Hide
Receiving error:
NTLMv2 requires extended security (jcifs.smb.client.useExtendedSecurity must be true if jcifs.smb.lmCompatibility >= 3):org.josso.auth.exceptions.AuthenticationFailureException
Would you please revisit the following code assumption in NtlmProtocolHandler:
/* The protocol handler can only work with NTLMv1 as it uses a man-in-the-middle
* techinque that NTLMv2 specifically thwarts. A real NTLM Filter would
* need to do a NETLOGON RPC that JCIFS will likely never implement
* because it requires a lot of extra crypto not used by CIFS.
*/
Config.setProperty( "jcifs.smb.client.useExtendedSecurity", "false" );
From what I glean on CIFS, they use some mapping to an RPC$ share or something like this to implement NTLMv2, but that jcifs.smb.client.useExtendedSecurity must be set to true. I have not successfully built josso, so I can't test whether setting this property to true would have any affect. Could you please make it configurable in the josso-gateway-config.xml file?
I have this listed as Major priority because the only workaround is to not use NTLM authentication. Setting jcifs.smb.lmCompatibility to 2 or lower on the Tomcat JVM results in this error: Logon failure: unknown user name or bad password.:org.josso.auth.exceptions.AuthenticationFailureException
Show
Receiving error:
NTLMv2 requires extended security (jcifs.smb.client.useExtendedSecurity must be true if jcifs.smb.lmCompatibility >= 3):org.josso.auth.exceptions.AuthenticationFailureException
Would you please revisit the following code assumption in NtlmProtocolHandler:
/* The protocol handler can only work with NTLMv1 as it uses a man-in-the-middle
* techinque that NTLMv2 specifically thwarts. A real NTLM Filter would
* need to do a NETLOGON RPC that JCIFS will likely never implement
* because it requires a lot of extra crypto not used by CIFS.
*/
Config.setProperty( "jcifs.smb.client.useExtendedSecurity", "false" );
From what I glean on CIFS, they use some mapping to an RPC$ share or something like this to implement NTLMv2, but that jcifs.smb.client.useExtendedSecurity must be set to true. I have not successfully built josso, so I can't test whether setting this property to true would have any affect. Could you please make it configurable in the josso-gateway-config.xml file?
I have this listed as Major priority because the only workaround is to not use NTLM authentication. Setting jcifs.smb.lmCompatibility to 2 or lower on the Tomcat JVM results in this error: Logon failure: unknown user name or bad password.:org.josso.auth.exceptions.AuthenticationFailureException
Bug
Closed
Major
I test in environment in jboss 5.1.0.GA