[jcifs] Role based Authorisation

[Michael B Allen]

On Tue, 10 Aug 2004 15:19:11 +0000 (UTC)
Carsten <cad at halvotec.de> wrote:

> After successful authentication with jcifs 0.9.6 at a nt domain
> controller, I tried to authorise the user based on the role by using
> jcifs-ext 0.9.4. I have tried it out with the implementation of the
> AuthenticatedRequest from the jcifs-ext:
> 
<snip>
> 		Principal principal = getUserPrincipal();
> 		UserManagement userManagement;
> 		String username;
> 		if (principal instanceof NtlmPasswordAuthentication) {
> 			NtlmPasswordAuthentication auth = 
> 				(NtlmPasswordAuthentication) principal;
> 			username = auth.getUsername();
> 			String target = auth.getDomain();
> 			if ("?".equals(target)) target = null;
> 			if (auth.getPassword() == null) auth = null;
> 			userManagement = new UserManagement(target, auth);
<snip>
> 			userManagement.netUserGetGroups(username, 0);
> 
> The only output I've got was:
> 
>         An error occured while getting the roles from domain. 5
> 
> The ErrorCode 5 is an NT Status for Access Violation, when I have followed
> the 

What's the full stack-trace. NT_STATUS_ACCESS_VIOLATION has special
meaning for jCIFS. If the NtlmPasswordAuthentication object was created
with a server challenge different from a server different from the server
with which you are trying to use the credentials you will get this error
indicating that the negotiate credentials are invalid for the target. In
theory the above code should work because you would be communicating
with the domain controller and it is likely the domain controller that
you would be negotiating the credentials with so the NPA should be valid.

Mike

-- 
Greedo shoots first? Not in my Star Wars.