[jcifs] Using jCIFS across sub-net boundaries?
Morten Sabroe Mortensen
momor at tdc.dk
Tue Oct 24 16:15:46 GMT 2006
How do I set up jCIFS - or more specifically the NtlmHttpFilter - to work
across sub-nets? - Disregarding the NTML handshake, that is -
Scenario #1:
Testing on a single subnet - the "main" subnet - with both the web-app and the
WINS server on the same network, all is well. In this case, this configuration
of the filter works well:
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>MYDOMAIN</param-value>
</init-param>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>10.106.105.39</param-value>
</init-param>
</filter>
Scenario #2:
The "production" setup og mine is distributed across a "main" subnet and
a "tech" subnet with a strict firewall in between. In this case the web-app
must run on the "tech" subnet, while the user browser and the WINS/NBNS server
is located on the "main" subnet. Access from the browser to the web-app
through HTTP is no problem at all - including the regular HTTP NTLM handshake -
but the connection from the NtlmHttpFilter through the firewall from
the "tech" subnet to the "main" subnet containing the WINS/NBNS server
requires... some openings in the firewall.
What do I open in the firewall to allow the NtlmHttpFilter to talk to the
domain-controller?
Can the connection be tested from a Linux shell on a machine in the "tech"
subnet with one of the commandline tools in the Samba package?
How do I configure this for the NtlmHttpFilter to connect?
Regards
Morten Sabroe Mortensen
More information about the jcifs
mailing list