[jcifs] new exception thrown in version 1.3.16

Michael B Allen ioplex at gmail.com
Mon Aug 8 21:55:44 MDT 2011


Hi Bryan,

What happend is that JCIFS started using NTLMv2. The "security =
server" procedure described by Chris will not work with NTLMv2. NTLMv2
includes a "TargetInformation" block that is specifically designed to
thwart the above mentioned man-in-the-middle procedure.

And thus you must set lmcompatibility = 0 to make JCIFS use NTLMv1 to
work with Samba configured with "security = server". Or, better still,
fix your Samba config.

Mike

On Mon, Aug 8, 2011 at 11:30 AM,  <bryan.coleman at dart.biz> wrote:
> While I agree that the server is using older type settings, something
> changed in jcifs version 1.3.16 to cause the exceptions listed below.  We
> have been using jcifs for the same purpose since version 0.7.11 with no
> problems.  For now, we will just continue running version 1.3.15.
>
> Thank you for your time.  It is appreciated!
>
> Bryan
>
>
>
> From:   Michael B Allen <ioplex at gmail.com>
> To:     bryan.coleman at dart.biz
> Cc:     jcifs at samba.org
> Date:   08/05/2011 08:26 PM
> Subject:        Re: [jcifs] new exception thrown in version 1.3.16
> Sent by:        jcifs-bounces at lists.samba.org
>
>
>
> On Fri, Aug 5, 2011 at 9:45 AM,  <bryan.coleman at dart.biz> wrote:
>> I tried a slightly modified version of ListFiles.java (removed for loop
>> and replaced "file = SmbFile(args[a]);" with "file =
>> SmbFile("smb://server/directory/", new
>> NtlmPasswordAuthentication(<domain>, <username>, <password>));".
>>
>> It runs just fine with lmCompatibility=0 and fails without it.
>>
>> Here is the output upon failure:
>>
>> 0 files in 61ms
>> jcifs.smb.SmbException: The parameter is incorrect.
>>        at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:561)
>>        at jcifs.smb.SmbTransport.send(SmbTransport.java:661)
>>        at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:390)
>>        at jcifs.smb.SmbSession.send(SmbSession.java:218)
>>        at jcifs.smb.SmbTree.treeConnect(SmbTree.java:176)
>>        at jcifs.smb.SmbFile.doConnect(SmbFile.java:911)
>>        at jcifs.smb.SmbFile.connect(SmbFile.java:954)
>>        at jcifs.smb.SmbFile.connect0(SmbFile.java:880)
>>        at jcifs.smb.SmbFile.resolveDfs(SmbFile.java:669)
>>        at jcifs.smb.SmbFile.send(SmbFile.java:773)
>>        at jcifs.smb.SmbFile.doFindFirstNext(SmbFile.java:1986)
>>        at jcifs.smb.SmbFile.doEnum(SmbFile.java:1738)
>>        at jcifs.smb.SmbFile.listFiles(SmbFile.java:1715)
>>        at jcifs.smb.SmbFile.listFiles(SmbFile.java:1648)
>
> I think your server is misconfigured. Ironically I'm not particularly
> good at Samba config details. Ask the samba-users mailing list if
> security=server and password server = is the proper technique or
> research deeper into how to configure Samba.
>
>> P. S. The mailing list URL is still broken.  I get a "Not Found: The
>> requested URL /listinfo/jcifs was not found on this server."
>
> Indeed the link is bad. Just go to the top-level lists.samba.org and
> then click on JCIFS from there.
>
> Mike
>
>> Bryan
>>
>>
>>
>> From:   Michael B Allen <ioplex at gmail.com>
>> To:     bryan.coleman at dart.biz
>> Cc:     jcifs at samba.org
>> Date:   08/04/2011 09:08 PM
>> Subject:        Re: new exception thrown in version 1.3.16
>>
>>
>>
>> On Wed, Aug 3, 2011 at 1:06 PM,  <bryan.coleman at dart.biz> wrote:
>>> I was able to remove the useExtendedSecurity parameter; however, I
> still
>>> needed the lmCompatibility=0 one.
>>
>> That actually doesn't make sense because I don't think you can do
>> NTLMv1 without extended security.
>>
>> Try the examples/ListFiles.java example from the commandline without
>> setting any properties. If that does not work, post the full command
>> used and the full stack trace.
>>
>> Mike
>>
>> --
>> Michael B Allen
>> Java Active Directory Integration
>> http://www.ioplex.com/
>>
>>
>>>
>>> The stack traces are:
>>>
>>> jcifs.smb.SmbException: 0xC00000C4
