[jcifs] Using jCIFS across sub-net boundaries?

Morten Sabroe Mortensen momor at tdc.dk
Tue Oct 24 16:15:46 GMT 2006


How do I set up jCIFS - or more specifically the NtlmHttpFilter - to work 
across sub-nets? - Disregarding the NTML handshake, that is -


Scenario #1:
Testing on a single subnet - the "main" subnet - with both the web-app and the 
WINS server on the same network, all is well. In this case, this configuration 
of the filter works well:

  <filter>
    <filter-name>NtlmHttpFilter</filter-name>
    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>

    <init-param>
      <param-name>jcifs.smb.client.domain</param-name>
      <param-value>MYDOMAIN</param-value>
    </init-param>

    <init-param>
      <param-name>jcifs.http.domainController</param-name>
      <param-value>10.106.105.39</param-value>
    </init-param>
  </filter>


Scenario #2:
The "production" setup og mine is distributed across a "main" subnet and 
a "tech" subnet with a strict firewall in between. In this case the web-app 
must run on the "tech" subnet, while the user browser and the WINS/NBNS server 
is located on the "main" subnet. Access from the browser to the web-app 
through HTTP is no problem at all - including the regular HTTP NTLM handshake -
 but the connection from the NtlmHttpFilter through the firewall from 
the "tech" subnet to the "main" subnet containing the WINS/NBNS server 
requires... some openings in the firewall.

What do I open in the firewall to allow the NtlmHttpFilter to talk to the 
domain-controller?

Can the connection be tested from a Linux shell on a machine in the "tech" 
subnet with one of the commandline tools in the Samba package?

How do I configure this for the NtlmHttpFilter to connect?

Regards
Morten Sabroe Mortensen




More information about the jcifs mailing list