[jcifs] Querying SIDs with NTLM + JCIFS 1.3.0

Tom Scheideck scheidecker at hotmail.com
Thu Nov 13 20:32:51 GMT 2008


After authenticating an user via NTLM, how can I obtain the SID from the User, not the SID from the Domain?

Note the code snippet. I can obtain the Domain SID from the NtlmPasswordAuthentication object but I cannot get the current user domain SID which is what I would like to get to fetch all the group SIDs related to it.

I cannot use Active Directory for this, it is a new requirement for NTLM only,

Also, any way to get the current user SID and all the Group SIDs for it from NTLM?

I can get the Domain SID but that is it.

I am using JCIFs 1.3.0 jar.

In my code, I try to force SIDs by trying to loop all possibilites from RID 1120 and then call resolveSids.

But, that does not work.

Any light to this?

Thanks in advance.

try {
    UniAddress myDomain = getPrimaryDomain(ip);
    NTLMAuth = new NtlmPasswordAuthentication(domainName,userName,password);
    SmbSession.logon(myDomain, NTLMAuth);
    // after loging in, here's how to get the SID for the Domain
    jcifs.smb.SID mySid = jcifs.smb.SID.getServerSid(hostName, NTLMAuth);
  // this returns something like 
  // Sid Domain SID: S-1-5-21-796745780-2711697408-451074171
  // trying to resolve SIDs this way DOES NOT work
  SID[] sids = new SID[10];
    sids[0] = mySid; // assigns domain SID???
    jcifs.smb.SID.resolveSids(hostName, NTLMAuth, sids);
    for (int i = 0; i < sids.length; i++ ) {
        System.out.println("Sids["+i+"] Type: " +sids[i].getType());

    // Second attempt, fails as well

    String sidDomainId = ""+mySid.getDomainSid();

    SID domsid = new SID(sidDomainId);
    int rid = 1120;
    int count = 150;
    SID[] sids = new SID[count];
    for (int i = 0; i < sids.length; i++) { 
        sids[i] = new SID(domsid, rid++);
    SID.resolveSids("ts0", null, sids);
    for (int i = 0; i < sids.length; i++) {
        System.out.println("My SIDs "+sids[i].toString());

  } catch (SmbException smbe) {
      System.out.println("Failed to Authenticate: "+smbe.getMessage()+" NTStatus: "+smbe.getNtStatus());
  } catch (Exception e) {
      System.out.println("Failed to Authenticate: "+e.getMessage());
Color coding for safety: Windows Live Hotmail alerts you to suspicious email.
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list