > > > > > >The first login goes through correctly and the user can access the
> > > > > > > > > > > >app.  Any login thereafter (from a different machine, from a different
> > > > > > > > > > > >user, from the same user on the same computer but with a different
> > > > > > > > > > > >browser) fails with no error message just as if the user or password
> > > > > > > > > > > >were invalid.  I have not had this problem with jcifs-1.1.8.jar, which
> > > > > > > > > > > >I've been using for quite a while.  I was hoping to upgrade to take
> > > > > > > > > > > >advantage of some of the other fixes.
> > > > > > > > > > > >
> > > > > > > > > > > >Is this a configuration problem or something else?  My web.xml section
> > > > > > > > > > > >is pretty plain :
> > > > > > > > > > > >
> > > > > > > > > > > ><filter>
> > > > > > > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > > > > > >    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> > > > > > > > > > > >    <init-param>
> > > > > > > > > > > >        <param-name>jcifs.smb.client.domain</param-name>
> > > > > > > > > > > >        <param-value>MYDOMAIN</param-value>
> > > > > > > > > > > >       </init-param>
> > > > > > > > > > > >    <init-param>
> > > > > > > > > > > >        <param-name>jcifs.http.domainController</param-name>
> > > > > > > > > > > >        <param-value>mydc</param-value>
> > > > > > > > > > > >    </init-param>
> > > > > > > > > > > ></filter>
> > > > > > > > > > > ><filter-mapping>
> > > > > > > > > > > >    <filter-name>NTML HTTP Authentication Filter</filter-name>
> > > > > > > > > > > >    <url-pattern>/*</url-pattern>
> > > > > > > > > > > ></filter-mapping>
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>