[jcifs] Jcifs access does not work unless the user is a local admin

Michael B Allen ioplex at gmail.com
Thu Feb 4 01:53:45 UTC 2016


On Tue, Feb 2, 2016 at 10:47 PM, Mazhar Lateef <mazhar at virtualcode.co.uk> wrote:
> Hi Michael,
>
> Thank you for your response, much appreciate it,
>
> I will double check the details and try again, but I do have one question,
> even if I did get the credentials wrong, would they work just by simply
> adding the user to the local admin group on the file server since that is
> the observation that I made.

Hi Maz,

If the user that you think has access is actually in a different
domain then that might explain your observation. You have to really
check the domain in the ACL and with the credentials you're using.

I have never heard of an authentication problem like you describe that
is specific to Jespa.

The most likely explanation is that the credentials are just
wr-wr-wrong as Fonzie would say.

Or possibly it could be a group scope issue. For example, if your ACL
is using a Domain Local Group but you are accessing a resource in a
different domain, the Domain Local Group will not match! You would
have to use a Global or Universal Group for the group to be in scope
in a foreign domain. But this is a wild guess. I just thought of it
because it's one of those strange Windows things that comes to mind
when someone has an inexplicable problem.

Mike

-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/

> the domain used was the windows pre 2000 domain (short domain)
>
> This was also observed at another site.
>
> Thank you
>
> Maz
>
>
> On Tue, Feb 2, 2016 at 10:17 PM, Michael B Allen <ioplex at gmail.com> wrote:
>>
>> On Sun, Jan 31, 2016 at 8:58 AM, Mazhar Lateef <mazhar at virtualcode.co.uk>
>> wrote:
>> > Hi All,
>> >
>> > I have a quick question I am hoping to get an answer for, so thank you
>> > for
>> > taking the time in advance  I am trying to understand the reason for the
>> > following case below.
>> >
>> > A user with FULL read/write permissions to a UNC path is denied access
>> > when
>> > the data is accessed using JCIFS - The only option to make it work seems
>> > to
>> > be by making the user a local administrator or add to the local admin
>> > group
>> > on the target server OR IF the user has other elevated permissions on
>> > the
>> > remote server/domain.
>> >
>> > If the user accessed the network path on windows prior to any changes in
>> > permissions there is no issue with access and everything works as
>> > expected,
>> > however if the same access is tried using JCIFS a user denied error is
>> > thrown, unless the user is made a local admin or domain level access is
>> > granted.
>> >
>> > Is this normal? and what could be the reason for this?
>>
>> Hi Mazhar,
>>
>> The user credentials are probably just wrong. Figuring out the right
>> domain be deceptively easy to get wrong. Use ipconfig /all to verify
>> the domain you *think* is correct for the user. Look at the domain of
>> the user in the ACL. I bet $1 your domain is actually wrong in one way
>> or another.
>>
>> Mike



More information about the jCIFS mailing list