jcifs.smb.SmbAuthException: Access Denied with jcifs-ng 2.1.8 version

[anand12]

I have simple Java standalone application to test NAS connectivity using jcifs-ng library with 2.1.8 version.

import jcifs.CIFSContext;
import jcifs.context.SingletonContext;
import jcifs.smb.*;
import java.io.*;

public class Test {
        public static void main(String[] args) throws IOException {
               String domain = “dummyDomain”;
               String user = “dummyUser”;
               String pass = “dummyPwd”;
               String path = “smb://<HOSTNAME>/“;

                NtlmPasswordAuthenticator creds = new NtlmPasswordAuthenticator(domain, user, pass);
                CIFSContext context = SingletonContext.getInstance().withCredentials(creds);
                SmbFile smbFile = new SmbFile(path, context);

                System.out.println(smbFile.exists());

                // list directories
                for(String s: smbFile.list()) {
                       System.out.println(s);
                }
        }
}

When I run above code it works perfectly, able to list all the share paths available in the given host name. Now, I want to list folders/files available in one of the share path ( I have read/write permissions to share path, also able to connect share folder via windows explorer and able to perform create/update/read/write operations on files/folders). I have simple below Java code to test the same.

import jcifs.CIFSContext;
import jcifs.context.SingletonContext;
import jcifs.smb.*;
import java.io.*;

public class Test {
        public static void main(String[] args) throws IOException {
               String domain = “dummyDomain”;
               String user = “dummyUser”;
               String pass = “dummyPwd”;
               String path = “smb://<HOSTNAME>/<SHARE_DIRECTORY>/“;

                NtlmPasswordAuthenticator creds = new NtlmPasswordAuthenticator(domain, user, pass);
                CIFSContext context = SingletonContext.getInstance().withCredentials(creds);
                SmbFile smbFile = new SmbFile(path, context);

                System.out.println(smbFile.exists());

                // list directories
                for(String s: smbFile.list()) {
                       System.out.println(s);
                }
        }
}

When I run the above code getting Access Denied issue.

Exception in thread “main” jcifs.smb.SmbAuthException: Access is denied.
at jcifs.smb.SmbTransportImpl.checkStatus2(SmbTransportImpl.java:1435)
at jcifs.smb.SmbTransportImpl.checkStatus(SmbTransportImpl.java:1578)
at jcifs.smb.SmbTransportImpl.sendrecv(SmbTransportImpl.java:1027)
at jcifs.smb.SmbTransportImpl.send(SmbTransportImpl.java:1549)
at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:409)
at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:347)
at jcifs.smb.SmbTreeImpl.treeConnect(SmbTreeImpl.java:611)
at jcifs.smb.SmbTreeConnection.connectTree(SmbTreeConnection.java:614)
at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:568)
at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:489)
at jcifs.smb.SmbTreeConnection.connect(SmbTreeConnection.java:465)
at jcifs.smb.SmbTreeConnection.connectWrapException(SmbTreeConnection.java:426)
at jcifs.smb.SmbFile.ensureTreeConnected(SmbFile.java:559)
at jcifs.smb.SmbFile.exists(SmbFile.java:859)
at com.examples.Test.main(Test.java:25)

Strangely, I am able to connect to share directory via windows explorer but getting issue via Java application with jcifs-ng 2.1.8 version. Would like to know am I missing anything here or any issue with jcifs-ng 2.1.8 version library?

Any advise on this issue?

#jcifs-ng 2.1.8

[mbechler]

I'm not aware of any potentially related issue fixed after 2.1.8, still would recommend using the latest. Access is denied can indicate an issue relating to SMB signing. Disabling signing would be a good first thing to try (set properties jcifs.smb.client.signingPreferred=false, jcifs.smb.client.signingEnforced=false). If that does not help, can you get a packet capture of a denied connection and a working one from windows?

[anand12]

Thank you @mbechler prompt response.

As of now we have only 2.1.8 version available at our environment, so can not use higher version. I think higher version is 2.1.9 and hope does not have major changes.

As you suggested tried by setting the above properties still getting the same issue.

Tried to Debug more and observed that it is calling tf.withAnonymousCredentials() method from getDcReferrals() available in DfsImpl.java class. Also, not sure why it is calling credentials with anonymous user.

As per the error message it says that Access Denied but exception is SmbAuthException. I am not sure what’s going here as I am able to connect and perform all operation over NAS share folder from Windows Explorer.

[mbechler]

getDcReferrals() is part of the DFS code, making that initial lookup anonymously should be fine. Some more ideas:

• Potentially, the share requires SMB encryption, which unfortunately jcifs-ng still does not support, although I seem to remeber that this should result in a more useful error.
• As you are showing a top level share, I assume that the share is not on DFS, right? Otherwise there is potential for a DFS bug and that the connection is made to the wrong share.
• Is there anything special about the username, and are you sure that the domain is correct? (comparing the NTLM auth data in packet captures would be useful)

[anand12]

@mbechler username and domain associated with user is correct. As I mentioned earlier manually able to connect to share and able to perform all the read/write operations. Issue is very strange not able to figure out the root cause despite enabled TRACE logs as well, at this point of time no clue on how to solve this issue.

Able to perform read/write operations when the drive is mapped to network manually using window explorer.

@mbechler Any advise to resolve this would be appreciate. Thank you!