Which version shall I use in Linux

Jul 14, 2012 at 11:45 AM

Which version shall I use in Linux? there are three folders after I download.   What's the version of NTLM? 

Coordinator
Jul 17, 2012 at 8:46 AM

Hello,
There are three versions:
It is possible to use jni via a dll, but only on windows: Some code written in "c" calls the windows API. There are two Windows DLLs, one for x86, the other for x64.This version can only be used with windows,
Another version uses the JNA project. So, I can call the windows API directly in java. But the Windows API is also used.
The third version uses TCP between a Windows service (negoserver) and Tomcat. This service runs on Windows. The Tomcat server can be running on Windows or Unix (Linux or Solaris or AIX..). If the service is not running on the same computer than tomcat, you have only to give the address IP of this server in the file config.xml..
You have a command file to install the service on Windows.
If you have some problems, you can write.
For instance:
<Valve className=”fr.doume.tcp.authenticator.SSPAuthenticator” />
<Realm className=”fr.doume.tcp.realm.WindowsRealm”./>
<Parameter> name=”address” value=”10.130.25.25” </Parameter>
Of course, you change the address!!

Dominique

Feb 11, 2013 at 9:03 PM
Hello,

I launched the NegoServer on a Windows Server 2008. I have installed the web app with tomcat on a windows host and configure the web.xml in order to connect to the Negoserver, i start a windows 7 that log in the domain of the Windows Server and start IE from this machine. I try the SSO but i get the error : Grave: SSPexception in getSids : The mapping from the roles to the Active Directory's groups cannot be buildSids sent by the windows server are inconsistent : size_of_sids < position
on my tomcat and got the following error on the negoserver logs : TranslateServer Verbose: 15240 : Exception : Impossible de traduire certaines ou
toutes les références d'identité. à System.Security.Principal.NTAccount.Tran
slate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean force
Success)
à System.Security.Principal.NTAccount.Translate(Type targetType)
à httpToNegotiateStream.TranslateServer.TranslateCharsToSids(Char[] groups, S
tate s) dans C:\Users\minou\Documents\Visual Studio 2008\Projects\NegoServer\Neg
oServer.cs:ligne 1361

Did i make a mistake?

Thanks,
Feb 11, 2013 at 10:46 PM
Yes i did. I had
<auth-constraint>
  <role-name>*</role-name>
</auth-constraint>
in my web.xml which was not recognize as a group in AD by negoserver.

I use the web.xml config given in example and now it works.

++
Coordinator
Feb 12, 2013 at 12:19 PM
Edited Feb 12, 2013 at 12:20 PM
When the first client is authenticated, there will be a translation of the roles defined in the web.xml into SID (Security Id)
When a client is authenticated with NTLM, the server gets the information about the customer (his name, his account Sid and the SIDS of the groups Ad). With Kerberos, the client sends all the information and the server does nothing to AD. The local server LSASS built a token with the SID and the SIDs for local groups.With NTLM, there will be fewer requests/responses between the server and AD. With Kerberos, there is no query over. All the information is in the Kerberos Ticket.