[jcifs] NTLM Authentication and multiple domains
Michael B Allen
mba2000 at ioplex.com
Thu Apr 22 18:46:17 GMT 2004
eglass1 at comcast.net said:
>
>> Thanks a million Eric. I have a quick follow up question though. Say we
>> do
>> have trust relationships between the relevant NT domains, what if we
>> have a
>> scenario like:
>>
>> --> jorourke.foo.com
>> --> jorourke.bar.foo.com
>>
>> How does the that get resolved by the domain controller? Is this
>> possible?
>>
>
> Is "jorourke" the username or a hostname? jCIFS uses the NT4-style domain
> model based on NetBIOS; so while a machine might be in a DNS-style domain
> "foo.com", that would be mapped to some NetBIOS domain (i.e. "FOO").
I believe the jcifs.smb.client.domainController can be a DNS name. I would
have to look at the code but a DNS name in the SMB URL is valid and is not
mapped to NetBIOS in any why. The first label is used to guess the
"calling name" during session establishment but that's not too important
with NT 4 or above which acceptes the special calling name "SMBSERVER*".
> In the above, if "jorourke" is a machine name, both machines (I believe)
> would need to have unique NetBIOS names; I *think* the namespace is global
> (Mike or Chris could tell you for sure). So while you could have machines
> in different primary domains/workgroups, the machine names would still
> need
> to be unique globally.
Provided what I claim above is true I think DNS names will work. They do
not have to be unique. I don't think domain authentication interacts too
much (at all?) with NetBIOS.
Mike
More information about the jcifs
mailing list