I have a windows network (samba domain controller which intern uses the flat file system for datastore), I wanted my j2ee web application to authenticate using NegotiateKerberos. so i followed http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos link to setup the test application. But i suppose NTLM Handshake is not happening, So i think there is some problem in my configuration settings. Basically handle method inside "AdvancedWebCallbackHandler.java" is not getting called. When i start Jboss i see following logs which suggest CallbackHandler is configured properly but it is not getting called. DEBUG [ServiceConfigurator] CallbackHandlerClassName set to org.jboss.web.tomcat.security.AdvancedWebCallbackHandler in jboss.security:service=JaasSecurityManager Thanks Ramesh S Can someone please suggest what may be the problem? I am pasting all the configuration settings below. My configuration setup as follows: Windows network domain name is LK Samba domain controller ip 192.168.1.7 /conf/jboss-service.xml <!-- JAAS security manager and realm mapping --> <mbean code="org.jboss.security.plugins.JaasSecurityManagerService" name="jboss.security:service=JaasSecurityManager" <attribute name="CallbackHandlerClassName" org.jboss.web.tomcat.security.AdvancedWebCallbackHandler <attribute name="SecurityManagerClassName" org.jboss.security.plugins.JaasSecurityManager <attribute name="DefaultUnauthenticatedPrincipal" anonymous <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout in seconds. If you want to disable caching of security credentials, set this to 0 to force authentication to occur every time. This has no affect if the AuthenticationCacheJndiName has been changed from the default value. --> <attribute name="DefaultCacheTimeout" 1800 <!-- DefaultCacheResolution: Specifies the default timed cache policy resolution in seconds. This controls the interval at which the cache current timestamp is updated and should be less than the DefaultCacheTimeout in order for the timeout to be meaningful. This has no affect if the AuthenticationCacheJndiName has been changed from the default value. --> <attribute name="DefaultCacheResolution" 60 /mbean> /conf/login-config.xml <!-- SPNEGO test --> <application-policy name = "SPNEGO"> <login-module code="org.jboss.security.auth.NegotiateLoginModule" flag = "required"> <module-option name="loadBalance">false</module-option> <module-option name="domainController">192.168.1.7</module-option> <module-option name="defaultDomain">LK</module-option> </login-module> </application-policy> /WEB-INF/web.xml <login-config> <auth-method>Negotiate</auth-method> <realm-name>SPNEGO</realm-name> </login-config> <security-role> <role-name>LK</role-name> </security-role> WEB-INF/jboss-web.xml <jboss-web> <security-domain>java:/jaas/SPNEGO</security-domain> </jboss-web> WEB-INF/context.xml <Context <Valve className="org.jboss.web.tomcat.security.HttpServletRequestResponseValve" /Context> View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982624#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...