[jcifs] NTLM Authentication and multiple domains

eglass1 at comcast.net eglass1 at comcast.net
Thu Apr 22 08:14:30 GMT 2004

> Thanks a million Eric. I have a quick follow up question though. Say we do
> have trust relationships between the relevant NT domains, what if we have a
> scenario like:
> -->   jorourke.foo.com
> -->   jorourke.bar.foo.com
> How does the that get resolved by the domain controller? Is this possible?

Is "jorourke" the username or a hostname?  jCIFS uses the NT4-style domain
model based on NetBIOS; so while a machine might be in a DNS-style domain
"foo.com", that would be mapped to some NetBIOS domain (i.e. "FOO").

In the above, if "jorourke" is a machine name, both machines (I believe)
would need to have unique NetBIOS names; I *think* the namespace is global
(Mike or Chris could tell you for sure).  So while you could have machines
in different primary domains/workgroups, the machine names would still need
to be unique globally.

If "jorourke" is a username above, the username needs to be unique within the
domain; this would typically be written as "FOO\jorourke" and "BAR\jorourke".
The full domain + username is used during NTLM authentication, so it would
generally be fully qualified.  There are some edge cases; if you are
authenticating using a machine-local account to another machine, for example,
it will do some "fuzzy" authentication (basically seeing if there is a
user with the same username and password on the target).


More information about the jcifs mailing list