We have a NTLM Single-Sign-On problem that is client dependant. Some machines are working nicely while some others don't.
Client Machines are Windows XP and 2003 Srvr running InternetExplorer 6.0.29.
Our Server is Windows XP SP2 running Alfresco 2.1 on Tomcat 5.5 and Jdk 1.5.0.
We tested Alfresco 2.1.1 and 2.9.0B, with same results.
We activated NTLM debug. It seems that non-working machines are not sending correctly the password, since domain, username and workstation are correctly sent to Alfresco Server.
Set of tests executed on non-working machines: - Upgrade IE to 7.0, no change. - Set IE to ask for user password instead of single-sign-on, no change. - Tried Firefox (no SSO, but asks for usr/passwd). Firefox is logging on correctly on the same machine. - Debugging, here we found some interesting points: password length was much bigger on non-working machines, maybe it has to do with NTLM client settings? In development environment, which was working correctly, changed registry setting: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel From value 0 to: 1 - Working Ok 2 - Working Ok 3 - Not working 4 - Not working 5 - Not working
So the question is, is the NTLMAuthenticationFilter compatible with NTLMv2?
Anyway, probably in production environment we will not be able to change the lmcompatibilitylevel, so, anybody knows a good solution for this issue? Thanks in advance.
