[jcifs] NtlmAuthenticator.requestNtlmPasswordAuthentication not always called

Michael B Allen ioplex at gmail.com
Fri Sep 16 10:11:53 MDT 2011

On Thu, Sep 15, 2011 at 10:49 AM, Orlin Hristov <orlin.hristov at gmail.com> wrote:
> Hi There,
> I tried to trap SmbAuthException extending NtlmAuthenticator.
> I followed your
> example posted at: http://jcifs.samba.org/src/docs/authhandler.html but,
> as soon as I start testing it,
> I found that the library not always traps SmbAuthException!
> For example:
> SmbFile f = new SmbFile("smb://ws01/"); // ws01 - server
> f.list(); //throws "jcifs.smb.SmbAuthException:
> Logon failure: unknown user name or bad password.".

Hi Orlin,

If authentication fails listing shares, it tries Anonymous credentials
which usually works over IPC$ but apparently not in your case. Ideally
there should be a clause that retries with the NtlmAuthenticator
supplied credentials if Anonymous fails. But there simply is no such
logic and it's really such an obscure feature I'm hesitant to even add
it to the TODO list. At least JCIFS 2.0 would drop the whole
NtlmAuthenticator thing anyway (because it would not be specific to

Actually no one should use NtlmAuthenticator anymore. The retry loop
should be in your app logic like:

NtlmPasswordAuthentication npa = new
NtlmPasswordAuthentication(domain, username, password);
for ( ;; ) {
  try {
    SmbFile f = new SmbFile(url, npa);
  } catch (SmbAuthException sae) {
    npa = getDifferentCredentials(sae.getMessage());
    if (npa == null)
        throw sae;

The NtlmAuthenticator is just a silly callback mechanism that doesn't
actually do any real work. Dump it.


Michael B Allen
Java Active Directory Integration

> SmbFile f = new SmbFile("smb://ws01/c$/");
> f.list(); //traps SmbAuthException and calls
> my getNtlmPasswordAuthentication method.
> After some debugging I found that
> NtlmAuthenticator.requestNtlmPasswordAuthentication won't be called
> if the 'share' member of SmbFile class is null.
> Probably this is reasonable, but I will be
> thankful if you give me any idea how to workaround it in my code.

More information about the jCIFS mailing list