[jcifs] Requirements on the NT Domain Controller for
Authentication
Michael B Allen
mba2000 at ioplex.com
Mon Jun 28 21:20:09 GMT 2004
Which version of jCIFS are you using.
Konsella, Shane said:
> I have implemented authentication for arbitrary credentials according to
> the FAQ at:
>
> http://jcifs.samba.org/src/docs/faq.html#auth
>
> It has worked well for me with my network's Domain Controller for weeks,
> but failed with a "connection refused" io exception for a couple of
> hours the other day. Although authentication failed, I was able to
> 'ping' the Domain Controller's IP address. My assumption is that my IT
> department may have been changing something on the Domain Controller
> during that time, but I don't know what might have changed or why it
> affected me. (I know nothing of NT domain controllers or security
> infrastructure.)
Well "Connection refused" is a socket error so I don't think there's much
you can do to prevent it. You can try to deal with it a little better
though. First, you can try querying WINS for a suitable domain controller.
The NetBIOS code will return different entries from the list returned by
this query (provided you have multiple domain controllers). For example:
UniAddress dc = new UniAddress( NbtAddress.getByName( "MYDOM", 0x1C, null ));
This might make things a little more robust in the face of failure. At
least the problem will not persist for "hours".
>
> I'm hoping someone on this list can answer the following questions:
>
> 1. What are the requirements on the NT Domain Controller for this
> implementation to work?
Just that it accepts connections on port 139 and limits access to IPC$ to
Authenticated Users group and does not permit GUEST access. This is still
the default for MS domain controllers.
> 2. How do I verify that my domain controller satisfies these
> requirements?
By testing the code cited in the FAQ.
Mike
More information about the jcifs
mailing list