[jcifs] what is the different process between the parameter domain is null and empty string.

Michael B Allen ioplex at gmail.com
Thu Jun 23 02:01:22 UTC 2016 

On Mon, Jun 20, 2016 at 9:50 PM,  <HuangLijun at rst.ricoh.com> wrote:
>
> お疲れ様です、黄です。
> いつもお世話になっております。
> Hello,
>
> Recently I use the SmbFile.connect to check if the Authentication is
> successful, in Android, using JCIFS.
>
> The authentication test runs in two remote machines, the two remote
> machines are inside different domain server.
> I call SmbFile.connect to access the two remote machines, when the
> parameter of domain is null, one of the two remote machine can access
> successfully,
> the other can not access, SmbFile.connect return connect fail:Logon
> failure: unknown user name or bad password.
> However when the parameter of domain is empty string, the two remote
> machines can access succesfully.
>
>  I see when domain is null then use the "?" to replace in the source code,but
>  I don't know that whether there will be special process about the "?" .
>
>  If possible, can you tell me what is the different process between the
>  parameter domain is null and empty string.

Hi,

The PrimaryDomain field is only used if extended security is not
negotiated which means you're not doing NTLMv2 so you might want to
figure out why first as NTLMv1 and non-extended security is basically
not secure and actually should be disabled probably.

If you still want to know, then if PrimaryDomain is null or an empty
string, that means the client doesn't know the domain and the server
should guess. How it works on the server side is unclear since, again,
it is an obsolete part of the protocol that is not normally used. But
one explanation could be that the credentials are for the local
account and not a domain account or they are for the domain that the
server is in (it would have to be one of the two really).

But again, you might want to look into getting extended security to
work because you don't want to be caught doing NTLMv1 or you might as
well walk around with your pants down.

Mike

-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/

More information about the jCIFS mailing list