tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx
Date Thu, 01 Aug 2013 13:26:02 GMT
nslookup DomainName

if you still call no joy there is nothing we can do (without contacting your Domain Admin
and asking if DomainName is live)

Martin 
______________________________________________ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten
wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist
unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet
keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen
wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire
prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe
quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information
seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les
email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune
responsabilité pour le contenu fourni.

 
> From: seema165@hotmail.com
> To: users@tomcat.apache.org
> Subject: RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain
controller for xxx
> Date: Thu, 1 Aug 2013 12:02:34 +0100
> 
> 
> 
> > Date: Thu, 1 Aug 2013 12:06:39 +0200
> > From: aw@ice-sa.com
> > To: users@tomcat.apache.org
> > Subject: Re: java.net.UnknownHostException: Failed to negotiate with a suitable
domain controller for xxx
> > 
> > Seema Patel wrote:
> > > Hi,
> > >  
> > > I am not sure if this is the right List to post this on, please advise if it
isn't and let me know where is best to post.
> > >  
> > > I am getting the following error on one of our applications running on our
intranet:
> > >  
> > > 2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action]
- Servlet.service() for servlet action threw exception
> > > java.net.UnknownHostException: Failed to negotiate with a suitable domain controller
for xxx.LOCAL
> > > at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187)
> > > at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
> > > at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
> > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> > > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> > > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> > > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
> > > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> > > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> > > at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
> > > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> > > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> > > at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837)
> > > at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640)
> > > at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287)
> > > at java.lang.Thread.run(Unknown Source)
> > >  
> > 
> > I believe that you should read this page carefully, in particular the blue text
at the 
> > beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html
> > 
> > Can you have a look at the WEB-INF/web.xml file *of your application*, and check
if there 
> > is a servlet filter configured there, which matches the name above ?
> > 
> > If so, make a backup copy of that web.xml file, and then edit it to remove that
filter 
> > from it, and try again.
> > I am not quite sure, but it looks possible to me that you have a duplicate authentication

> > mechanism in use : one at the container (Tomcat) level, and one at the application
level.
> > And the one used at the application level is obsolete, unsupported, unmaintained
etc..
> > 
> 
> I have found out that JCIFS is no longer supported, but it will take a lot of time, development
and resources to update it to the recommended Jespa.  In my web.xml file I have the following:
> 
> <filter>
>         <filter-name>NtlmHttpFilter</filter-name>
>         <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>            
>         <!--
>             always needed for preauthentication / SMB signatures
>         -->
>         <init-param>
>             <param-name>jcifs.smb.client.domain</param-name>
>             <param-value>xxx</param-value>
>         </init-param>
>         <!-- SMB message signing requires a valid existing login -->
>         <init-param>
>             <param-name>jcifs.smb.client.username</param-name>
>             <param-value>xxx</param-value>
>         </init-param>
>         <init-param>
>             <param-name>jcifs.smb.client.password</param-name>
>             <param-value>xxx</param-value>
>         </init-param>
>         <!-- Set the logging level -->
>         <init-param>
>             <param-name>jcifs.util.loglevel</param-name>
>             <param-value>3</param-value>
>         </init-param>
>         <!--  allow non-IE browsers to use basic auth -->
>         <init-param>
>             <param-name>jcifs.http.insecureBasic</param-name>
>             <param-value>true</param-value>
>         </init-param>
>     </filter>
>     <filter>
>         <filter-name>HRADGroupFilter</filter-name>
>         <filter-class>xxx.ADGroupFilter</filter-class>
>         <init-param>
>             <param-name>AllowedGroups</param-name>
>             <param-value>G-HR,G-MIS</param-value>
>         </init-param>
>     </filter>
>         <filter>
>         <filter-name>SuggestionsGroupFilter</filter-name>
>         <filter-class>xxx.ADGroupFilter</filter-class>
>         <init-param>
>             <param-name>AllowedGroups</param-name>
>             <param-value>xxx, xxx</param-value>
>         </init-param>
>     </filter>
>     
>     <filter-mapping>
>         <filter-name>NtlmHttpFilter</filter-name>
>         <url-pattern>/suggestions/*</url-pattern>
>     </filter-mapping>
>     <filter-mapping>
>         <filter-name>SuggestionsGroupFilter</filter-name>
>         <url-pattern>/suggestions/*</url-pattern>
>     </filter-mapping>
>     <filter-mapping>
>         <filter-name>NtlmHttpFilter</filter-name>
>         <url-pattern>/xxx/*</url-pattern>
>     </filter-mapping>
>     <filter-mapping>
>         <filter-name>HRADGroupFilter</filter-name>
>         <url-pattern>/xxx/xxx.do</url-pattern>
>     </filter-mapping>
> 
> 
> So, are you saying to just remove the following from the above?:
>        <filter-name>NtlmHttpFilter</filter-name>
>        <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> 
> Is there anything else in there that needs to be removed?  Sorry for my lack of understanding,
but this was all developed by previous developers, who are no longer working here and have
left no documentation.
> 
> Thanks
> 
> > 
> > > In my tomcat/conf/server.xml file I have:
> > >  
> > > <Realm className="com.viatel.tomcatrealms.ADJNDIRealm"
> > > debug="01" resourceName="ActiveDirectory"
> > > connectionURL="ldap://xxx:xxx"
> > > alternativeURL="ldap://xxx:xxx"
> > > connectionName="LDAP@xxx.local" connectionPassword="xxx"
> > > referrals="follow" userBase="dc=vtlwavenet,dc=local"
> > > userSearch="(sAMAccountName={0})" userSubtree="true"
> > > roleBase="dc=xxx,dc=local" roleSearch="(member={0})"
> > > roleName="cn" roleSubtree="true" />
> > >  
> > > I have 2 .war files running from this tomcat - 1) intranet portal A, 2) intranet
helpdesk page and also another intranet portal B (both run from slightly different URLs).
> > > When tomcat was restarted the intranet portal A runs, intranet portal B runs
but the intranet helpdesk portal doesn't run.  For this we get the error message shown above.
> > >  
> > > I don't know if it is the java code, some setting in the tomcat catalina base
or if it is a tomcat network issue.
> > >  
> > > We are running Tomcat 5.5.29.
> > > java version "1.5.0_22"
> > > Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03)
> > > Java HotSpot(TM) Client VM (build 1.5.0_22-b03, mixed mode, sharing) 
> > > It is on a Windows Server 2003 R2 SP2 VM box.
> > >  
> > > Any help on this is appreciated.
> > > Thanks in advance
> > >  
> > > Seema
> > >  
> > >  
> > >  
> > >  		 	   		  
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> > 
>  		 	   		  
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message