[jcifs] NTLM Authentication and multiple domains
Michael B Allen
mba2000 at ioplex.com
Thu Apr 22 21:24:42 GMT 2004
Christopher R. Hertel said:
> On Thu, Apr 22, 2004 at 02:46:17PM -0400, Michael B Allen wrote:
>> eglass1 at comcast.net said:
>> >
>> >> Thanks a million Eric. I have a quick follow up question though. Say
>> we
>> >> do
>> >> have trust relationships between the relevant NT domains, what if we
>> >> have a
>> >> scenario like:
>> >>
>> >> --> jorourke.foo.com
>> >> --> jorourke.bar.foo.com
>> >>
>> >> How does the that get resolved by the domain controller? Is this
>> >> possible?
>> >>
>> >
>> > Is "jorourke" the username or a hostname? jCIFS uses the NT4-style
>> domain
>> > model based on NetBIOS; so while a machine might be in a DNS-style
>> domain
>> > "foo.com", that would be mapped to some NetBIOS domain (i.e. "FOO").
>>
>> I believe the jcifs.smb.client.domainController can be a DNS name.
<snip>
> The SMB URL allows you to locate an SMB server using either the DNS name
Actually I now recall we don't even create an SMB URL from the
domainController property. We use UniAddress which accepts everything.
> Domain auth yet. If jCIFS is running on the server, my understanding is
> that we're doing pass-through.
Actually we don't even do true "pass-through" authentication. That
requires RPCs as well IIRC. We just tree connect on IPC$ using UniAddress
to resolve jcifs.smb.client.domainController.
Now if we're talking about jcifs.smb.client.domain. That *does* need to be
a NetBIOS name as it is the domain name queried unsing the NBNS.
Mike
More information about the jcifs
mailing list