[jcifs] SMB signing without a WINS server
Michael B Allen
mba2000 at ioplex.com
Wed Sep 14 16:50:14 GMT 2005
On Wed, 14 Sep 2005 09:43:52 +0200
Jeroen ter Voorde <j.tervoorde at home.nl> wrote:
I'm not sure what's going on here but WINS is only used to locate domain controllers. If you specify jcifs.http.domainController the filter should happily use that instead and in your case it looks like that much is working.
Here's something strange though. There is an auth request for '\hans' with no domain. Then there's another auth request for 'QOLINTERN\hans'. It seems like the first is triggering the transport to the DC using the default credentials which has the domain but then the original request chokes in a strange way - the server claims authentication is successful but that the signature is wrong.
> treeConnect: unc=\\VM_2003_SERVER\IPC$,service=?????
> sessionSetup: accountName=hans,primaryDomain=
> treeConnect: unc=\\VM_2003_SERVER\IPC$,service=?????
> sessionSetup: accountName=hans,primaryDomain=QOLINTERN
<snip>
>
> SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorC
> de=The operation completed
> successfully.,flags=0x0018,flags2=0xC007,signSeq=0,t
> d=0,pid=65036,uid=0,mid=2,wordCount=13,byteCount=113,andxCommand=0x75,andxOffse
> =174,snd_buf_size=4356,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=2
> ,unicodePasswordLength=24,capabilities=4180,accountName=hans,primaryDomain=QOLI
> TERN,NATIVE_OS=Windows XP,NATIVE_LANMAN=jCIFS]
primaryDomain ok above.
> SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCod
> =The operation completed
> successfully.,flags=0x0018,flags2=0x0000,signSeq=0,tid
> 0,pid=65036,uid=0,mid=0,wordCount=4,byteCount=51,andxCommand=0xFF,andxOffset=0,
> isconnectTid=false,passwordLength=1,password=,path=\\VM_2003_SERVER\IPC$,servic
> =?????]
<snip>
> SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorC
> de=The operation completed
> successfully.,flags=0x0018,flags2=0xC007,signSeq=0,t
> d=0,pid=65036,uid=0,mid=3,wordCount=13,byteCount=95,andxCommand=0x75,andxOffset
> 156,snd_buf_size=4356,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24
> unicodePasswordLength=24,capabilities=4180,accountName=hans,primaryDomain=,NATI
primaryDomain empty in line above ^.
> E_OS=Windows XP,NATIVE_LANMAN=jCIFS]
> SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCod
> =The operation completed
> successfully.,flags=0x0018,flags2=0x0000,signSeq=0,tid
> 0,pid=65036,uid=0,mid=0,wordCount=4,byteCount=51,andxCommand=0xFF,andxOffset=0,
> isconnectTid=false,passwordLength=1,password=,path=\\VM_2003_SERVER\IPC$,servic
> =?????]
<snip>
> digest:
> 00000: 94 52 74 B2 8F 5C 8C 0C AA 06 EC DA 27 F0 A0 8B |.Rt___.\..¬.ý___'á.|
>
> signature verification failure
> 00000: 94 52 74 B2 8F 5C 8C 0C |.Rt___.\.. |
>
> 00000: 0F F6 06 93 27 D9 00 F2 |.÷..'___.___ |
>
> NtlmHttpFilter: hans: 0xC0000022: jcifs.smb.SmbAuthException: Access is
> denied.
Jeroen,
I believe this has been reported previously but no one has ever been able to supply enough information to debug the problem. I would really appreciate it if you could send me packet captures [1] from the HTTP server machine of 1) the failure using the config you provided but then 2) success with the jcifs.netbios.wins parameter added. Just add the wins parameter. Meaning don't remove the domainController parameter (unless that fails in which case do what you need to to get a packet capture of successful behavior and send the config along with your captures). The captures must be from the HTTP server so that you get both HTTP and CIFS traffic.
If you can supply those captures it might help me figure out what's going on.
Mike
[1] http://jcifs.samba.org/capture.html
More information about the jcifs
mailing list