tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <>
Subject RE: Windows Domain authentication with Vista (and Tomcat)
Date Sat, 07 Feb 2009 16:56:47 GMT
> From: André Warnier []
> Subject: Windows Domain authentication with Vista (and Tomcat)
> This would seem to indicate that there is something going on at the
> Tomcat level about NTLM/AD authentication.

Not that there /is/ something going on, but the submitter would like something /to be/ going
on.  I doubt that the above enhancement request would be accepted as is, since it modifies
the permitted values for <auth-method> and is therefore out of compliance with the servlet
spec.  But we'll see...

> For a Tomcat application, I use an authentication/SSO
> mechanism partly composed of jCIFS (,
> partly self-built.

Are you using the NTLM HTTP filter that is available with jCIFS?  If so, it cannot be used
in conjunction with NTLMv2, which the Vista box may well be insisting on.  Examine the LmCompatibilityLevel
setting in the Vista system registry at HKLM\SYSTEM\CurrentControlSet\Control\Lsa; make sure
it's no higher than 3.

Even if you're not using the NTLM HTTP filter, we've had trouble with Vista connecting to
non-Microsoft SMB servers when the above registry setting is higher than 3; XP works fine
when at 5 (the highest setting), so Vista is doing something weird that we haven't figured
out yet.

 - Chuck

for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message