You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2008/06/10 18:08:31 UTC
DO NOT REPLY [Bug 45178] New: mod_jk not working with Java CIFS NTLM
filter
https://issues.apache.org/bugzilla/show_bug.cgi?id=45178
Summary: mod_jk not working with Java CIFS NTLM filter
Product: Tomcat 5
Version: 5.0.28
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: major
Priority: P2
Component: Native:JK
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: ezhilraj_d@infosys.com
Created an attachment (id=22107)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22107)
httpd file attached.
We are have configured apache web server as load balancer using mod_jk 1.2.26
over two tomcat 5.0.28 nodes. We have Java CIFS NTLM filter in our web
application to negotiate the user credentials for authenticating user. But,
negotiation is not successful, we are receiving 401 / 500 status code.
we tried setting KeepAlive On but doesn't seem to work. Authentication works
well when we use mod_proxy for load balancing.
Please can you assist?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 45178] mod_jk not working with Java CIFS NTLM
filter
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45178
Ezhil <ez...@infosys.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #8 from Ezhil <ez...@infosys.com> 2008-08-26 23:31:53 PST ---
Hi,
I finally got to know why this configuration was not working. For our
application we had a JKOption directive +FlushPackets. It seems like this
directive is flushing packets from apache buffer but not the header. We got
ntlm authentication working once we commented out this entry from httpd.conf
file or when we added JkOptions directive +FlushHeaders.
Now, everything is working fine and ntlm authentication is happening as
expected.
Many thanks for you help in trouble shooting this issue.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 45178] mod_jk not working with Java CIFS NTLM
filter
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45178
--- Comment #3 from Ezhil <ez...@infosys.com> 2008-06-11 22:42:09 PST ---
Created an attachment (id=22114)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22114)
JK log file after setting JKLogLevel to Trace
This log file gives the following information :
1. Start of Apache
2. Initialization of mod_jk and workers
3. Request and response, sent and received for the URL
http://localhost/webtop/component/main
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 45178] mod_jk not working with Java CIFS NTLM
filter
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45178
--- Comment #6 from Ezhil <ez...@infosys.com> 2008-06-11 23:24:21 PST ---
Created an attachment (id=22116)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22116)
mod_proxy till auth poppu comes up
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 45178] mod_jk not working with Java CIFS NTLM
filter
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45178
--- Comment #4 from Ezhil <ez...@infosys.com> 2008-06-11 23:23:08 PST ---
Thanks for your reply.
'Yes' is my answer for your questions.
I have attached the worker.properties file.
My basic LB mod_jk configuration works fine, if I don't include the filter Java
CIFS filter in my application. As I mentioned before, Java CIFS is working with
mod_proxy.
I have attached the worker.log file for one request and response received which
failed with status code 401.
I have attached required part of tomcat logs which give relevant information on
request failure. I see tomcat referring to ..conf\jk2.properties file in log,
but I have never configured JK2.
I have attached packet dump for mod_jk and mod_proxy:
wireshark-with-mod_jk.pcap - packet dump with mod_jk and JCIFS filter
wireshark-with-mod_proxy-requires-auth.pcap - packet dump of mod_proxy till I
get popup for authentication.
wireshark-with-mod_proxy-authenticated.pcap - packet dump of mod_proxy when
negotiation happens.
I m unable to figure out where the issue lies. I hope I have supplied most if
the information you asked for. Please can you further assist?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 45178] mod_jk not working with Java CIFS NTLM
filter
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45178
--- Comment #2 from Ezhil <ez...@infosys.com> 2008-06-11 22:38:32 PST ---
Created an attachment (id=22113)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22113)
worker.properties file
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 45178] mod_jk not working with Java CIFS NTLM
filter
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45178
--- Comment #1 from Rainer Jung <ra...@kippdata.de> 2008-06-10 10:54:19 PST ---
I think I know people, who successfully use mod_jk in combination with jCIFS
NTLM.
Can you please also post your file I:/Apps/Apache/2.2/conf/workers.properties.
If you disable authentication, can you get your content from Tomcat via Apache,
i.e. is your basic setup working and there is only an authentication problem?
Do you have the same problem, if you do not load balance and only use one
Tomcat backend (via mod_jk)?
If all questions are yes:
Increase KeepAliveTimeout. By default it is 5 seconds, so it is possible though
unlikely, that it expires during authentication negotiation.
Check your Tomcat and application log files, especially because you sometimes
get status 500. Do you know, when you get 401 and when 500?
Sniff TCP to port 80 (e.g. using Wireshark) when you are the only user and
reproduce the problem. How many different TCP connections get used if you only
try to get one URL? Only one? If more than one, post the packet dump.
Can you set JkLogLevel to trace and do one fresh test, which fails. Please then
post the (hige) log file and add information, which URL you tried to retrieve.
Please use a test user, because your password might be in the log file (I'm not
sure at the moment).
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 45178] mod_jk not working with Java CIFS NTLM
filter
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45178
--- Comment #5 from Ezhil <ez...@infosys.com> 2008-06-11 23:23:55 PST ---
Created an attachment (id=22115)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22115)
mod_jk packet dump
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 45178] mod_jk not working with Java CIFS NTLM
filter
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45178
--- Comment #7 from Ezhil <ez...@infosys.com> 2008-06-11 23:24:57 PST ---
Created an attachment (id=22117)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22117)
mod_proxy packet dump during negotiation
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org