[jcifs] Anonymous access to samba servers

Michael B Allen ioplex at gmail.com
Tue Nov 2 01:29:32 MDT 2010

Hi David,

JCIFS is hard coded to never do anonymous because the whole concept of
failing over to anonymous is horrible. But if you explicitly use
NtlmPasswordAuthentication.ANONYMOUS, that should probably be allowed
to work. I suspect there should be an additional condition in the
sessionSetup method where the "fake" exception is thrown that checks
auth != NtlmPasswordAuthentication.ANONYMOUS. Then it will work. Try
it. If it works for you, let me know and I'll add it to the TODO list.


On Mon, Nov 1, 2010 at 3:36 PM, David Kaelbling
<dkaelbling at blackducksoftware.com> wrote:
> Hi,
> I'm having trouble getting anonymous access to Samba servers to work.  I
> couldn't find a solution in the archives, so here goes....
> I'm using jcifs 1.3.15, Samba 3.0.33-3.29.el5_5.1, and Java 1.6.0_13 on
> a Linux box.  The smb.conf is pretty minimal, and is attached.
> "smbclient -N //donald/public/ -c 'ls'" works, sending:
>    Session Setup AndX Request, User: anonymous
> jcifs-1.3.15/examples/List throws SmbAuthException(Logon Failure) from
> SmbTransport.checkStatus().  It sends:
>    Session Setup AndX Request, NTLMSSP_AUTH, User: ?\GUEST
> I tried changing List.java to pass NtlmPasswordAuthentication.ANONYMOUS
> in the SmbFile constructor, after which it sends:
>    Session Setup AndX Request, User: anonymous;
>    Tree Connect AndX, Path: \\donald\PUBLIC
> The server is happy with that -- it returns "Guest: Logged in as GUEST".
> But then SmbSession.sessionSetup() throws a fake login failure in line
> 332.
> Is the logic in sessionSetup for state 10 right?  Around like 295 it
> forces NTLMSSP if auth is not ("","",""), but at line 329 is rejects
> anonymous login if auth.username was not "GUEST".  It seems like there
> are two different definitions for ANONYMOUS in use here!
> Any clues would be appreciated :-)
>  - Thanks
>    David
> --
> David Kaelbling
> Senior Software Engineer
> Black Duck Software, Inc.
> dkaelbling at blackducksoftware.com
> T +1.781.810.2041
> F +1.781.891.5145
> http://www.blackducksoftware.com

Michael B Allen
Java Active Directory Integration

More information about the jCIFS mailing list