[jcifs] NtlmPasswordAuthentication & domain

Michael B Allen mba2000 at ioplex.com
Fri Oct 24 18:43:29 EST 2003

> i'm doing user authentication against an Windows 2000 domain controller
> using jcifs v0.7.14. i just noticed that the domain parameter does not
> seem to have any effect in the NtlmPasswordAuthentication constructor.
> authentication doesn't fail even if i use a non-existent domain name for
> this parameter. why doesn't domain affect authentication? is this a bug
> or feature of jcifs/NTLM protocol?

If null is specified with the NtlmPasswordAuthentication constructor the
jcifs.smb.client.domain property will be used as the domain. If this
property is not specified or an empty string is specified (e.g.
';user:pass') then an empty string will be sent to the server. I'm not
sure what will happen in this case. It's possible that the domain
controller could just decide to use some default domain. If you specify an
invalid domain (e.g. 'BOGUS') I beleive the authentication should fail.
Unless perhaps if that user happends to have an account with the LSA (e.g.
Samba passwd file).

Please submit a test program if this is not the behavior you are seeing.


A program should be written to  model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the  potential for it  to be applied  to tasks that are
conceptually similar and, more  important, to tasks that have not
yet been conceived.

More information about the jcifs mailing list