[jcifs] JCIFS http filter problem with DC on Win 2003
Michael B Allen
mba2000 at ioplex.com
Sun Nov 12 01:42:56 GMT 2006
Actually I think I'm going to try to fix this in the same place I applied
Kevin's patch.
I'm not going to test this because it's only invoked if the domain is null
so someone please hit me with a rubber bat if it doesn't work for them.
Also, I want to reiterate that the nETBIOSNAme style domain names used
with SAM accounts is not the same as the Kerberos realm/DNS style names
(e.g. EXAMPLE v.s. EXAMPLE.COM). That makes the '@' name fix only of
use to those who happen to make the nETBIOSName and realm the same.
578 if (ntResponse.length == 24) setNTResponse(ntResponse);
579 setDomain(new String(domain, charset));
580 setUser(new String(user, charset));
581 if ("".equals(this.domain)) {
582 int idx = this.user.indexOf('@');
583 if (idx != -1) {
584 setDomain(this.user.substring(idx + 1));
585 setUser(this.user.substring(0, idx));
586 } else {
587 idx = this.user.indexOf('/');
588 if (idx != -1) {
589 setDomain(this.user.substring(0, idx));
590 setUser(this.user.substring(idx + 1));
591 }
592 }
593 }
594 setWorkstation(new String(workstation, charset));
On Tue, 25 Apr 2006 12:37:36 -0400
Michael B Allen <mba2000 at ioplex.com> wrote:
> On Tue, 25 Apr 2006 09:57:24 +0200
> "Inge Solvoll" <inge.tapestry at gmail.com> wrote:
>
> > I think I've made a breakthrough on this issue now.
> >
> > The username sent to the server from the browser is the excact same string
> > that the user logged into the domain with. It seems that JCIFS does not
> > recognize the domain login pattern " user at domain.com", it expects the login
> > pattern to be "DOMAIN/user". If the user logs in with the first pattern, the
> > following NtlmHttpFilter code fails:
> >
> > index = user.indexOf ('\\');
> > if (index == -1) index = user.indexOf('/');
> > String domain = (index != -1) ? user.substring(0, index) :
> > defaultDomain;
> > user = (index != -1) ? user.substring(index + 1) : user;
> >
> > I'll have to rewrite a little for my filter, to pick the username email
> > style if user string contains @.
>
> Interesting. So people can log into their workstation with
> user at domain.com? Never seen that. What do they put into the domain
> field? Nothing?
>
> If you get it working both ways pls send a patch. That would expidite
> things a little.
>
> Thanks,
> Mike
>
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
More information about the jcifs
mailing list