[jcifs] JCIFS http filter problem with DC on Win 2003

Michael B Allen mba2000 at ioplex.com
Sun Nov 12 01:42:56 GMT 2006 

Actually I think I'm going to try to fix this in the same place I applied
Kevin's patch.

I'm not going to test this because it's only invoked if the domain is null
so someone please hit me with a rubber bat if it doesn't work for them.

Also, I want to reiterate that the nETBIOSNAme style domain names used
with SAM accounts is not the same as the Kerberos realm/DNS style names
(e.g. EXAMPLE v.s. EXAMPLE.COM). That makes the '@' name fix only of
use to those who happen to make the nETBIOSName and realm the same.

    578         if (ntResponse.length == 24) setNTResponse(ntResponse);
    579         setDomain(new String(domain, charset));
    580         setUser(new String(user, charset));
    581         if ("".equals(this.domain)) {
    582             int idx = this.user.indexOf('@');
    583             if (idx != -1) {
    584                 setDomain(this.user.substring(idx + 1));
    585                 setUser(this.user.substring(0, idx));
    586             } else {
    587                 idx = this.user.indexOf('/');
    588                 if (idx != -1) {
    589                     setDomain(this.user.substring(0, idx));
    590                     setUser(this.user.substring(idx + 1));
    591                 }
    592             }
    593         }
    594         setWorkstation(new String(workstation, charset));


On Tue, 25 Apr 2006 12:37:36 -0400
Michael B Allen <mba2000 at ioplex.com> wrote:

> On Tue, 25 Apr 2006 09:57:24 +0200
> "Inge Solvoll" <inge.tapestry at gmail.com> wrote:
> 
> > I think I've made a breakthrough on this issue now.
> > 
> > The username sent to the server from the browser is the excact same string
> > that the user logged into the domain with. It seems that JCIFS does not
> > recognize the domain login pattern " user at domain.com", it expects the login
> > pattern to be "DOMAIN/user". If the user logs in with the first pattern, the
> > following NtlmHttpFilter code fails:
> > 
> > index = user.indexOf ('\\');
> >                 if (index == -1) index = user.indexOf('/');
> >                 String domain = (index != -1) ? user.substring(0, index) :
> >                         defaultDomain;
> >                 user = (index != -1) ? user.substring(index + 1) : user;
> > 
> > I'll have to rewrite a little for my filter, to pick the username email
> > style if user string contains @.
> 
> Interesting. So people can log into their workstation with
> user at domain.com? Never seen that. What do they put into the domain
> field? Nothing?
> 
> If you get it working both ways pls send a patch. That would expidite
> things a little.
> 
> Thanks,
> Mike
> 


-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/

More information about the jcifs mailing list