Databases
StackOverflow2013
Postsdbo
POHow do I use NTLM authentication with Active Directory
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow do I use NTLM authentication with Active Directory
    text
    copied!<p>I am trying to implement NTLM authentication on one of our internal sites and everything is working. The one piece of the puzzle I do not have is how to take the information from NTLM and authenticate with Active Directory.</p> <p>There is a <a href="http://www.innovation.ch/personal/ronald/ntlm.html" rel="nofollow noreferrer">good description of NTLM</a> and the <a href="http://us1.samba.org/samba/docs/man/Samba-Developers-Guide/pwencrypt.html" rel="nofollow noreferrer">encryption used for the passwords</a>, which I used to implement this, but I am not sure of how to verify if the user's password is valid.</p> <p>I am using ColdFusion but a solution to this problem can be in any language (Java, Python, PHP, etc).</p> <p>Edit:</p> <p>I am using ColdFusion on Redhat Enterprise Linux. Unfortunately we cannot use IIS to manage this and instead have to write or use a 3rd party tool for this.</p> <hr> <p><strong>Update</strong> - <em>I got this working and here is what I did</em></p> <p>I went with the <a href="http://jcifs.samba.org/" rel="nofollow noreferrer">JCIFS library from samba.org.</a></p> <blockquote> <p>Note that the method below will only work with NTLMv1 and <strong>DOES NOT</strong> work with NTLMv2. If you are unable to use NTLMv1 you can try <a href="http://www.ioplex.com/jespa.html" rel="nofollow noreferrer">Jespa</a>, which supports NTLMv2 but is not open source, or you can use <a href="http://spnego.sourceforge.net" rel="nofollow noreferrer">Kerberos/SPNEGO.</a></p> </blockquote> <p>Here is my web.xml:</p> <pre><code>&lt;web-app&gt; &lt;display-name&gt;Ntlm&lt;/display-name&gt; &lt;filter&gt; &lt;filter-name&gt;NtlmHttpFilter&lt;/filter-name&gt; &lt;filter-class&gt;jcifs.http.NtlmHttpFilter&lt;/filter-class&gt; &lt;init-param&gt; &lt;param-name&gt;jcifs.http.domainController&lt;/param-name&gt; &lt;param-value&gt;dc01.corp.example.com&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;jcifs.smb.client.domain&lt;/param-name&gt; &lt;param-value&gt;CORP.EXAMPLE.COM&lt;/param-value&gt; &lt;/init-param&gt; &lt;/filter&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;NtlmHttpFilter&lt;/filter-name&gt; &lt;url-pattern&gt;/admin/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;/web-app&gt; </code></pre> <p>Now all URLs matching <code>/admin/*</code> will require NTLM authentication.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload