[jcifs] Fallback with a list of domain controllers.

fedayn jsv at tragsa.es
Wed Dec 1 09:12:29 MST 2010 

Hi Michael,

Likely I've explained very bad my issue.

The developer team has implemented a web application that needs SSO and
they've taken advantage of JCIFS SSO Filter to integrate with Active
Directory so users aren't asked for credentials when they go to the
application URL.
As you say, JCIFS performs authentication only with the target file server,
but before that I think users need to authenticate against a domain
controller for SSO purpose. Please, correct me if I’m wrong.
We also have a web.xml file and here you’re the code for the filter:

<filter>
    <filter-name>NtlmHttpFilter</filter-name>
    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>

    <init-param>
        <param-name>jcifs.http.domainController</param-name>
        <param-value>dcname.mydomain.com</param-value>
    </init-param>

    <init-param>
        <param-name>jcifs.smb.client.domain</param-name>
        <param-value>mydomain.com</param-value>
    </init-param>
    <init-param>
        <param-name>jcifs.smb.client.username</param-name>
        <param-value>user_name</param-value>
    </init-param>
    <init-param>
        <param-name>jcifs.smb.client.password</param-name>
        <param-value>user_password</param-value>
    </init-param>
	   
</filter>
As you can see, we don’t use WINS resolution because we only have DNS
resolution in our domain. My intention is to set specific domain controllers
for the NTLM authentication, I don’t want users authenticate against other
domain controllers that are far from their location to avoid excesive
network traffic.

Thank you very much.


Michael B Allen wrote:
> 
> Hi fedayn,
> 
> JCIFS performs authentication only with the target file server
> (identified by the hostname in the SMB URL). So I'm not really sure I
> understand the question.
> 
> Mike
> 
> -- 
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
> 
> 
> On Wed, Dec 1, 2010 at 8:45 AM, fedayn <jsv at tragsa.es> wrote:
>>
>> Hi everybody,
>>
>> My question is quite simple, is it possible the user has to use a concret
>> list of domain controllers to authenticate?.
>>
>> For instance, create a lmhosts file and set a list of domain controllers.
>> I
>> don't know if one of those DC's fails will fallback on the next one on
>> that
>> list.
>>
>> Thank you.
> 
> 
Quoted from: 
http://samba.2283325.n4.nabble.com/Fallback-with-a-list-of-domain-controllers-tp3067287p3067506.html

-- 
View this message in context: http://samba.2283325.n4.nabble.com/Fallback-with-a-list-of-domain-controllers-tp3067287p3067589.html
Sent from the Samba - jcifs mailing list archive at Nabble.com.

More information about the jCIFS mailing list