[jcifs] NTLMv2 / Alternative?

Christopher R. Hertel crh at ubiqx.mn.org
Wed Jan 5 23:36:47 GMT 2005 

It's Open Source code.  Samba has implemented most of the NTLMv2 stuff by 
now (though there are still issues...it's not as if Microsoft actually 
publishes reliable and available specifications).  Grab the jCIFS code and 
add whatever you think is missing.  Read the Samba sources for guidance.

Send us the fixes and let Mike look them over...

That's how it gets done!  :)

Chris -)-----


On Wed, Jan 05, 2005 at 10:38:51PM -0000, nospam.rwp at dsl.pipex.com wrote:
> 
> Errrm, this argument maybe partially redundant now, by the looks of it recent versions 
> may have some NTLMv2 support, however the docs aren't clear how much, so I'll 
> reserve judgement until I find time to test it.  
> 
> One thing that does disturb me though, is that jCIFS properties are still global properties, 
> therefore it would appear to be impossible to reliably support different server 
> configurations and associated connections at the same time.  IMHO it would be better if 
> this was the case:
> 
> 1. the Config class was fleshed out with all the properties and bean setters and getters 
> and given a getInstance() method, to get a copy of the global properties.
> 
> 2. the connection classes SmbFile, SmbFileInputStream, SmbFileOutputStream, 
> SmbNamedPipe and SmbRandomAccessFile gained extra constructors which accepted 
> a Config object, so that each connection could use a different client behaviour.
> 
> 
> If these features were implemented I could open a connection to a local LAN server, then 
> open a different connection to a remote modem connected LAN server * and talk to each 
> from a different IP binding e.g. I could use a machine as file copying bridge between the 
> two networks for remote control support applications.
> 
> * I could hunt for the modem IP binding address for just the modem jCIFS connection(s), 
> but use a different local IP binding address for all the local LAN connections.
> 
> Just a few ideas.
> 
> 
> On 5 Jan 2005 at 21:19, jcifs at lists.samba.org wrote:
> 
> > 
> > This is quite typical for Win2K3 server, I've seen network connection problem with some 
> > older Windows boxes at work, however I can well understand why the admins refused 
> > legacy NTLM support.
> > 
> > Win2K3 is the standard windows server OS now, WinNT is effectively dead and Win2K 
> > has too short a support life.  A large number of organisations running NT servers are 
> > probably worried about no support for NT, so the migration is going to be relatively quick.  
> > jCIFS needs to support NTLMv2 soon otherwise it'll become a major headache and get 
> > replaced by .Net code, I doubt the jCIFS team want this!.
> > 
> > One of my employers clients will soon be upgrading lots of servers to Win2K3 server (I 
> > assume because of the lack of support for NT), it'd be a pain if I had to switch back to 
> > clunky "net use" batch files because jCIFS was stuck in the past.
> > 
> > 
> > On 5 Jan 2005 at 14:29, David Pease wrote:
> > 
> > > 
> > > Hi. I'm looking for some advice on the following:
> > > 
> > > I've used jCIFS for NTLM authentication on a Java web app and it's worked a
> > > treat, up until it's been deployed on a customer's network (Win2k3, AD) which is
> > > configured to only accept NTLMv2 (lmcompatibility=5?). Apparently, the customer
> > > refuses to change this.
> > > 
> > > So, I can't currently use jCIFS, but I'd like to know of any alternatives around
> > > which could be used instead. Does anyone have a rough idea of when jCIFS will be
> > > supporting NTLMv2?
> > > 
> > > Could Kerberos be used in this situation? If so, any info would be gratefully
> > > received, as I know nothing about Kerberos so far (e.g. how does the
> > > DOMAIN\USERNAME format map to the USER at REALM Kerberos format?). Can I use
> > > Kerberos to automatically log users into the web app using IE?
> > > 
> > > Many thanks in advance,
> > > 
> > > Dave
> > > 
> > > 
> > > ______________________________
> > > This email has been scanned for all viruses by the MessageLabs SkyScan
> > > service. For more information on a proactive anti-virus service working
> > > around the clock, around the globe, visit http://www.messagelabs.com
> > > 
> > 
> > 
> 
> ---------------------------
> Richard Perrott
> 
>      \  /
> -----><-----
>      /  \
> 

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the jcifs mailing list