[jcifs] DFS with jCIFS 1.2.3 and w2k3 sp1

Michael B Allen mba2000 at ioplex.com
Sat Sep 10 20:36:31 GMT 2005 

On Sat, 10 Sep 2005 21:08:11 +0200
Thomas Bley <thomas.bley at simple-groupware.de> wrote:

> Ok thanks, here is what I found out:
> I created a new link (testlink2, \\192.168.0.2\administrator) on the 
> w2k3-server (testw2k3, 192.168.0.5) and pointed it to a samba server.
> - when not using ntlm everything works (no dfsreferral, I can directly 
> access the contents of the linked share)
> - when using NTLM I don't get the dfs-referral, instead I get an 
> smbexception: Access denied. smb://192.168.0.5/MyRoot/testlink2/ 
> (Invalid access to memory location.) <= testw2k3 has 192.168.0.5, the 
> samba-box has 192.168.0.2
> 
> see attached ethereal dump: I logged on with ntlm (firefox) and 
> navigated to testlink (dfs-link on the same machine, ok), then to 
> testlink2 (dfs-link on the other machine, failure). I also implemented a 
> relogin feature that asks again for the ntlm-hash, but still no success.
> 
> Of course, there is no reason why samba should trust w2k3 (I haven't 
> configured any, both are not domain controllers), but should I get an 
> dfs-referral here ?

First, I'm having a little difficultly understanding what you're trying to do. I suspect by "NTLM" you mean NTLM HTTP authentication a la NTLM HTTP Filter. I didn't think your webdisk program did NTLM HTTP auth but if you are doing that now you need to change gears.

Read the NTLM HTTP Filter documetation (I know you're not using the Filter but there are important bits of information like the fact that the client and target must be memebers of the same domain). Then you might want to scan over Eric Glass's documentation (link at end of Filter doc). It will be important to understanding what you see in Ethereal. Then you need to look very carefully at the jcifs/http/NetworkExplorer.java servlet.

IMPORTANT: NTLM HTTP authentcation is a stateful protocol. HTTP is a stateless protocol. This requires some non-trivial state handling. I STRONGLY recommend that you understand every line of the NetworkExplorer servlet before you even begin so that you know how to manage the state in the HTTP session. This has burned everyone that has ever tried to do it. Hopefully you can mostly copy it.

Good luck,
Mike

More information about the jcifs mailing list