Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4CC6E10900 for ; Thu, 1 Aug 2013 11:03:09 +0000 (UTC) Received: (qmail 81236 invoked by uid 500); 1 Aug 2013 11:03:05 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 80985 invoked by uid 500); 1 Aug 2013 11:03:03 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 80972 invoked by uid 99); 1 Aug 2013 11:03:02 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Aug 2013 11:03:02 +0000 X-ASF-Spam-Status: No, hits=2.4 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of seema165@hotmail.com designates 157.55.1.168 as permitted sender) Received: from [157.55.1.168] (HELO dub0-omc2-s29.dub0.hotmail.com) (157.55.1.168) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Aug 2013 11:02:55 +0000 Received: from DUB119-W15 ([157.55.1.136]) by dub0-omc2-s29.dub0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 1 Aug 2013 04:02:35 -0700 X-TMN: [vNKBm1+xpp3biUFucI2yr/Hr2Af9xCNy] X-Originating-Email: [seema165@hotmail.com] Message-ID: Content-Type: multipart/alternative; boundary="_05698a1d-08ab-4249-bf77-312be7d52102_" From: Seema Patel To: Tomcat Users List Subject: RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx Date: Thu, 1 Aug 2013 12:02:34 +0100 Importance: Normal In-Reply-To: <51FA332F.2000702@ice-sa.com> References: ,<51FA332F.2000702@ice-sa.com> MIME-Version: 1.0 X-OriginalArrivalTime: 01 Aug 2013 11:02:35.0065 (UTC) FILETIME=[A09C8290:01CE8EA6] X-Virus-Checked: Checked by ClamAV on apache.org --_05698a1d-08ab-4249-bf77-312be7d52102_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable > Date: Thu=2C 1 Aug 2013 12:06:39 +0200 > From: aw@ice-sa.com > To: users@tomcat.apache.org > Subject: Re: java.net.UnknownHostException: Failed to negotiate with a su= itable domain controller for xxx >=20 > Seema Patel wrote: > > Hi=2C > > =20 > > I am not sure if this is the right List to post this on=2C please advis= e if it isn't and let me know where is best to post. > > =20 > > I am getting the following error on one of our applications running on = our intranet: > > =20 > > 2013-07-31 17:15:11=2C180 [http-xxx.xxx.x.xxx-xx-x] ERROR org.apache.ca= talina.core.ContainerBase.[Catalina].[localhost].[/forms].[action] - Servle= t.service() for servlet action threw exception > > java.net.UnknownHostException: Failed to negotiate with a suitable doma= in controller for xxx.LOCAL > > at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187) > > at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150) > > at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(App= licationFilterChain.java:215) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(Application= FilterChain.java:188) > > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapper= Valve.java:213) > > at org.apache.catalina.core.StandardContextValve.invoke(StandardContext= Valve.java:172) > > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentic= atorBase.java:465) > > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.= java:127) > > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.= java:117) > > at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.j= ava:393) > > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVa= lve.java:108) > > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.ja= va:174) > > at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcess= or.java:837) > > at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.p= rocess(Http11AprProtocol.java:640) > > at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1= 287) > > at java.lang.Thread.run(Unknown Source) > > =20 >=20 > I believe that you should read this page carefully=2C in particular the b= lue text at the=20 > beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html >=20 > Can you have a look at the WEB-INF/web.xml file *of your application*=2C = and check if there=20 > is a servlet filter configured there=2C which matches the name above ? >=20 > If so=2C make a backup copy of that web.xml file=2C and then edit it to r= emove that filter=20 > from it=2C and try again. > I am not quite sure=2C but it looks possible to me that you have a duplic= ate authentication=20 > mechanism in use : one at the container (Tomcat) level=2C and one at the = application level. > And the one used at the application level is obsolete=2C unsupported=2C u= nmaintained etc.. >=20 I have found out that JCIFS is no longer supported=2C but it will take a lo= t of time=2C development and resources to update it to the recommended Jesp= a. In my web.xml file I have the following: NtlmHttpFilter jcifs.http.NtlmHttpFilter =20 jcifs.smb.client.domain xxx jcifs.smb.client.username xxx jcifs.smb.client.password xxx jcifs.util.loglevel 3 jcifs.http.insecureBasic true HRADGroupFilter xxx.ADGroupFilter AllowedGroups G-HR=2CG-MIS SuggestionsGroupFilter xxx.ADGroupFilter AllowedGroups xxx=2C xxx =20 NtlmHttpFilter /suggestions/* SuggestionsGroupFilter /suggestions/* NtlmHttpFilter /xxx/* HRADGroupFilter /xxx/xxx.do So=2C are you saying to just remove the following from the above?: NtlmHttpFilter jcifs.http.NtlmHttpFilter Is there anything else in there that needs to be removed? Sorry for my lac= k of understanding=2C but this was all developed by previous developers=2C = who are no longer working here and have left no documentation. Thanks >=20 > > In my tomcat/conf/server.xml file I have: > > =20 > > > debug=3D"01" resourceName=3D"ActiveDirectory" > > connectionURL=3D"ldap://xxx:xxx" > > alternativeURL=3D"ldap://xxx:xxx" > > connectionName=3D"LDAP@xxx.local" connectionPassword=3D"xxx" > > referrals=3D"follow" userBase=3D"dc=3Dvtlwavenet=2Cdc=3Dlocal" > > userSearch=3D"(sAMAccountName=3D{0})" userSubtree=3D"true" > > roleBase=3D"dc=3Dxxx=2Cdc=3Dlocal" roleSearch=3D"(member=3D{0})" > > roleName=3D"cn" roleSubtree=3D"true" /> > > =20 > > I have 2 .war files running from this tomcat - 1) intranet portal A=2C = 2) intranet helpdesk page and also another intranet portal B (both run from= slightly different URLs). > > When tomcat was restarted the intranet portal A runs=2C intranet portal= B runs but the intranet helpdesk portal doesn't run. For this we get the = error message shown above. > > =20 > > I don't know if it is the java code=2C some setting in the tomcat catal= ina base or if it is a tomcat network issue. > > =20 > > We are running Tomcat 5.5.29. > > java version "1.5.0_22" > > Java(TM) 2 Runtime Environment=2C Standard Edition (build 1.5.0_22-b03) > > Java HotSpot(TM) Client VM (build 1.5.0_22-b03=2C mixed mode=2C sharing= )=20 > > It is on a Windows Server 2003 R2 SP2 VM box. > > =20 > > Any help on this is appreciated. > > Thanks in advance > > =20 > > Seema > > =20 > > =20 > > =20 > > =20 >=20 >=20 > --------------------------------------------------------------------- > To unsubscribe=2C e-mail: users-unsubscribe@tomcat.apache.org > For additional commands=2C e-mail: users-help@tomcat.apache.org >=20 = --_05698a1d-08ab-4249-bf77-312be7d52102_--