[jcifs] LsaLookupNames

Giampaolo Tomassoni Giampaolo at Tomassoni.biz
Thu Jan 31 17:02:33 GMT 2008

> -----Original Message-----
> From: jcifs-bounces+giampaolo=tomassoni.biz at lists.samba.org
> [mailto:jcifs-bounces+giampaolo=tomassoni.biz at lists.samba.org] On
> Behalf Of Michael B Allen
> On Thu, 31 Jan 2008 14:37:59 +0100
> "Giampaolo Tomassoni" <Giampaolo at Tomassoni.biz> wrote:
> ...omissis...
> Hi Giampaolo,
> The NPA is specific to the server server challenge with which it was
> created and thus specific to a particular server.
> However, since the particular server happens to be a domain controller,
> in theory, it should work.

Oh, I see. Well, this is something I have to test before production time: in
my testbed domain there is only one DC, so there is no way to contact a
different one...

> You just need to build the DcerpcHandle with
> the SmbTransport object that the challenge is bound to. Maybe you can
> create a new DcerpcHandle.getHandle() that takes the SmbTree or
> SmbSession or SmbTransport?

Mmmmh, you mean to use the already fabricated SmbSession in order to build
the DcerpcHandle?

This would be fine, but how can I get the SmbSession used by NtlmHttpFilter?
It is simply created and then lost soon after logon... Also, I think it
can't be persisted in a session attribute because it couldn't be easily
re-lived after persistence: there is a connection associated with it, isn't

I could eventually put it in a request's attribute, but then, when login is
not anymore needed because of an outstanding already authenticated session,
there would again be problems in accessing the LSA service.

I think the best way would be to obtain some kind of authenticative token
from the server, which can somehow be reissued to establish different

Does something like this exists? What kind of object should I look for in
jcifs? When in windows one uses the ImpersonateLoggedOnUser() call, what
kind of object is retrieved from the server and locally stored?

Thank you very much, Mike.


> Mike
> --
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/

More information about the jcifs mailing list