[jcifs] Requirements on the NT Domain Controller for Authentication

Michael B Allen mba2000 at ioplex.com
Mon Jun 28 21:20:09 GMT 2004

Which version of jCIFS are you using.

Konsella, Shane said:
> I have implemented authentication for arbitrary credentials according to
> the FAQ at:
>    http://jcifs.samba.org/src/docs/faq.html#auth
> It has worked well for me with my network's Domain Controller for weeks,
> but failed with a "connection refused" io exception for a couple of
> hours the other day. Although authentication failed, I was able to
> 'ping' the Domain Controller's IP address. My assumption is that my IT
> department may have been changing something on the Domain Controller
> during that time, but I don't know what might have changed or why it
> affected me. (I know nothing of NT domain controllers or security
> infrastructure.)

Well "Connection refused" is a socket error so I don't think there's much
you can do to prevent it. You can try to deal with it a little better
though. First, you can try querying WINS for a suitable domain controller.
The NetBIOS code will return different entries from the list returned by
this query (provided you have multiple domain controllers). For example:

UniAddress dc = new UniAddress( NbtAddress.getByName( "MYDOM", 0x1C, null ));

This might make things a little more robust in the face of failure. At
least the problem will not persist for "hours".

> I'm hoping someone on this list can answer the following questions:
> 1. What are the requirements on the NT Domain Controller for this
> implementation to work?

Just that it accepts connections on port 139 and limits access to IPC$ to
Authenticated Users group and does not permit GUEST access. This is still
the default for MS domain controllers.

> 2. How do I verify that my domain controller satisfies these
> requirements?

By testing the code cited in the FAQ.


More information about the jcifs mailing list