[jcifs] Fallback with a list of domain controllers.

André Warnier aw at ice-sa.com
Wed Dec 1 09:17:46 MST 2010


Maybe the message on top needs a bigger font, or another color.
http://jcifs.samba.org/src/docs/ntlmhttpauth.html

fedayn wrote:
> Hi Michael,
> 
> Likely I've explained very bad my issue.
> 
> The developer team has implemented a web application that needs SSO and
> they've taken advantage of JCIFS SSO Filter to integrate with Active
> Directory so users aren't asked for credentials when they go to the
> application URL.
> As you say, JCIFS performs authentication only with the target file server,
> but before that I think users need to authenticate against a domain
> controller for SSO purpose. Please, correct me if I’m wrong.
> We also have a web.xml file and here you’re the code for the filter:
> 
> <filter>
>     <filter-name>NtlmHttpFilter</filter-name>
>     <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> 
>     <init-param>
>         <param-name>jcifs.http.domainController</param-name>
>         <param-value>dcname.mydomain.com</param-value>
>     </init-param>
> 
>     <init-param>
>         <param-name>jcifs.smb.client.domain</param-name>
>         <param-value>mydomain.com</param-value>
>     </init-param>
>     <init-param>
>         <param-name>jcifs.smb.client.username</param-name>
>         <param-value>user_name</param-value>
>     </init-param>
>     <init-param>
>         <param-name>jcifs.smb.client.password</param-name>
>         <param-value>user_password</param-value>
>     </init-param>
> 	   
> </filter>
> As you can see, we don’t use WINS resolution because we only have DNS
> resolution in our domain. My intention is to set specific domain controllers
> for the NTLM authentication, I don’t want users authenticate against other
> domain controllers that are far from their location to avoid excesive
> network traffic.
> 
> Thank you very much.
> 
> 
> Michael B Allen wrote:
>> Hi fedayn,
>>
>> JCIFS performs authentication only with the target file server
>> (identified by the hostname in the SMB URL). So I'm not really sure I
>> understand the question.
>>
>> Mike
>>
>> -- 
>> Michael B Allen
>> Java Active Directory Integration
>> http://www.ioplex.com/
>>
>>
>> On Wed, Dec 1, 2010 at 8:45 AM, fedayn <jsv at tragsa.es> wrote:
>>> Hi everybody,
>>>
>>> My question is quite simple, is it possible the user has to use a concret
>>> list of domain controllers to authenticate?.
>>>
>>> For instance, create a lmhosts file and set a list of domain controllers.
>>> I
>>> don't know if one of those DC's fails will fallback on the next one on
>>> that
>>> list.
>>>
>>> Thank you.
>>
> Quoted from: 
> http://samba.2283325.n4.nabble.com/Fallback-with-a-list-of-domain-controllers-tp3067287p3067506.html
> 



More information about the jCIFS mailing list