>>>        at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:561)
>>>        at jcifs.smb.SmbTransport.send(SmbTransport.java:661)
>>>        at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:316)
>>>        at jcifs.smb.SmbSession.send(SmbSession.java:218)
>>>        at jcifs.smb.SmbTree.treeConnect(SmbTree.java:176)
>>>        at jcifs.smb.SmbFile.doConnect(SmbFile.java:911)
>>>        at jcifs.smb.SmbFile.connect(SmbFile.java:954)
>>>        at jcifs.smb.SmbFile.connect0(SmbFile.java:880)
>>>        at jcifs.smb.SmbFile.queryPath(SmbFile.java:1335)
>>>        at jcifs.smb.SmbFile.exists(SmbFile.java:1417)
>>>
>>> jcifs.smb.SmbAuthException: Logon failure: unknown user name or bad
>>> password.
>>>        at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:544)
>>>        at jcifs.smb.SmbTransport.send(SmbTransport.java:661)
>>>        at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:316)
>>>        at jcifs.smb.SmbSession.send(SmbSession.java:218)
>>>        at jcifs.smb.SmbTree.treeConnect(SmbTree.java:176)
>>>        at jcifs.smb.SmbFile.doConnect(SmbFile.java:911)
>>>        at jcifs.smb.SmbFile.connect(SmbFile.java:954)
>>>        at jcifs.smb.SmbFile.connect0(SmbFile.java:880)
>>>        at jcifs.smb.SmbFile.queryPath(SmbFile.java:1335)
>>>        at jcifs.smb.SmbFile.exists(SmbFile.java:1417)
>>>
>>>
>>> P. S.  The link to "Join the JCIFS Mailing List" appears to be broken.
>>  I
>>> am getting the jcifs messages; however, my posts are being moderated
>> (and
>>> have not yet been allowed through).
>>>
>>> Thank you,
>>>
>>> Bryan Coleman
>>>
>>>
>>>
>>> From:   Michael B Allen <ioplex at gmail.com>
>>> To:     bryan.coleman at dart.biz
>>> Cc:     jcifs at samba.org
>>> Date:   08/02/2011 09:39 PM
>>> Subject:        Re: new exception thrown in version 1.3.16
>>>
>>>
>>>
>>> On Tue, Aug 2, 2011 at 4:35 PM,  <bryan.coleman at dart.biz> wrote:
>>>> We have been using jcifs for quite a few years now to copy files from
>>> one
>>>> share to another.  Recently, I upgraded to the latest version 1.3.16
>> and
>>>> began experiencing issues with it.
>>>>
>>>> The first attempt appears to work just fine.  Simplified: We
>>> periodically
>>>> grab the list of files from the source directory; determine if each
>> file
>>>> needs to be copied to the destination; then, copy (delete, backup,
>>> etc.).
>>>>
>>>> On the second attempt (with version 1.3.16) we start receiving
>>> exceptions.
>>>>
>>>> The first exception we encounter is "jcifs.smb.SmbException:
>> 0xC00000C4"
>>>> and then every attempt afterwards leads to a
>>> "jcifs.smb.SmbAuthException:
>>>> Logon failure: unknown user name or password.".
>>>>
>>>> The 0xC00000C4 tracks down to a "NT_STATUS_UNEXPECTED_NETWORK_ERROR".
>>>>
>>>> I rolled back to version 1.3.15 and everything works fine again.
>>>>
>>>> Note: I am using the following jcifs parameters
>>>> "jcifs.smb.lmCompatibility=0" and
>>>> "jcifs.smb.client.useExtendedSecurity=false".
>>>>
>>>> Any ideas?
>>>
>>> Hi Bryan,
>>>
>>> You definitely do not need to set those properties. Those properties
>>> tell JCIFS to use NTLMv1 only. Unless you're using a very very old and
>>> obsolete version of Samba and all of the Windows clients are also
>>> forced to use NTLMv1 only as well (which is not particularly secure),
>>> you should not set those properties. And since you're eventually
>>> getting an SmbAuthException: Logon failure, I would not be shocked to
>>> hear that changing those properties changes the behavior of your error
>>> or fixes it entirely. If the problem is not fixed by removing those
>>> properties, then post the full stack trace of each type of exception.
>>>
>>> Mike
>>>
>>> --
>>> Michael B Allen
>>> Java Active Directory Integration
>>> http://www.ioplex.com/
>>>
>>>
>>>
>>
>>
>>
>
>
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
>
>
>



-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/


More information about the jCIFS mailing list