[jcifs] Problem with pre-auth

FARROKHIAN Rémi rfarrokhian at gmf.fr
Fri Aug 24 09:28:22 GMT 2007


For the same reason (avoiding WAN queries), we are currently testing an alias name resolving on a VIP load balancing the ADs on one "single region environment" for NTLM and LDAP queries.
For that, networkaddress.cache.ttl is set to -1 (one DNS query is enough to get the VIP) and we set the DC name (no WINS, only DNS).
I will let you know the result of the tests.

A question : why not extends JCIFS to give the ability to set a primary and a backup DC ?



-----Message d'origine-----
De : jcifs-bounces+rfarrokhian=gmf.fr at lists.samba.org [mailto:jcifs-bounces+rfarrokhian=gmf.fr at lists.samba.org] De la part de Ashok.Chindam at barclayscapital.com
Envoyé : mardi 21 août 2007 09:19
À : torben.wolm at LEGO.com
Cc : jcifs at lists.samba.org
Objet : RE: [jcifs] Problem with pre-auth

Hi Torben,
Thanks for the quick reply. Yes, I can try this option. Any idea how would it get all the possible domain controllers?  

In multi region environment, if the server is located in one country and if JCIFS choose a domain controller which is too far, performance gets affected. That is the reason why we chosen a ALIAS NAME. To make sure we don't depend on single AD server, this ALIAS actually pointing to multiple AD Servers.

BTW don't u think it is just problem of not releasing the existing connection, when it times out? If the program releases it, next authentication will try to connect to this ALIAS DNS again and it may give another server which most probably works.

To me, it looks like more issue of caching the IP directly. 

Thanks and regards,
Ashok Chindam
IT AP - Corporate Systems, Barclays Capital
Direct: +65 6828 4219 | Fax : +65 6828 5922

-----Original Message-----
From: Torben Wölm [mailto:torben.wolm at LEGO.com] 
Sent: 21 August 2007 14:54
To: Chindam, Ashok: IT (SGP)
Cc: jcifs at lists.samba.org
Subject: RE: [jcifs] Problem with pre-auth


> -----Original Message-----
> From: jcifs-bounces+torben.wolm=lego.com at lists.samba.org
> [mailto:jcifs-bounces+torben.wolm=lego.com at lists.samba.org] 
> On Behalf Of Ashok.Chindam at barclayscapital.com
> Sent: Tuesday, August 21, 2007 8:21 AM
> To: jcifs at lists.samba.org
> Subject: [jcifs] Problem with pre-auth
> Hi
> I am using jcifs 1.2.13 and using pre-auth to support our
> win2k3 Active
> Directory systems. It is now working with win2k3 AD servers but this
> introduced a new problem to us.
> My filter configuration is provided below. If one of our AD
> servers goes
> down, the whole system becomes unavailable because my SYSTEM_MAIN_USER
> authentication keep timing out. I am assuming that JCIFS 
> somehow caching
> the IP address of AD server and keep trying to connect the 
> same server,
> even if it times out. 

Would it be an option to drop the "jcifs.http.domainController" setting, and set "jcifs.http.loadBalance" to "true" instead? That should make JCIFS look up all available domain controllers for your domain and cycle through them...

Kind regards
For important statutory and regulatory disclosures and more information about Barclays Capital, please visit our web site at http://www.barcap.com.

Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message.  Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed.  Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group.  Replies to this email may be monitored by the Barclays Group for operational or business reasons.

Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group.

More information about the jcifs mailing list