[jcifs] NTLMv2 and DFS referrals

Michael B Allen ioplex at gmail.com
Wed Jul 29 17:16:00 MDT 2009

On Wed, Jul 29, 2009 at 6:30 PM, Darren Taft<daztop at rocketmail.com> wrote:
>> First, make sure you're using the latest JCIFS. There have been a
>> number of DFS fixes recently.
>> Then, try to reproduce the issue using examples/ListFiles.java. If
>> ListFiles does not work, send me a detailed JCIFS log file and a
>> corresponding packet capture along with the exact commandline you used
>> to run ListFiles and properties file if any and I'll look into it.
> Thanks for the quick response as usual Mike.  I'll directly message you with a log of what happens, as well as the source code I use to reproduce the problem - it's a cut down version of what I have on live.

No, try to use examples/ListFiles.java. If you can reproduce the
problem with ListFiles, I will be much more impressed. If the problem
requires some strange sequence of operations, it will likely sit on
the TODO list for a while.

> To complicate matters slightly I've had to set jcifs.smb.client.dfs.ttl=0, as with a TTL in place I get NullPointerException in SmbFile within the resolve method - domain is null, so domain = domain.toLowerCase() causes the NPE.  I narrowed it down to only occurring when the cache was enabled and only on the second request (the first request to a path succeeds, but a second request to the same path or a path below it fails), so the easiest fix was to just disable the caching.  I've only ever managed to reproduce this fault from our live Solaris servers though (it always works fine when running on Windows), and I'm unable to perform any packet capture from there.

That sounds like a bug in which case I wish you would report it
appropriately. Give me a stack trace, a log fragment, whatever you

> For this specific fault (NT_STATUS_NOT_FOUND), would you be able to give me something that I could filter the packet capture on?  e.g. would all requests always go over a specific port?  Otherwise, the packet capture is going to be very large as I'm remotely connected to the machine that I test from.  There are a large number of domain controllers for our Active Directory, so a filter on all those would be impractical.

I prefer to exclude by port like:

  # tcpdump -s 0 -w /tmp/jcifs.pcap ! port ssh and ! port 2049 and ! port ...

until you get rid of stuff that is obviously unrelated. But if you
must use an inclusive filter instead do:

  # tcpdump -s 0 -w /tmp/jcifs.pcap port 445 and port 139 and port 53

This should get all CIFS and DNS traffic.

And as I'm sure you already know, pcaps should not be posted to the list.


Michael B Allen
Java Active Directory Integration

More information about the jcifs mailing list