[jcifs] NTLM Authentication and multiple domains

Michael B Allen mba2000 at ioplex.com
Thu Apr 22 21:24:42 GMT 2004

Christopher R. Hertel said:
> On Thu, Apr 22, 2004 at 02:46:17PM -0400, Michael B Allen wrote:
>> eglass1 at comcast.net said:
>> >
>> >> Thanks a million Eric. I have a quick follow up question though. Say
>> we
>> >> do
>> >> have trust relationships between the relevant NT domains, what if we
>> >> have a
>> >> scenario like:
>> >>
>> >> -->   jorourke.foo.com
>> >> -->   jorourke.bar.foo.com
>> >>
>> >> How does the that get resolved by the domain controller? Is this
>> >> possible?
>> >>
>> >
>> > Is "jorourke" the username or a hostname?  jCIFS uses the NT4-style
>> domain
>> > model based on NetBIOS; so while a machine might be in a DNS-style
>> domain
>> > "foo.com", that would be mapped to some NetBIOS domain (i.e. "FOO").
>> I believe the jcifs.smb.client.domainController can be a DNS name.
> The SMB URL allows you to locate an SMB server using either the DNS name

Actually I now recall we don't even create an SMB URL from the
domainController property. We use UniAddress which accepts everything.

> Domain auth yet.  If jCIFS is running on the server, my understanding is
> that we're doing pass-through.

Actually we don't even do true "pass-through" authentication. That
requires RPCs as well IIRC. We just tree connect on IPC$ using UniAddress
to resolve jcifs.smb.client.domainController.

Now if we're talking about jcifs.smb.client.domain. That *does* need to be
a NetBIOS name as it is the domain name queried unsing the NBNS.


More information about the jcifs mailing list