Menu
We are using JCIFS(1.3.15) to authenticate from a Windows 7 client which sends only NTLM v2 responses.
We are getting the following error when we use a Windows 2008 R2 domain controller
jcifs.smb.SmbException: The parameter is incorrect. at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:545) at jcifs.smb.SmbTransport.send(SmbTransport.java:645) at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:322) at jcifs.smb.SmbSession.send(SmbSession.java:224) at jcifs.smb.SmbTree.treeConnect(SmbTree.java:176) at jcifs.smb.SmbSession.logon(SmbSession.java:153) at jcifs.smb.SmbSession.logon(SmbSession.java:146) The authentication mechanism works fine in the following cases
1) Client supports both NTLM v1 and v2 (lmCompatibility of client is 1) and domain controller is Windows 2003
2) Client sends only NTLM v2 (lmCompatibility of client is 3) and domain controller is Windows 2003
3) Client supports both NTLM v1 and v2 (lmCompatibility of client is 1) and domain controller is Windows 2008
but we gets the above mentioned error when Client sends only NTLM v2 (lmCompatibility of client is 3) and domain controller is Windows 2008
Can some body help us here
Thanks in advance
Sajo C Mathew
825
It is most commonly implemented in Microsoft Windows environments (see Domain controller (Windows)), where it is the centerpiece of the Windows Active Directory service. However, non-Windows domain controllers can be established via identity management software such as Samba and Red Hat FreeIPA.
A read-only domain controller (RODC) is a server that hosts an Active Directory database's read-only partitions and responds to security authentication requests.
In Server Manager, under Add Roles and Features, install Active Directory Domain Services on the new Windows Server. This action automatically runs adprep on the earlier version forest and domain. In Server Manager, select the yellow triangle. From the drop-down, select Promote the server to a domain controller.
There are two major types of a Domain Controller—read-only and read-write. Read-only: The read-only Domain Controller (DC) comprises a copy of the AD DS database, which is read-only. Read-write: A read-write Domain Controller comes with the ability to read and write to the AD DS database.
JCifs is abandoned. If you need NTLM2, you may migrate to commercial solution for $250 (or $500 unlimited): http://www.ioplex.com/jespa.html, or free, an NTLM part taken out from Liferay: http://sourceforge.net/projects/ntlmv2auth/.
NTLM is being abandoned (mainly because of security vulnerabilities). Maybe you could migrate to Kerberos?
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
