[jcifs] username dialog syntax changes

Eric Glass eric.glass at gmail.com
Mon Nov 13 01:03:54 GMT 2006 

See the followup here:

http://lists.samba.org/archive/jcifs/2006-March/006019.html

It actually worked without the patch.

On 11/11/06, Michael B Allen <mba2000 at ioplex.com> wrote:
> Patch applied.
>
> --- Type3Message.java.orig      2005-11-18 17:21:24.000000000 -0600
> +++ Type3Message.java   2006-03-21 15:46:52.000000000 -0600
> @@ -578,6 +578,13 @@
>          if (ntResponse.length == 24) setNTResponse(ntResponse);
>          setDomain(new String(domain, charset));
>          setUser(new String(user, charset));
> +        if ("".equals(this.domain)) {
> +            int atIndex = this.user.indexOf('@');
> +            if (atIndex != -1) {
> +                setDomain(this.user.substring(atIndex + 1));
> +                setUser(this.user.substring(0, atIndex));
> +            }
> +        }
>          setWorkstation(new String(workstation, charset));
>      }
>  }
>
> On Thu, 23 Mar 2006 15:07:49 -0500
> Michael B Allen <mba2000 at ioplex.com> wrote:
>
> > On Wed, 22 Mar 2006 11:04:29 -0600
> > "Tapperson Kevin" <Kevin.Tapperson at hcahealthcare.com> wrote:
> >
> > > Another developer here has brought to my attention that Microsoft now
> > > supports 2 different formats for entering your userid in the NTLM
> > > challenge popup.  It can be entered using the old format of
> > > <domain>\<userid> or it can now be entered using the new format of
> > > <userid>@<domain>.  (This is only available/allowed on XP and Windows
> > > 2003 machines where the NTLM challenge pop-up does not contain an
> > > explicit domain field.)  Attached are 2 packet captures showing the same
> > > user authenticating to IIS using each format.  (Both are from Ethereal
> > > in libpcap format.)
> > >
> > > In the old format, the NTLM type 3 message domain field contains the
> > > domain and the username field contains the userid.  In the new format,
> > > the NTLM type 3 message domain field is NULL and the username field
> > > contains both the domain and userid specified as <userid>@<domain>.
> >
> > Actually I'm pretty sure thats actually the realm and not the domain
> > and the realm is not necessarily the same as the domain. In a large
> > organization there can be many domains for a given realm.
> >
> > I'll apply the patch because I don't want to bother myself with the
> > correct fix but for future reference I think the correct fix would be
> > to use RFC 2052 SRV DNS lookups to find the domain controller for the
> > particular realm.
> >
> > Mike
> >
>
>
> --
> Michael B Allen
> PHP Active Directory SSO
> http://www.ioplex.com/
>

More information about the jcifs mailing list