[jcifs] Jcifs access does not work unless the user is a local admin

Mazhar Vcsl mazhar at virtualcode.co.uk
Thu Feb 4 08:54:24 UTC 2016


Thank you Michael

I will check it out.

Really appreciate you taking the time to respond.

Kind regards

Maz

Sent from my iPhone

> On 3 Feb 2016, at 20:53, Michael B Allen <ioplex at gmail.com> wrote:
> 
>> On Tue, Feb 2, 2016 at 10:47 PM, Mazhar Lateef <mazhar at virtualcode.co.uk> wrote:
>> Hi Michael,
>> 
>> Thank you for your response, much appreciate it,
>> 
>> I will double check the details and try again, but I do have one question,
>> even if I did get the credentials wrong, would they work just by simply
>> adding the user to the local admin group on the file server since that is
>> the observation that I made.
> 
> Hi Maz,
> 
> If the user that you think has access is actually in a different
> domain then that might explain your observation. You have to really
> check the domain in the ACL and with the credentials you're using.
> 
> I have never heard of an authentication problem like you describe that
> is specific to Jespa.
> 
> The most likely explanation is that the credentials are just
> wr-wr-wrong as Fonzie would say.
> 
> Or possibly it could be a group scope issue. For example, if your ACL
> is using a Domain Local Group but you are accessing a resource in a
> different domain, the Domain Local Group will not match! You would
> have to use a Global or Universal Group for the group to be in scope
> in a foreign domain. But this is a wild guess. I just thought of it
> because it's one of those strange Windows things that comes to mind
> when someone has an inexplicable problem.
> 
> Mike
> 
> -- 
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
> 
>> the domain used was the windows pre 2000 domain (short domain)
>> 
>> This was also observed at another site.
>> 
>> Thank you
>> 
>> Maz
>> 
>> 
>>> On Tue, Feb 2, 2016 at 10:17 PM, Michael B Allen <ioplex at gmail.com> wrote:
>>> 
>>> On Sun, Jan 31, 2016 at 8:58 AM, Mazhar Lateef <mazhar at virtualcode.co.uk>
>>> wrote:
>>>> Hi All,
>>>> 
>>>> I have a quick question I am hoping to get an answer for, so thank you
>>>> for
>>>> taking the time in advance  I am trying to understand the reason for the
>>>> following case below.
>>>> 
>>>> A user with FULL read/write permissions to a UNC path is denied access
>>>> when
>>>> the data is accessed using JCIFS - The only option to make it work seems
>>>> to
>>>> be by making the user a local administrator or add to the local admin
>>>> group
>>>> on the target server OR IF the user has other elevated permissions on
>>>> the
>>>> remote server/domain.
>>>> 
>>>> If the user accessed the network path on windows prior to any changes in
>>>> permissions there is no issue with access and everything works as
>>>> expected,
>>>> however if the same access is tried using JCIFS a user denied error is
>>>> thrown, unless the user is made a local admin or domain level access is
>>>> granted.
>>>> 
>>>> Is this normal? and what could be the reason for this?
>>> 
>>> Hi Mazhar,
>>> 
>>> The user credentials are probably just wrong. Figuring out the right
>>> domain be deceptively easy to get wrong. Use ipconfig /all to verify
>>> the domain you *think* is correct for the user. Look at the domain of
>>> the user in the ACL. I bet $1 your domain is actually wrong in one way
>>> or another.
>>> 
>>> Mike



More information about the jCIFS mailing list