[jcifs] Jcifs Error after upgrading from 1.2.17 to 1.3.14 (Access Denied)

Michael B Allen ioplex at gmail.com
Tue Jun 28 18:43:59 MDT 2011 

Hi Russ,

What do you mean "when trying to NTLM authenticate"?

What is the error / exception / stack trace?

What does you code do / look like?

Are you trying to authenticate HTTP clients?

Mike

-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/


On Mon, Jun 27, 2011 at 6:44 PM, Russel Morgan <russel.morgan at disney.com> wrote:
> Jcifs Team:
>
> We have recently upgraded the jcifs library on one of our systems and are
> experiencing an issue with users getting "Access Denied" when trying to NTLM
> authenticate.
>
> Behavior:
> If a user is logged into our application client, and we restart the service with
> the new 1.3.14 jcifs jar being used, once the service comes back up, previously
> logged in users are not able to be re-authenticated with the service for
> anywhere from 3-10 minutes.
>
> New users, or users that have exited their application and attempt to
> re-authenticate with the service are authenticated correctly and without wait or
> retry.
>
> Eventually the service is able to authenticate the previously logged in users,
> but this is fairly painful from an end user perspective.
>
> If we take the same service and roll it back to jcifs 1.2.17.jar this does not
> happen. On the 1.2x jar individuals that are newly authenticated , along with
> individuals that were already logged in before the service restart, are all
> authenticated without error.
>
> Dump of *.out showing a request/error
>
> treeConnect: unc=\\NENA\IPC$,service=?????
> sessionSetup: accountName=sidimem,primaryDomain=nena
> NtlmContext[auth=nena\sidimem,ntlmsspFlags=0x60088014,
> workstation=JCIFS64_65_B3,
> isEstablished=false,state=1,serverChallenge=null,signingKey=null]
> Type1Message[suppliedDomain=nena,
> suppliedWorkstation=JCIFS64_65_B3,flags=0x60088215]
> 00000: 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 B2 08 60  |NTLMSSP......¦.`|
> 00010: 04 00 04 00 20 00 00 00 0D 00 0D 00 24 00 00 00  |.... .......$...|
> 00020: 4E 45 4E 41 4A 43 49 46 53 36 34 5F 36 35 5F 42  |NENAJCIFS64_65_B|
> 00030: 33                                               |3               |
>
> update: 0 0:16
> 00000: 84 FD B6 F8 58 E6 4F 72 58 B1 BD EB BE 9D 91 A2  |.²¦°XµOrX¦+d+..ó|
>
> update: 1 4:146
> 00000: FF 53 4D 42 73 00 00 00 00 18 07 C8 00 00 C0 00  | SMBs......+..+.|
> 00010: 00 00 00 00 00 00 00 00 00 00 34 EC 00 00 64 00  |..........48..d.|
> 00020: 0C FF 00 DE DE 04 41 0A 00 01 00 00 00 00 00 31  |. .¦¦.A........1|
> 00030: 00 00 00 00 00 54 10 00 80 57 00 4E 54 4C 4D 53  |.....T...W.NTLMS|
> 00040: 53 50 00 01 00 00 00 15 B2 08 60 04 00 04 00 20  |SP......¦.`.... |
> 00050: 00 00 00 0D 00 0D 00 24 00 00 00 4E 45 4E 41 4A  |.......$...NENAJ|
> 00060: 43 49 46 53 36 34 5F 36 35 5F 42 33 57 00 69 00  |CIFS64_65_B3W.i.|
> 00070: 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00  |n.d.o.w.s. .2.0.|
> 00080: 30 00 30 00 00 00 6A 00 43 00 49 00 46 00 53 00  |0.0...j.C.I.F.S.|
> 00090: 00 00                                            |..              |
>
> digest:
> 00000: 8D 5D 75 EA D6 F1 FD 58 0F 88 B5 1A 1E 3E C7 31  |.]uO+±²X..¦..>¦1|
>
> SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,
> errorCode=0,flags=0x0018,flags2=0xC807,signSeq=192,tid=0,pid=60468,uid=0,
> mid=100,wordCount=12,byteCount=87,andxCommand=0xFF,andxOffset=0,
> snd_buf_size=16644,maxMpxCount=10,VC_NUMBER=1,sessionKey=0,lmHash.length=0,
> ntHash.length=0
> ,capabilities=-2147479468,accountName=null,primaryDomain=null,
> NATIVE_OS=Windows
> 2000,NATIVE_LANMAN=jCIFS]
> 00000: FF 53 4D 42 73 00 00 00 00 18 07 C8 00 00 8D 5D  | SMBs......+...]|
> 00010: 75 EA D6 F1 FD 58 00 00 00 00 34 EC 00 00 64 00  |uO+±²X....48..d.|
> 00020: 0C FF 00 DE DE 04 41 0A 00 01 00 00 00 00 00 31  |. .¦¦.A........1|
> 00030: 00 00 00 00 00 54 10 00 80 57 00 4E 54 4C 4D 53  |.....T...W.NTLMS|
> 00040: 53 50 00 01 00 00 00 15 B2 08 60 04 00 04 00 20  |SP......¦.`.... |
> 00050: 00 00 00 0D 00 0D 00 24 00 00 00 4E 45 4E 41 4A  |.......$...NENAJ|
> 00060: 43 49 46 53 36 34 5F 36 35 5F 42 33 57 00 69 00  |CIFS64_65_B3W.i.|
> 00070: 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00  |n.d.o.w.s. .2.0.|
> 00080: 30 00 30 00 00 00 6A 00 43 00 49 00 46 00 53 00  |0.0...j.C.I.F.S.|
> 00090: 00 00                                            |..              |
>
> New data read: Transport4[NENA/139.104.192.10:0]
> 00000: FF 53 4D 42 73 22 00 00 C0 98 07 C8 00 00 10 7B  | SMBs"..+..+...{|
> 00010: 36 CF 13 8C C1 32 00 00 00 00 34 EC 00 00 64 00  |6-..-2....48..d.|
>
> SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,
> received=false,errorCode=Access is
> denied.,flags=0x0098,flags2=0xC807,signSeq=193,tid=0,pid=60468,
> uid=0,mid=100,wordCount=0,byteCount=0,andxCommand=0xFF,andxOffset=0,
> isLoggedInAsGuest=false,nativeOs=,nativeLanMan=,primaryDomain=]
> 00000: FF 53 4D 42 73 22 00 00 C0 98 07 C8 00 00 10 7B  | SMBs"..+..+...{|
> 00010: 36 CF 13 8C C1 32 00 00 00 00 34 EC 00 00 64 00  |6-..-2....48..d.|
> 00020: 00 00 00
>
> arguments used for jcifs currently:
> -Djcifs.util.loglevel= 1
> -Djcifs.resolveOrder= DNS
>
> This seems like something is being cached, since new requests to authenticate
> succeed immediately, is there a setting that we can change to help mitigate this
> issue?
>
> Any help would be appreciated.
> Russel Morgan
> Walt Disney Company
>
>

More information about the jCIFS mailing list