[jcifs] jcifs-1.2.16 released / Domain-Based DFS Support

Michael B Allen miallen at ioplex.com
Fri Aug 3 07:17:31 GMT 2007

On Fri, 03 Aug 2007 05:57:42 +0200
Thomas Bley <thomas.bley at simple-groupware.de> wrote:

> Hello Mike,
> just a question, if a server has two network cards with two ip addresses 
> for two subnets, will jCIFS 1.2.16 try to open two connections ?

Hi Thomas,

If both IPs are registered with the same name then yes. But that
seems unlikely to me as there would be no reason to have two nics in
the machine.

I suppose it's important to clearly state the logic of this new code as
I foresee it could be the source of some confusion. Of course you can look
at the code but I will summarize.

First, the InetAddress.getByName call that was used to lookup the hostname
of the target was replaced with InetAddress.getAllByName. As you may be
aware, a hostname may very well have multiple IP addresses associated
with it. For example, MS domain controllers register their IP with the
domain for which they are an authority. So if the domain is example.com
and you have 3 DCs that are authorities for example.com, if you do an
InetAddress.getAllByName('example.com') you'll get back the list of 3 IPs.

Second, some logic was added to SmbFile to iterate through these addresses
as necessary. See the methods getFirstAddress/getNextAddress.

Third, the new doShareEnum method uses the said IP iteration code to try
the next address if it cannot successfully authenticate and mount the
target share.

So, the end result is that why you try to connect to a share
smb://example.com/dfsroot/, that 'dfsroot' may only exist on one server
out of dozens. Previously JCIFS would sporatically seen domain-based DFS
roots in this scenario depending on which IP it received for the name
example.com. But now it will try each IP until it successfully mounts
a share 'dfsroot' on one of the IPs.

This is a significant change to how JCIFS connects to servers so let's
keep our ears to the ground for problems.


> Michael B Allen wrote:
> > With this release, JCIFS now supports domain-based DFS. With
> > domain-based DFS, clients access DFS roots under the DNS domain name
> > like \\example.com\dfs\foo so that users do not need to remember server
> > names. However, for clients to work with these DFS roots they have to
> > be prepared to connect to each domain controller as necessary to find
> > the target share and successfully authenticate. JCIFS now includes this
> > retry logic. JCIFS will also do something that it seems even Windows
> > clients do not do - if you list the shares of a domain (e.g. (new
> > SmbFile("smb://example.com/")).listFiles()), JCIFS will build a merged
> > list of all shares on all domain controllers.
> >
> > Note that these changes are fairly significant. Whenever JCIFS tries to
> > connect to a server this new logic is used. So if anyone notices anything
> > out of the ordinary please report it to the JCIFS mailaing list.
> >
> > The JCIFS Team would like to thank MetaCarta, Inc. for supporting this
> > work. MetaCarta, Inc., a provider of geographic intelligence solutions,
> > offers users map-driven geographic search, geographic referencing,
> > and data visualization capabilities.
> >
> >   

Michael B Allen
PHP Active Directory Kerberos SSO

More information about the jcifs mailing list