Re: [jcifs] Problem authenticating at our customer's site

Subject:	Re: [jcifs] Problem authenticating at our customer's site
From:	"Michael B Allen"
Date:	Wed, 17 Sep 2008 23:12:02 -0400

On Wed, Sep 17, 2008 at 11:29 AM, Richard Heath <richard.heath@xxxxxxxx> wrote:
> Hi,
>
> We've been having problems getting JCIF to work on our customer's network so
> I created a test application running under tomcat and have tried it on their
> webserver.
>
> The settings are:
> jcifs.smb.client.password=<private>
> jcifs.smb.client.username=<private>
> jcifs.netbios.cachePolicy=1200
> jcifs.smb.client.soTimeout=300000
> jcifs.util.loglevel=4
> jcifs.http.domainController=172.31.101.6
> jcifs.smb.client.domain=BZ
>
> Unfortunately the process stops before the actual authentication is
> processed:
>
> SmbComNegotiate[command=SMB_COM_NEGOTIATE,received=false,errorCode=0,flags=0x0018,flags2=0xC003
> ,signSeq=0,tid=0,pid=59807,uid=0,mid=1,wordCount=0,byteCount=12,wordCount=0,dialects=NT
> LM 0.12
> ]
> New data read: Transport1[0.0.0.0<00>/172.31.101.6:0]
> 00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00 | SMBr......└....|
> 00010: 00 00 00 00 00 00 00 00 00 00 9F E9 00 00 01 00 |...........Θ....|
>
> SmbComNegotiateResponse[command=SMB_COM_NEGOTIATE,received=false,errorCode=0,flags=0x0098,flags
> 2=0xC003,signSeq=0,tid=0,pid=59807,uid=0,mid=1,wordCount=17,byteCount=28,wordCount=17,dialectIn
> dex=0,securityMode=0xF,security=user,encryptedPasswords=true,maxMpxCount=50,maxNumberVcs=1,maxB
> ufferSize=16644,maxRawSize=65536,sessionKey=0x00000000,capabilities=0x0001F3FD,serverTime=Wed
> S
> ep 17 16:34:59 CEST
> 2008,serverTimeZone=65416,encryptionKeyLength=8,byteCount=28,encryptionKey=
> 0x0517FB14BDB5678D,oemDomainName=BZ]
> NodeStatusRequest[nameTrnId=1,isResponse=false,opCode=QUERY,isAuthAnswer=false,isTruncated=fals
> e,isRecurAvailable=false,isRecurDesired=false,isBroadcast=false,resultCode=0,questionCount=1,an
> swerCount=0,authorityCount=0,additionalCount=0,questionName=*
> <00>,questionType=0x
> 0021,questionClass=IN,recordName=null,recordType=0x0000,recordClass=0x0000,ttl=0,rDataLength=0]
>
> 00000: 00 01 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 |............ CKA|
> 00010: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |AAAAAAAAAAAAAAAA|
> 00020: 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 |AAAAAAAAAAAAA..!|
> 00030: 00 01 |.. |
>
> NetBIOS: new data read from socket
> NodeStatusResponse[nameTrnId=1,isResponse=true,opCode=QUERY,isAuthAnswer=true,isTruncated=false
> ,isRecurAvailable=false,isRecurDesired=false,isBroadcast=false,resultCode=0,questionCount=0,ans
> werCount=1,authorityCount=0,additionalCount=0,questionName=null,questionType=0x0000,questionCla
> ss=IN,recordName=*
> <00>,recordType=0x0021,recordClass=IN,ttl=0,rDataLength=173]
> 00000: 00 01 84 00 00 00 00 01 00 00 00 00 20 43 4B 41 |............ CKA|
> 00010: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |AAAAAAAAAAAAAAAA|
> 00020: 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 |AAAAAAAAAAAAA..!|
> 00030: 00 01 00 00 00 00 00 AD 07 42 5A 44 43 30 36 20 |.......¡.BZDC06 |
> 00040: 20 20 20 20 20 20 20 20 00 44 00 42 5A 20 20 20 | .D.BZ |
> 00050: 20 20 20 20 20 20 20 20 20 20 00 C4 00 42 5A 20 | .─.BZ |
> 00060: 20 20 20 20 20 20 20 20 20 20 20 20 1C C4 00 42 | .─.B|
> 00070: 5A 44 43 30 36 20 20 20 20 20 20 20 20 20 20 44 |ZDC06 D|
> 00080: 00 42 5A 20 20 20 20 20 20 20 20 20 20 20 20 20 |.BZ |
> 00090: 1E C4 00 42 5A 20 20 20 20 20 20 20 20 20 20 20 |.─.BZ |
> 000A0: 20 20 1D 44 00 01 02 5F 5F 4D 53 42 52 4F 57 53 | .D...__MSBROWS|
> 000B0: 45 5F 5F 02 01 C4 00 00 50 56 A8 06 49 00 00 00 |E__..─..PV¿.I...|
> 000C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> 000D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> 000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> 000F0: 00 00 00 00 00 00 00 |....... |
>
>
>
> Any ideas? It worked fine on our network and continued well after the stage
> it stopped on our customer's system

This looks like a name service issue. You'll need to figure out if
WINS is used or only DNS and adjust resolveOrder accordingly and make
sure the servers DNS can resolve the names supplied in the SMB URL.

But I'm not really sure what you're trying to do. Are you using the
NTLM HTTP Filter or are you just trying to access a file on a server
from a servlet?

Mike

-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/

<Prev in Thread]	Current Thread	[Next in Thread>
[jcifs] Problem authenticating at our customer's site, Richard Heath Re: [jcifs] Problem authenticating at our customer's site, Michael B Allen <= Re: [jcifs] Problem authenticating at our customer's site, Richard Heath

Previous by Date:	Re: [jcifs] Strange Behavior with Time on Win98, Michael B Allen
Next by Date:	Re: [jcifs] Problem authenticating at our customer's site, Richard Heath
Previous by Thread:	[jcifs] Problem authenticating at our customer's site, Richard Heath
Next by Thread:	Re: [jcifs] Problem authenticating at our customer's site, Richard Heath
Indexes:	[Date] [Thread] [Top] [All Lists]