[jcifs] Re: Authentication via SmbSession.logon
Michael B Allen
mba2000 at ioplex.com
Fri Oct 7 01:09:27 GMT 2005
Ahh, well this "ForceGuest" thing isn't what I was talking about but if
it's on (set to 1) then JCIFS will definitely fail because we specifically
block the IsLoggedInAsGuest logons unless the username specified is
actually "guest".
As for security repercussions I think ForceGuest basically puts the
machine into super dumb, drop the pants mode so that home Pee-Cee users
can just share their stuff and not have to figure out how to create
local accounts on all the machines and then know that they need to log
in with MACHINENAME\username all the time.
If you want jCIFS to work without changing the registry you could
remove the block of code at jcifs/smb/SmbSession.java:266. In light of
this ForceGuest thing we should probably make the guest blocking thing
an option.
Mike
On Thu, 6 Oct 2005 18:53:49 -0400
Ovide at ilstechnology.com wrote:
> Michael,
>
> I found the following article at Microsoft support in regards to Windows
> XP.. I implemented the change and on initial testing it worked great.. I
> am not sure as to the security repercussions but will follow-up with what
> I find:
>
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;180548
>
> Change the HKLM\SYSTEM\CurrentControlSet\Control\Lsa "forceguest" entry
> from 1HEX to 0HEX
>
> If ForceGuest is disabled (set to 0), SSPI (Security Support Provider
> Interface) will log on as the specified user.
>
> ovide
>
>
>
>
>
> Michael B Allen <mba2000 at ioplex.com>
> 10/06/2005 05:49 PM
>
> To: Ovide at ilstechnology.com
> cc: jcifs at samba.org
> Subject: Re: Authentication via SmbSession.logon
>
>
> On Thu, 6 Oct 2005 17:05:58 -0400
> Ovide at ilstechnology.com wrote:
>
> > Michael,
> >
> > I am sending you this email outside the jcifs and GMANE message boards
> > because you have replied to several discussions, however, all the
> threads
> > I am following on the subject seem to go dead without any resolution to
> > this particular situation
>
> This is exactly the type of message you SHOULD send to the list so that
> you can communicate with one others that also have the same problem and
> try to solve it.
>
> I can't help because I don't know the answer (don't even have XP)
> but perhaps sp2 rejects NTLMv1 authentication. Try changing the
> lmCompatability value in the registry temporarily just to confirm.
>
> Mike
>
> >
> > Threads:
> > Authentication via SmbSession.logon
> > Question about accessing Named Pipes
> > SmbAuthException: Logon Failure: Unknown User Name or Bad Password
> >
> > I am using the jcifs-1.2.5.jar package for authentication within an
> > application and it is working on the Windows 2000 and 2003 platforms,
> but
> > when using the same test app on Windows XP Pro SP2 I am getting the
> > following when authenticating:
> >
> > OSAUTH-DEBUG: Authentication Failed: User: OFFICECOMP\user Passwd:
> abc123
> > OSAUTH-DEBUG: Authentication Failure Type: NT_STATUS_LOGON_FAILURE
> > OSAUTH-DEBUG: Authentication Failure Type: jcifs.smb.SmbAuthException:
> > Logon failure: unknown user name or bad password.
> > OSAUTH-DEBUG: My domain controller: OFFICECOMP<00>/192.168.1.241
> >
> > I have tried the following which was suggested in the Authentication via
>
> > SmbSession.logon thread,
> >
> > "If it's a local account the creds need be MACHNAME\Localuser. If that
> > doesn't work the account is not valid on that machine. Or there is a bug
> > in jCIFS that we've never heard of but I doubt it. If you still can't
> > make it work, maybe you can get a capture?"
> >
> > but to no avail.
> >
> > The following is what I am getting when I look at Token Monitor
> > 144 11.85971793 javaw.exe:3256 2716 CREATE PROCESS 0002199A:
>
> > \\OFFICECOMP\user Parent: javaw.exe:3256
> > 178 13.03045415 javaw.exe:3920 2088 EXIT PROCESS 0002199A:
> > \\OFFICECOMP\user
> >
> > So I know that my Domain is OFFICECOMP and the username is user
> >
> > Attached SC basic app:
> >
> >
> >
> > If you can please help! Thanks,
> >
> > Ovide Mercure
>
>
More information about the jcifs
mailing list