We are using jcifs NtlmHttpFilter for web application Single Sign On.
Many users complained that sometimes they cannot login.
After tracing the log file and jcifs source code, I found out that
which is created by the first SmbSession,
is also used by other SmbSessions. It seems that a digest
created by a SmbSession should only be used by that SmbSession.
When it is used by other SmbSessions, accessing domain controller will
result "Access is denied" error.
The log file shows that once the first SmbSession timeout, the next
logon will create a new digest and that user can login then.
I am new to jcifs so my understanding of digest could be totally
incorrect. If that is the case, can someone explain what I see in the
and how to fix the problem.
BTW, our domain controller is Windows Server 2003 SP1 with
LM_COMPATIBILITY set to 0.