[jcifs] NTLM HTTP authentication with multiple domains

Eric eglass1 at comcast.net
Fri Mar 12 00:23:24 GMT 2004

> No. That document is not very good. The type-1-message has the NetBIOS
> *workgroup* which is frequently different from the NT domain.

It's actually the primary domain for the client workstation (from what 
I've observed); it's used for local authentication.  The client says, 
"here's my workstation name and domain".  The server looks at that and 
sets the local auth flag if it matches it's own name and domain.  If so, 
the client sends an empty type 3 message and completes the handshake 
internally (within the NTLM SSPI provider).

It's only sent when "automatic" authentication is enabled (i.e., "log on 
using current username and password" from IE options), as local 
authentication can only employ the active credentials from the desktop 
session.  It's also not sent by Win9x clients.  And also, when it is 
sent, it's the primary domain for the client and not necessarily the 
domain in which the user's account resides.


More information about the jcifs mailing list