[jcifs] KerberosAuthExample

Eric Glass eric.glass at gmail.com
Mon Oct 2 13:15:14 GMT 2006 

It is failing to verify the signature of the packet sent by the
server; the error code is whatever error the server sent back.  In
this case the server thinks everything is fine, but the client-side
code is trying to verify the MAC the server sent and failing.

On 10/2/06, Mike Streeton <mike.streeton at ardentia.co.uk> wrote:
>
>
>
>
> I have tracked the problem down and it can be avoid by modifying
> SmbTransport.java @ line 564 to be:
>
>
>
>         if (resp.verifyFailed && resp.errorCode != NtStatus.NT_STATUS_OK) {
>
>
>
> I would consider this more of a hack than a fix as I am not sure why
> verifyFailed is true but errorCode == 0
>
>
>
> Mike
>
>
>
>
> www.ardentia.com the home of NetSearch
>
>  ________________________________
>
>
> From: jcifs-bounces+mike.streeton=ardentia.co.uk at lists.samba.org
> [mailto:jcifs-bounces+mike.streeton=ardentia.co.uk at lists.samba.org]
> On Behalf Of Mike Streeton
>  Sent: 02 October 2006 11:30
>  To: jcifs at lists.samba.org
>  Subject: [jcifs] KerberosAuthExample
>
>
>
>
> Hi,
>
>    I have been trying to get the Kerberos example working with Active
> Directory for this the following information is useful:  KDC = Active
> Directory server, Realm = Domain name (fully qualified). This get you passed
> the login but fails when it tries to access the file:
>
>
>
> Debug is  true storeKey false useTicketCache false useKeyTab false
> doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config is
> false principal is null tryFirstPass is true useFirstPass is false storePass
> is true clearPass is false
>
> username from shared state is my.user
>
>
>
> username from shared state is my.user
>
>
>
> password is mypassword
>
> principal is my.user at ARDENTIA.CO.UK
>
> Acquire TGT using AS Exchange
>
> EncryptionKey: keyType=3 keyBytes (hex dump)=0000: B0 AD C8 E0 AE 9B 38 5B
>
> EncryptionKey: keyType=1 keyBytes (hex dump)=0000: B0 AD C8 E0 AE 9B 38 5B
>
> EncryptionKey: keyType=16 keyBytes (hex dump)=0000: 6D DA 7F D3 80 BF 5E CD
>  97 64 9E 7F 46 91 FE 70  m.....^..d..F..p
>
> 0010: C7 7A BC 64 DA 52 AD AD
>
>             [Krb5LoginModule] authentication succeeded
>
> Commit Succeeded
>
>
>
> jcifs.smb.SmbException: Signature verification failed.
>
>       at
> jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:565)
>
>       at jcifs.smb.SmbTransport.send(SmbTransport.java:662)
>
>       at jcifs.smb.SmbSession.send(SmbSession.java:252)
>
>       at jcifs.smb.SmbTree.treeConnect(SmbTree.java:147)
>
>       at jcifs.smb.SmbFile.connect(SmbFile.java:794)
>
>       at jcifs.smb.SmbFile.connect0(SmbFile.java:761)
>
>       at jcifs.smb.SmbFile.send(SmbFile.java:658)
>
>       at jcifs.smb.SmbFile.doNetEnum(SmbFile.java:1645)
>
>       at jcifs.smb.SmbFile.listFiles(SmbFile.java:1594)
>
>       at jcifs.smb.SmbFile.listFiles(SmbFile.java:1504)
>
>       at KerberosAuthExample.main(KerberosAuthExample.java:49)
>
>
>
> I can access using a standard SmbFile with a NtlmPasswordAuthentication
> object. The url I am using is smb://myfileserver/
>
>
>
> Any ideas?
>
>
>
> Thanks
>
>
>
> Mike
>
>
>
>
>
> www.ardentia.com the home of NetSearch
>
>

More information about the jcifs mailing list