"logon" to a domain with jCIFS

Allen, Michael B (RSCH) Michael_B_Allen at ml.com
Mon Dec 17 22:38:02 GMT 2001


I have had requests from jCIFS users for a feature that I believe requires
MSRPC/DCE. Basically, these servlet engine/Enterprise Java
Bean/J2EE/JSP/amorphous cloud server's want to be able to authenticate
clients (probably web clients) with an NT/Win2K domain. One group is
actually using a file on a server and basic SMB functions as a make-shift
lock to do the equivalent of real domain auth. This actually works and you can
control access on user and group basis by tweaking the permissions on the
file but it's not the right way to do it (not to mention it's probably not the best
security model).

You might remember I've asked this question before and I've spoken with Luke
about this a bit at one point but I didn't take notes because you directed me
to the Samba code so I thought I'd be able to find it at a later date.
Unfortunately there seems to be quite a bit of rpc/authentication related stuff
and I'm not quite sure what I'm looking for in the first place. What is the
operation called? Can you point me to a particular function of interest from
which I can fan out? I realize I may need to implement NDR and do some
crypto but where is a decent starting point? Is this one pipe transaction or do I
need to do a whole DCE preamble/logon/cleanup operation?

Basically we have full pipes support and can read/write arbitrary data (i.e.
RAPs) but we want jCIFS to be able to "logon" to the domain like someone
might with their workstation. Is this like "joining" the domain? I also have
Luke's book if you can refer me to a particular operation in there.

Thanks a bunch,


More information about the samba-technical mailing list