[jcifs] NTLM Auth - Multiple domain definition
Christopher R. Hertel
crh at ubiqx.mn.org
Wed Jan 14 05:11:28 GMT 2004
On Tue, Jan 13, 2004 at 09:16:22PM -0500, Michael B Allen wrote:
>
> > Hello Mike,
> >
> > I tried to use the name of domain and WINS so I was not dependent on 1 DC.
Do all of the NT Domains register themselves with the same WINS server?
They need to be able to find one another.
> > But I need to set about ten different domain names (they are all trusted).
> >
> > So as far as I know it is not possible yet, am I right?
>
> If the domains have trust relationships then just pick one. It will
> authenticate a user in another domain.
I *think* that if the user is a member of domain D you can send a logon
request to a server that is a member of domain Q. The server will
validate the logon against a Domain Controller for domain Q, which will
forward the request to trusted domain D.
Have to admit that I'm not clear on the mechanics of this stuff. Should
be but I'm not.
Anywhich, that's why there's a field in for the authentication domain in
the SMB URI syntax.
> > Probably I will use the alternative with DC because users from different
> > domains can be authenticated. If domain controller is down our monitoring
> > tools will inform us and we can change web.xml and redirect it on another
> > DC.
>
> That's really the only issue at the moment; there's no graceful failover
> for WINS and domain controllers.
If WINS replication is enabled between the WINS servers then you can use a
secondary.
I thought about allowing for a list of NBNSs in the SMB URI, but it's just
too easy to get too ugly too quickly. I would rather see that happen in
the configuration file and not further overburden the URI syntax.
Chris -)-----
--
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the jcifs
mailing list