|

»

»

NTLM + Log On To field in Active Directory

View: New views

5 Messages — Rating Filter: Alert me

	NTLM + Log On To field in Active Directory by robin bad :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello! I made my own NTLM Authenticator like NtlmHttpFilter, and it works fine in case in user's field "Log On To" (in Active Directory) option "All computers" is selected. But if there is only client computer in this field, NTLM authentication fails. Let's look into the sources. Login and hashes check is here: ntlm = new NtlmPasswordAuthentication(domain, user, challenge, lmResponse, ntResponse); ... SmbSession.logon(domainController, ntlm); In SmbSession.logon: SmbTransport.getSmbTransport( dc, port ).getSmbSession( auth ) There is one interesting metod in SmbTransport: static synchronized SmbTransport getSmbTransport( UniAddress address, int port, InetAddress localAddr, int localPort ) What is "localAddr"? Is it address of the client? If it is, how can i use it? If its not, is there a way to resolve the problem?
	Re: NTLM + Log On To field in Active Directory by AsafM :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Perhaps you can supply a screenshot of the AD screen, because I can't seem to understand your first paragraph. Also I didn't understand what was the configuration that failed your authenticator. Which container are you working with? On Fri, Jul 11, 2008 at 11:32 AM, robin bad <robin_bad@...> wrote: Hello! I made my own NTLM Authenticator like NtlmHttpFilter, and it works fine in case in user's field "Log On To" (in Active Directory) option "All computers" is selected. But if there is only client computer in this field, NTLM authentication fails. Let's look into the sources. Login and hashes check is here: ntlm = new NtlmPasswordAuthentication(domain, user, challenge, lmResponse, ntResponse); ... SmbSession.logon(domainController, ntlm); In SmbSession.logon: SmbTransport.getSmbTransport( dc, port ).getSmbSession( auth ) There is one interesting metod in SmbTransport: static synchronized SmbTransport getSmbTransport( UniAddress address, int port, InetAddress localAddr, int localPort ) What is "localAddr"? Is it address of the client? If it is, how can i use it? If its not, is there a way to resolve the problem? -- View this message in context: http://www.nabble.com/NTLM-%2B-Log-On-To-field-in-Active-Directory-tp18399106p18399106.html Sent from the Samba - jcifs mailing list archive at Nabble.com.
	Re: NTLM + Log On To field in Active Directory by robin bad :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message AsafM wrote: Perhaps you can supply a screenshot of the AD screen, because I can't seem to understand your first paragraph. This works: And this fails: AsafM wrote: Also I didn't understand what was the configuration that failed your authenticator. Which container are you working with? Tomcat
	Re: NTLM + Log On To field in Active Directory by Kevin Tapperson :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Robin, These are the allowed workstations that the user is authorized to login to. JCIFS acts as any other workstation on the network, so the name of your server running JCIFS must be present in the user's set of allowed workstations for the authentication to succceed for that user. You can set the property jcifs.netbios.hostname to define the machine name that JCIFS will use. On Mon, Jul 14, 2008 at 2:39 AM, robin bad <robin_bad@...> wrote: AsafM wrote: > > Perhaps you can supply a screenshot of the AD screen, because I can't seem > to understand your first paragraph. > This works: http://www.nabble.com/file/p18438891/works.jpg And this fails: http://www.nabble.com/file/p18438891/fails.jpg AsafM wrote: > > Also I didn't understand what was the configuration that failed your > authenticator. Which container are you working with? > Tomcat -- View this message in context: http://www.nabble.com/NTLM-%2B-Log-On-To-field-in-Active-Directory-tp18399106p18438891.html Sent from the Samba - jcifs mailing list archive at Nabble.com. -- Kevin
	Re: NTLM + Log On To field in Active Directory by robin bad :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Kevin Tapperson wrote: Robin, These are the allowed workstations that the user is authorized to login to. JCIFS acts as any other workstation on the network, so the name of your server running JCIFS must be present in the user's set of allowed workstations for the authentication to succceed for that user. You can set the property jcifs.netbios.hostname to define the machine name that JCIFS will use. Thanks for your help. I found this thread - http://lists.samba.org/archive/jcifs/2003-October/002619.html I have the same problem - i need to set "local address" for every user authentification. But it still determine once (in static init block) in NbtAddress.

LightInTheBox - Buy quality products at wholesale price!