[jcifs] jcifs.smb.SmbAuthException: Logon failure: account currently disabled.

Yannick Lavanant yannick at smellyfrog.com
Fri Oct 10 11:00:26 GMT 2008 


Yeah, we ended up having to use pre-authentication all right. What our admins
did for us was to create an AD account with bare mininum rights. All you need
is to be able to log into AD and that's it. The password is updated every 6
months.
I agree it's not ideal, but our admins who are fairly security conscious were
happy enough with the solution.
You might be able to extend the filter so that it would take an encrypted form
of the password. So in your web.xml, the password would be encrypted.

Bérengère CLAUDEAU wrote:
> Hi,
>
> Thanks for your answer.
> My administrator says WINS servers are not very used now, and it will
disappear very soon...
> So I will have a look to the DnsSrv.patch.
>
> However, I have another question :
> Is the smb account (jcifs.smb.client.username and password) a mandatory
property?
> I don't think most administrators will accept to write a clear password of an
AD account in a web.xml file... So, is it mandatory?
> How can I know if my DC requires SMB signatures?
>
>
> And another problem... the second person is systematically refused!!!
>
> The first person who log in my web application :
>
>     treeConnect: unc=\\GLENAN\IPC$,service=?????
>     sessionSetup: accountName=test,primaryDomain=ILEX
>    
SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0xC007,signSeq=0,tid=0,pid=56123,uid=0,mid=3,wordCount=13,byteCount=107,andxCommand=0x75,andxOffset=168,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24,unicodePasswordLength=24,capabilities=4180,accountName=test,primaryDomain=ILEX,NATIVE_OS=Windows
2003,NATIVE_LANMAN=jCIFS]
>    
SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0x0000,signSeq=0,tid=0,pid=56123,uid=0,mid=0,wordCount=4,byteCount=35,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\GLENAN\IPC$,service=?????]
>     New data read: Transport1[GLENAN<00>/192.168.10.72:0]
>     00000: FF 53 4D 42 73 00 00 00 00 98 07 C0 00 00 EF 1F  |ÿSMBs......À..ï.|
>     00010: C0 0D 9D C3 0C 32 00 00 05 A8 3B DB 03 30 03 00  |À..Ã.2...¨;Û.0..|
>
>    
SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=0,flags=0x0098,flags2=0xC007,signSeq=1,tid=43013,pid=56123,uid=12291,mid=3,wordCount=3,byteCount=150,andxCommand=0x75,andxOffset=191,isLoggedInAsGuest=false,nativeOs=Windows
Server 2003 R2 3790 Service Pack 2,nativeLanMan=Windows Server 2003 R2
5.2,primaryDomain=ILEX]
>     NtlmHttpFilter: ILEX\test successfully authenticated against
0.0.0.0<00>/192.168.10.72
>     NTLM user is : <test>
>
>
> The second person who log in my web application :
>
>     treeConnect: unc=\\GLENAN\IPC$,service=?????
>     sessionSetup: accountName=bcla,primaryDomain=ILEX
>    
SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0xC007,signSeq=2,tid=0,pid=56123,uid=0,mid=4,wordCount=13,byteCount=107,andxCommand=0x75,andxOffset=168,snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,passwordLength=24,unicodePasswordLength=24,capabilities=4180,accountName=bcla,primaryDomain=ILEX,NATIVE_OS=Windows
2003,NATIVE_LANMAN=jCIFS]
>    
SmbComTreeConnectAndX[command=SMB_COM_TREE_CONNECT_ANDX,received=false,errorCode=0,flags=0x0018,flags2=0x0000,signSeq=0,tid=0,pid=56123,uid=0,mid=0,wordCount=4,byteCount=35,andxCommand=0xFF,andxOffset=0,disconnectTid=false,passwordLength=1,password=,path=\\GLENAN\IPC$,service=?????]
>     New data read: Transport1[GLENAN<00>/192.168.10.72:0]
>     00000: FF 53 4D 42 73 22 00 00 C0 98 07 C0 00 00 EE 87  |ÿSMBs"..À..À..î.|
>     00010: 3D B5 38 4F DF 2E 00 00 00 00 3B DB 00 00 04 00  |=µ8Oß.....;Û....|
>
>    
SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCode=Access
is
denied.,flags=0x0098,flags2=0xC007,signSeq=3,tid=0,pid=56123,uid=0,mid=4,wordCount=0,byteCount=0,andxCommand=0xFF,andxOffset=0,isLoggedInAsGuest=false,nativeOs=,nativeLanMan=,primaryDomain=]
>     NtlmHttpFilter: ILEX\bcla: 0xC0000022: jcifs.smb.SmbAuthException: Access
is denied.
>
> The parameters was :
>
>     #JCIFS PROPERTIES
>     #Thu Oct 09 18:09:07 CEST 2008
>     [...]
>     jcifs.netbios.cachePolicy=1200
>     jcifs.smb.client.domain=ILEX
>     jcifs.http.domainController=192.168.10.72
>     jcifs.smb.client.soTimeout=300000
>     jcifs.smb.client.password=ClearPasswordOfTestAccount
>     jcifs.smb.client.username=test
>     jcifs.util.loglevel=4
>     jcifs.encoding=Cp1252
>
>
> Please Help!!!
> Many thanks,
> Bérengère.
>
>

More information about the jcifs mailing list