Foren
Ntlm Liferay 7 Netlogon Failed 0xC000006D
cds asi, geändert vor 7 Jahren.
Ntlm Liferay 7 Netlogon Failed 0xC000006D
New Member Beitrag: 1 Beitrittsdatum: 25.11.14 Neueste Beiträge
Hi,
I try to configure Liferay 7 (last release master build) to use Ntlm.
Active directory is on Windows 2008 R2.
Exchange between webbrowser and Liferay seems to work but when Liferay ties to NetLogon requested user, it fails with 0xC000006D error code.
I scan what is done by adding log in liferay sso ntl module and the use of wireshark.
I can see the 3 usual NTLM phases :
1: Client --> Server GET <server>/c/portal/login
2: Client <-- Server Liferay answer following response to request NTLM authentication :
401 Unauthorized
WWW-Authenticate: NTLM
3: Client --> Server IE send a type 1 message (NTLM) with (it seems...) correct content
GET ...
Authorization: NTLM <base64-encoded type-1-message>
Type1Message = [suppliedDomain=null,suppliedWorkstation=null,flags=0xA2088207]/Type2Message[target=<DOMAIN>.LOCAL,challenge=<8 bytes>,context=null,targetInformation=<38 bytes>,flags=0xA2088207]
4: Client <-- Server Liferay answer a type 2 Ntlm Message (NTLMSSP CHALLENGE) with a associated challenge
401 Unauthorized
WWW-Authenticate: NTLM <base64-encoded type-2-message>
Type2Message = [target=<DOMAIN>.LOCAL,challenge=<8 bytes>,context=null,targetInformation=<58 bytes>,flags=0xA2888207]
5: Client --> Server IE answer with a type 3 Ntlm Message (NTLMSSP AUTH)
GET ...
Authorization: NTLM <base64-encoded type-3-message>
Type3Message = [domain=<DOMAIN>,user=<userlogin>,workstation=<SRV-NAME>,lmResponse=<24 bytes>,ntResponse=<240 bytes>,sessionKey=<0 bytes>,flags=0xA2888205]
Then I saw in added log in NetLogon class :
connexion du compte d’ordinateur <SRV-NAME>
then Liferay tries to do a "netlogon" with the requested <userlogin> and it fails with code : 0xC000006D
If I add Liferay NetLogon code :
I googled this error code
I check synchronisation time between server, right case between domain name
But i found nothing to solve my problem. Any help would be very appreciated!
I try to configure Liferay 7 (last release master build) to use Ntlm.
Active directory is on Windows 2008 R2.
Exchange between webbrowser and Liferay seems to work but when Liferay ties to NetLogon requested user, it fails with 0xC000006D error code.
I scan what is done by adding log in liferay sso ntl module and the use of wireshark.
I can see the 3 usual NTLM phases :
1: Client --> Server GET <server>/c/portal/login
2: Client <-- Server Liferay answer following response to request NTLM authentication :
401 Unauthorized
WWW-Authenticate: NTLM
3: Client --> Server IE send a type 1 message (NTLM) with (it seems...) correct content
GET ...
Authorization: NTLM <base64-encoded type-1-message>
Type1Message = [suppliedDomain=null,suppliedWorkstation=null,flags=0xA2088207]/Type2Message[target=<DOMAIN>.LOCAL,challenge=<8 bytes>,context=null,targetInformation=<38 bytes>,flags=0xA2088207]
4: Client <-- Server Liferay answer a type 2 Ntlm Message (NTLMSSP CHALLENGE) with a associated challenge
401 Unauthorized
WWW-Authenticate: NTLM <base64-encoded type-2-message>
Type2Message = [target=<DOMAIN>.LOCAL,challenge=<8 bytes>,context=null,targetInformation=<58 bytes>,flags=0xA2888207]
5: Client --> Server IE answer with a type 3 Ntlm Message (NTLMSSP AUTH)
GET ...
Authorization: NTLM <base64-encoded type-3-message>
Type3Message = [domain=<DOMAIN>,user=<userlogin>,workstation=<SRV-NAME>,lmResponse=<24 bytes>,ntResponse=<240 bytes>,sessionKey=<0 bytes>,flags=0xA2888205]
Then I saw in added log in NetLogon class :
connexion du compte d’ordinateur <SRV-NAME>
then Liferay tries to do a "netlogon" with the requested <userlogin> and it fails with code : 0xC000006D
If I add Liferay NetLogon code :
//first step connect with computer user configured in instance settings=> ok
netlogonConnection = _netlogonConnectionManager.connect(
_domainController, _domainControllerName, _ntlmServiceAccount);
NetlogonAuthenticator netlogonAuthenticator =
netlogonConnection.computeNetlogonAuthenticator();
NetlogonIdentityInfo netlogonIdentityInfo =
new NetlogonIdentityInfo(
domain, 0x00000820, 0, 0, userName, workstation);
NetlogonNetworkInfo netlogonNetworkInfo = new NetlogonNetworkInfo(
netlogonIdentityInfo, serverChallenge, ntResponse, lmResponse);
NetrLogonSamLogon netrLogonSamLogon = new NetrLogonSamLogon(
_domainControllerName, _ntlmServiceAccount.getComputerName(),
netlogonAuthenticator, new NetlogonAuthenticator(), 2,
netlogonNetworkInfo, 2, new NetlogonValidationSamInfo(), 0);
// then try authentication of requested user :
DcerpcHandle dcerpcHandle = netlogonConnection.getDcerpcHandle();
// return code is 0xC000006D
I googled this error code
I check synchronisation time between server, right case between domain name
But i found nothing to solve my problem. Any help would be very appreciated!