[jcifs] Re: ACLs - SmbException: Incorrect function / DFS and
signing
Thomas Bley
thomas.bley at simple-groupware.de
Wed Jun 27 03:29:46 GMT 2007
Hello Mike,
Great!
I am making progress with the problem of "Access denied" with DFS and
signing.
When a dfs server requires signing (e.g. Win2k3 R2), all connections end
in "access denied" after connecting to a second server and coming back
to the dfs server.
Using a disconnect before opening a new connection seems to fix the
problem, what do you think about it ?
smbfile.java:
// perform a disconnect before connecting to another server
UniAddress currAddr;
try {
addr = UniAddress.getByName( dr.server );
currAddr = getAddress();
} catch( UnknownHostException uhe ) {
throw new SmbException( dr.server, uhe );
}
if (!addr.equals(currAddr)) {
try {
tree.session.transport.disconnect(true);
} catch (IOException e) {
throw new SmbException( "Failed to disconnect !!", e);
}
}
trans = SmbTransport.getSmbTransport( addr, url.getPort() );
tree = trans.getSmbSession( auth ).getSmbTree( dr.share, null );
SmbTransport.java:
// set address to null to avoid reusing a closed connection
protected void doDisconnect( boolean hard ) throws IOException {
ListIterator iter = sessions.listIterator();
while (iter.hasNext()) {
SmbSession ssn = (SmbSession)iter.next();
ssn.logoff( hard );
}
socket.shutdownOutput();
out.close();
in.close();
socket.close();
// connection may not be reused
this.address = null;
digest = null;
}
Best regards,
Thomas
Michael B Allen wrote:
> Yup. I have the code using WriteAndX/ReadAndX for the Bind now. Jake is
> going to try it.
>
> Keep you posted,
> Mike
>
> On Wed, 27 Jun 2007 03:31:29 +0200
> Thomas Bley <thomas.bley at simple-groupware.de> wrote:
>
>
>> Hello,
>>
>> I have the same problem. Here is what I found out so far:
>> When Windows explorer is the client, it starts the DCERPC with the
>> command "Write AndX" (0x2f).
>> When JCIFS is the client, it starts DCERPC with "TransactNmPipe" (0x0026).
>> Windows servers and Samba understand the TransactNmPipe very well, but
>> for some reason NetApp doesn't.
>> My tests were made with a NetApp FAS3050; OS-Version Ontap 7.1.1.
>>
>> If the error is happening, jCIFS falls back to NetShareEnum methods
>> which resolve share names, but without unicode characters and only up to
>> 12 characters in length.
>> Maybe it is an older method which requires some compatibility setting
>> enabled in the NetApp machine (maybe sth. like enable WindowsNT
>> compatibility, enable namedpipe rpcs, etc.). Do you have any idea or
>> maybe you can even ask the NetApp support for this ?
>> (if required, I can provide some Ethereal traces)
>>
>> bye
>> Thomas
>>
>>
>>
>> Jake Goulding wrote:
>>
>>> It is a NetApp SAN, and it is configured with local groups, which
>>> would lead me to think that this type of function would be
>>> implemented. For what it's worth, a user from the Windows Explorer can
>>> right-click and see resolved local groups.
>>>
>>> Michael B Allen wrote:
>>>
>>>> Hey Jake,
>>>>
>>>> That looks like the server doesn't understand DCERPC. Like Novell
>>>> maybe. But I would have to see a trace to confirm.
>>>>
>>>> Mike
>>>>
>>>> On Mon, 25 Jun 2007 09:43:17 -0400
>>>> Jake Goulding <goulding at vivisimo.com> wrote:
>>>>
>>>>
>>>>
>>>>> Trying to retrieve some ACLs for a file, I get the following
>>>>> Exception. Does this ring a bell for anyone? I'm working on getting
>>>>> more information about the particular setup being used, but I
>>>>> figured I could check here first.
>>>>>
>>>>> com.vivisimo.connector.SMBConnector$SMBException: Could not get the ACL
>>>>> at
>>>>> com.vivisimo.connector.SMBConnector.setACL(SMBConnector.java:315)
>>>>> at
>>>>> com.vivisimo.connector.SMBConnector.processFile(SMBConnector.java:293)
>>>>> at
>>>>> com.vivisimo.connector.SMBConnector.processNode(SMBConnector.java:102)
>>>>> at
>>>>> com.vivisimo.connector.ConnectorWorker.run(ConnectorWorker.java:502)
>>>>> Caused by: jcifs.smb.SmbException: Incorrect function.
>>>>> at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:514)
>>>>> at jcifs.smb.SmbTransport.send(SmbTransport.java:591)
>>>>> at jcifs.smb.SmbSession.send(SmbSession.java:239)
>>>>> at jcifs.smb.SmbTree.send(SmbTree.java:109)
>>>>> at jcifs.smb.SmbFile.send(SmbFile.java:693)
>>>>> at
>>>>> jcifs.smb.TransactNamedPipeOutputStream.write(TransactNamedPipeOutputStream.java:67)
>>>>>
>>>>> at
>>>>> jcifs.dcerpc.DcerpcPipeHandle.doSendFragment(DcerpcPipeHandle.java:50)
>>>>> at jcifs.dcerpc.DcerpcHandle.sendrecv(DcerpcHandle.java:162)
>>>>> at jcifs.dcerpc.DcerpcHandle.sendrecv(DcerpcHandle.java:129)
>>>>> at
>>>>> jcifs.dcerpc.msrpc.LsaPolicyHandle.<init>(LsaPolicyHandle.java:32)
>>>>> at jcifs.smb.SID.resolveSids0(SID.java:119)
>>>>> at jcifs.smb.SID.resolveSids(SID.java:162)
>>>>> at jcifs.smb.SmbFile.processAces(SmbFile.java:2626)
>>>>> at jcifs.smb.SmbFile.getSecurity(SmbFile.java:2660)
>>>>> at
>>>>> com.vivisimo.connector.SMBConnector.setACL(SMBConnector.java:313)
>>>>> ... 3 more
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>
>
>
More information about the jcifs
mailing list