TeamCity and NTLM

Hello!

I'm very much curious about version of NTLM the TeamCity 4.0.1 uses for NTLM-based authentication. The Domain controller of the company' network runs on Windows 2008 server. TeamCity Enterprise server was configured to use NTLM as authentication method. This morning I was not able to logon to the TeamCity server with log message of:

TeamCity is running in enterprise mode
[2009-05-18 10:04:30,371]   WARN -   jetbrains.buildServer.SERVER - Login for user #wcg-arx failed, error: jcifs.smb.SmbException:
jcifs.util.transport.TransportException: Connection timeout
    at jcifs.util.transport.Transport.connect(Transport.java:178)
    at jcifs.smb.SmbTransport.connect(SmbTransport.java:287)
    at jcifs.smb.SmbTree.treeConnect(SmbTree.java:139)
    at jcifs.smb.SmbSession.logon(SmbSession.java:169)
    at jcifs.smb.SmbSession.logon(SmbSession.java:162)
    at jetbrains.buildServer.serverSide.impl.auth.JCIFSBasedAuthenticator.authenticate(JCIFSBasedAuthenticator.java:35)
    at jetbrains.buildServer.serverSide.impl.auth.NTDomainLoginModule.login(NTDomainLoginModule.java:69)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
    at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
    at jetbrains.buildServer.serverSide.impl.auth.ServerLoginModelImpl.tryToLogin(ServerLoginModelImpl.java:57)
    at jetbrains.buildServer.serverSide.impl.auth.ServerLoginModelImpl.checkPassword(ServerLoginModelImpl.java:42)
    at jetbrains.buildServer.serverSide.impl.auth.ServerLoginModelImpl.login(ServerLoginModelImpl.java:32)
    at jetbrains.buildServer.controllers.login.WebLoginModelImpl.doLogin(WebLoginModelImpl.java:81)
    at jetbrains.buildServer.controllers.login.WebLoginModelImpl.loginFromRequest(WebLoginModelImpl.java:89)
    at jetbrains.buildServer.controllers.login.LoginSubmitController.doPost(LoginSubmitController.java:8)
    at jetbrains.buildServer.controllers.BaseFormXmlController$1.handleRequest(BaseFormXmlController.java:35)
    at jetbrains.buildServer.controllers.AjaxRequestProcessor.processRequest(AjaxRequestProcessor.java:29)
    at jetbrains.buildServer.controllers.BaseFormXmlController.doHandle(BaseFormXmlController.java:33)
    at jetbrains.buildServer.controllers.BaseController.handleRequestInternal(BaseController.java:60)
    at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
    at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:523)
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:463)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at jetbrains.spring.web.TeamCityDispatcherServlet.service(TeamCityDispatcherServlet.java:12)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at jetbrains.buildServer.web.ResponseFragmentFilter.doFilter(ResponseFragmentFilter.java:8)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Thread.java:619)

java.net.ConnectException: Connection timed out: connect
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
    at java.net.Socket.connect(Socket.java:519)
    at java.net.Socket.connect(Socket.java:469)
    at java.net.Socket.<init>(Socket.java:366)
    at java.net.Socket.<init>(Socket.java:180)
    at jcifs.smb.SmbTransport.ssn139(SmbTransport.java:178)
    at jcifs.smb.SmbTransport.negotiate(SmbTransport.java:237)
    at jcifs.smb.SmbTransport.doConnect(SmbTransport.java:302)
    at jcifs.util.transport.Transport.run(Transport.java:240)
    at java.lang.Thread.run(Thread.java:619)



Connectivity to the server was restored when DC configuration was rolled back. The infrastructure people suggested that the problem may be related to the NTLM version used by TeamCity - our domain controller is intended to support only NTLM version 2.

Thanks in advance for additional information

Nick Sorokin

4 comments
Comment actions Permalink

I would suggest to try TeamCity 4.5.1. In 4.5.1 we have updated JCIFS library used for NTLM authentiocation.

0
Comment actions Permalink

Well, the question was about version of NTLM supported adn even with new version of the libraries the problem may still exist.

Regards,
Nick

0
Comment actions Permalink

Starting from version 1.3.0 NTLM2 is supported by JCIFS library: http://jcifs.samba.org/FAQ.html#ntlmv2 and in 4.5.1 we are using JCIFS 1.3.7.

0
Comment actions Permalink

Thanks

I'll start planning for migration to new TeamCity. I'll inform about results of testing later this week

Regards,
Nick

0

Please sign in to leave a comment.