[jcifs] NtlmHttpFilter - authentication

Michael B Allen mba2000 at ioplex.com
Thu Mar 4 02:09:50 GMT 2004

Eric said:
>>>>There is a looming problem however. This technique does not work in a
>>>>AD environment.
>>>Which part causes issues?
>> I thought we had some people with AD issues? Since we never quite
>> resolved
>> them I assumed there was an issue with those environments because we do
>> IPC$ on port 139. Glad to hear that may not be true.
> There probably would be issues -- I just wasn't clear on which part
> specifically.  I think you're correct; in a pure AD environment you
> would typically just do "raw" SMB over TCP on port 445 (which we
> currently don't support).  I suppose you could maybe install NetBIOS on
> a single server and use that as the "domain controller" for the filter;
> not entirely sure if that would work or not, but it would make for an
> interesting experiment.  If support for port 445 is implemented in jCIFS
> that should work as well.

Ehe. This will be in 0.9.

> In a pure active directory environment, extended security is typically
> used to negotiate Kerberos authentication via SPNEGO.  There isn't any
> requirement for this, however; you can always negotiate NTLM over
> SPNEGO, or just use raw NTLM.  I believe NTLM is always available, as
> it's needed for member-member and inter-forest authentication.

Good to hear. But NTLMv2? That's another thing that's "looming".


More information about the jcifs mailing list