[
https://issues.apache.org/jira/browse/HTTPCLIENT-1662?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14599312#comment-14599312
]
Karl Wright edited comment on HTTPCLIENT-1662 at 6/24/15 12:18 PM:
-------------------------------------------------------------------
[~michael-o]: While this code is nice, it's beyond the scope of HttpClient, in
my opinion. You really would not want to do an exchange with AD on every page
fetch. Colin's problem is not that he doesn't know the NETBIOS names, it's
that we corrupt them.
bq. I would rather disallow fully-qualified domain names and accept netbios
ones.
That's exactly what the patch permits. It does, however, make an attempt to
maintain backwards compatibility for the four-string NTCredential constructor.
I would have done it a different way perhaps, but Oleg has the full NTPrincipal
in there and allows that to be retrieved, so this is the backwards-compatible
option that was left to me.
was (Author: [email protected]):
[~michael-o]: While this code is nice, it's beyond the scope of HttpClient, in
my opinion. You really would not want to do an exchange with AD on every page
fetch. Colin's problem is not that he doesn't know the NETBIOS names, it's
that we corrupt them.
> NTLM auth failed because NTLMEngineImpl strip domain to base domain name
> ------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1662
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1662
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.5
> Environment: HttpClient 4.3, 4.5
> A http site with NTLM auth
> A domain which Netbios name is not match domain name(e.g.
> domain=mydomain.com; netbios name= testdomain)
> Reporter: Colin
> Assignee: Karl Wright
> Attachments: HTTPCLIENT-1662.patch
>
>
> When generate type 3 message, we change the domain name to base domain name:
> {code}
> // Use only the base domain name!
> final String unqualifiedDomain = convertDomain(domain);
> {code}
> {code}
> /** Strip dot suffix from a name */
> private static String stripDotSuffix(final String value) {
> if (value == null) {
> return null;
> }
> final int index = value.indexOf(".");
> if (index != -1) {
> return value.substring(0, index);
> }
> return value;
> }
> /** Convert domain to standard form */
> private static String convertDomain(final String domain) {
> return stripDotSuffix(domain);
> }
> {code}
> I got http 401 in my environment with correct credential and found the root
> cause is those code got wrong domain name so the domain controller return a
> NTLM sub status code 0xC0000064, which means " The username you typed does
> not exist!"
> The Netbios name of a domain is the "Pre Windows 2000 name" of the domain.
> Is there any issue to use full domain name?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
