[jcifs] NtlmPasswordAuthentication & domain

eglass1 at comcast.net eglass1 at comcast.net
Fri Oct 24 19:57:03 EST 2003

> If null is specified with the NtlmPasswordAuthentication constructor the
> jcifs.smb.client.domain property will be used as the domain. If this
> property is not specified or an empty string is specified (e.g.
> ';user:pass') then an empty string will be sent to the server. I'm not
> sure what will happen in this case. It's possible that the domain
> controller could just decide to use some default domain. If you specify an
> invalid domain (e.g. 'BOGUS') I beleive the authentication should fail.

With an empty domain string, it will attempt to use a local account, then an
account in the machine's primary domain; if the password is valid for either
it will succeed.  Of course, if you're going directly against an actual domain
controller, the local SAM is the primary domain.  I'm not sure if it will
propagate to trusted domains (i.e., if the domain controller will forward the
call to a trusted domain controller if the authentication fails locally). I
don't *think* it will.

If you specify a bogus domain, it will attempt to use a local account
(succeeding if a user exists with those credentials) but won't check against
the machine's primary domain.  If, however, you specify a *valid* domain, but
provide credentials for an existing *local* user, it won't try the local
account at all (it will just fail).


More information about the jcifs mailing list