[jcifs] Question about NT Domains

Tony Thompson tony.thompson at stone-ware.com
Sat Jun 8 06:12:30 EST 2002

I decided to try and tackle this but, I am having a couple of issues.  According to the cifsrap2.doc, an RC4 encryption must be performed on the old password before it is sent.  I didn't see anything hanging around in jCIFS that would do this.  Any suggestions?

A one way transformation must also be performed on the old password.  The document describes the gyrations required to do this but, one of the elements of the transformation is "an 8 byte string whose value is available from Microsoft upon request".  Any idea what this string might be or how to get it?

Is there something already in jCIFS that would do all of the above for me (i.e. is this same type of thing used anywhere else)?  I know it is a long shot but, I had to ask.


>>> "Allen, Michael B (RSCH)" <Michael_B_Allen at ml.com> 06/04/02 11:27PM >>>
Not really. There's a RAP function for this but jCIFS doesn't have it built in and it probably wouldn't work
on post-NT Windoze boxes anyway. We'd need DCE/RPC.

Adding the RAP call wouldn't be too hard though. Just copy the NetServerEnum2/NetServerEnum2Response
pair to something like SamOemChangePassword/SamOemChangePasswordResponse.java and change the
parameters to match those discussed on page 32 of this document:


Then add a static SmbFile.changePassword( String domain, String username, String oldPassword,
String newPassword ) throws SmbException (or something). The meat of it would look a lot like any other
SmbFile method. You would probably need a packet capture of the call so you could compare wire
formats and verify it all worked ok.

Otherwise, wait for DCE/RPC (don't hold your breath) or use Runtime.exec to call smbpasswd from
Samba suite of rundll on some dll I don't know anything about.


> -----Original Message-----
> From:	Tony Thompson [SMTP:tony.thompson at stone-ware.com] 
> Sent:	Tuesday, June 04, 2002 11:04 PM
> To:	<
> Subject:	[jcifs] Question about NT Domains
> I know this question is not really meant for this mailing list but, I thought someone out here might
> be able to point me in the right direction.  I am looking for a way to change a user's password on
> an NT domain from a Java application.  Can anyone provide some insight?
> Thanks for tolerating my email.  I will try not to let it happen again.
> Tony

More information about the jcifs mailing list