[jcifs] multidomain

Kevin Tapperson kevin at tapperson.net
Tue Oct 10 13:49:34 GMT 2006

Assuming that you're talking about the NTLMHttpFilter, then yes.  The NTLM
type 1 message sent by the client browser contains the workstation domain.
Custom logic can be implemented on the server side to select an appropriate
domain controller to authenticate against based on the provided workstation
domain.  The user that is actually logged into the PC could be from another
domain, but in order for that user to be logged into that workstation, a
trust relationship must exist between the user's domain and the
workstation's domain.

In order to achieve this, you would need to customize portions of the
NTLMHttpFilter to parse the NTLM type 1 message and select an appropriate
domain controller based on the proivded workstation domain.  This could be
as simple as doing an SMB domain lookup for the provided workstation
domain.  You would then use that domain controller for the remainder of the
authentication process with that client.

Kevin Tapperson
kevin at tapperson.net

On 10/10/06, alexander.wiltschek at bawagpsk.com <
alexander.wiltschek at bawagpsk.com> wrote:
> is it possible to implement one instance of jccifs which provides more
> than one
> domain.
> between this domains there is no trust established and this is not
> necessary.
> but the configurationfile from jcifs also doesn't support multidomain's.
> can you help me or have a change in a later version of jcifs to provide
> multiple
> domains
> in one configuration file.
> thanks
> alex
> ***************************************************************************
> Diese Information und eventuelle Anhaenge sind vertraulich
> und ausschliesslich zur Kenntnisnahme durch den oder die
> genannten Adressaten bestimmt. Sollten Sie nicht der
> vorgesehene Adressat sein, ersuchen wir Sie, uns unverzueglich
> zu informieren und die Nachricht zu loeschen. Der Inhalt der
> fehlgeleiteten Nachricht darf weder aufgezeichnet noch
> Unbefugten mitgeteilt oder fuer irgendwelche Zwecke verwertet
> werden. Bitte beachten Sie weiters, dass trotz hoechstmoeglicher
> Sorgfalt unsererseits aufgrund der technischen Gegebenheiten
> im Internet keine Verantwortung fuer die Existenz von Viren
> uebernommen werden kann.
> This message and any attachments are confidential and are
> only intended for the recipient(s) to which they have been
> addressed. If you have received this message in error, please
> notify the sender immediately and delete the message from
> your system. The contents of this misdirected mail may not be
> saved, recorded or used for any purpose whatsoever or made
> available to unauthorised persons. This message has been
> prepared and sent with the greatest possible care, including
> scanning for viruses. In spite of this, we assume no liability
> whatsoever for the existence of any viruses.
> ***************************************************************************
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list