Cannot create a connection to a NAS using JAASAuthenticator

[wbytebier]

Hi,

I'm using jcifs-ng version 2.0.5, but I can't seem to make the JAASAuthenticator work. I always end up with an "invalid null Subject provided"... resource/client.jaas file has been setup to point to the keytab file and includes a principal.

Jaas config: jcifs { com.sun.security.auth.module.Krb5LoginModule required client=true useKeyTab=true storeKey=false keyTab="C:\Users\-----\git\-----.keytab" principal="-----@-----.----.----" debug=true; };

--- code --- Logger l = Logger.getLogger("jcifs.smb.JAASAuthenticator"); l.setLevel(java.util.logging.Level.FINEST); //System.setProperty("java.security.krb5.kdc", "------------"); //System.setProperty("java.security.krb5.realm", "----------"); System.setProperty("sun.security.krb5.debug", "true");

    // Set JAAS
    System.setProperty("java.security.auth.login.config", Thread.currentThread().getContextClassLoader().getResource("resource/client.jaas").toString());
    System.setProperty("java.security.krb5.conf","c:\\users\\-------\\git\\krb5.cnf"); 
    Properties sp = System.getProperties();
    PropertyConfiguration p = new PropertyConfiguration(sp);
    CIFSContext userCtx = null;
    BaseContext bc = new BaseContext(p);
    JAASAuthenticator ja = new JAASAuthenticator(bc);
    ja.setUser("-------");
    ja.setRealm("-------");
    userCtx = bc.withCredentials(ja);

    try {
        SmbResource f = new SmbFile("smb://----.-----.-----/Share/Filter.csv", userCtx);
        System.out.printf("%s%n",f.exists());
    }
    catch ( Exception e ) {
        e.printStackTrace();
    }

--- debug --- 2643 [Transport4] DEBUG jcifs.internal.smb1.com.SmbComNegotiateResponse - Have initial token 60820076068200062B0601050502A0820-------- 42643 [Transport4] DEBUG jcifs.smb.SmbTransportImpl - Negotiation response on Transport4 :SmbComNegotiateResponse[command=SMB_COM_NEGOTIATE,received=true,errorCode=0,flags=0x0098,flags2=0xC801,signSeq=0,tid=0,pid=11842,uid=0,mid=0,wordCount=17,byteCount=138,wordCount=17,dialectIndex=0,securityMode=0x3,security=user,encryptedPasswords=true,maxMpxCount=255,maxNumberVcs=50,maxBufferSize=65535,maxRawSize=0,sessionKey=0x9AD7FB3A,capabilities=0x8000D2FC,serverTime=Tue Feb 27 22:36:42 CET 2018,serverTimeZone=-60,encryptionKeyLength=122,byteCount=138,oemDomainName=] 42643 [Transport4] DEBUG jcifs.internal.smb1.com.SmbComNegotiateResponse - Signing not-enabled not-required 42643 [Transport4] DEBUG jcifs.internal.smb1.com.SmbComNegotiateResponse - Unicode is enabled 42643 [Transport4] DEBUG jcifs.smb.SmbTransportImpl - Signature negotiation enforced false (server false) enabled false (server false) 42643 [main] DEBUG jcifs.smb.JAASAuthenticator - Logging on 42674 [main] ERROR jcifs.smb.JAASAuthenticator - Failed to create login context javax.security.auth.login.LoginException: invalid null Subject provided at javax.security.auth.login.LoginContext.(LoginContext.java:384) at javax.security.auth.login.LoginContext.(LoginContext.java:458) at jcifs.smb.JAASAuthenticator.getSubject(JAASAuthenticator.java:214) at jcifs.smb.Kerb5Authenticator.toString(Kerb5Authenticator.java:321) at java.lang.String.valueOf(String.java:2994) at java.lang.StringBuilder.append(StringBuilder.java:131) at jcifs.smb.SmbSessionImpl.toString(SmbSessionImpl.java:1024) at java.lang.String.valueOf(String.java:2994) at java.lang.StringBuilder.append(StringBuilder.java:131) at jcifs.smb.SmbTransportImpl.getSmbSession(SmbTransportImpl.java:381) at jcifs.smb.SmbTransportImpl.getSmbSession(SmbTransportImpl.java:97) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:561) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:484) at jcifs.smb.SmbTreeConnection.connect(SmbTreeConnection.java:460) at jcifs.smb.SmbTreeConnection.connectWrapException(SmbTreeConnection.java:421) at jcifs.smb.SmbFile.ensureTreeConnected(SmbFile.java:545) at jcifs.smb.SmbFile.exists(SmbFile.java:821) at com.---.ods.tools.CopyNasToIngestion.main(CopyNasToIngestion.java:135) 42674 [main] DEBUG jcifs.smb.SmbTransportImpl - Establishing new session SmbSession[credentials=Kerb5Authenticatior[subject=null,user=----@----,realm=----],targetHost=----------,targetDomain=null,uid=0,connectionState=0,usage=1] on Transport4 42674 [main] DEBUG jcifs.smb.SmbTreeImpl - treeConnect: unc=\--------------,service=????? 42674 [main] DEBUG jcifs.smb.JAASAuthenticator - Logging on 42674 [main] ERROR jcifs.smb.JAASAuthenticator - Failed to create login context javax.security.auth.login.LoginException: invalid null Subject provided at javax.security.auth.login.LoginContext.(LoginContext.java:384) at javax.security.auth.login.LoginContext.(LoginContext.java:458) at jcifs.smb.JAASAuthenticator.getSubject(JAASAuthenticator.java:214) at jcifs.smb.Kerb5Authenticator.toString(Kerb5Authenticator.java:321) at java.lang.String.valueOf(String.java:2994) at java.lang.StringBuilder.append(StringBuilder.java:131) at jcifs.smb.SmbSessionImpl.sessionSetup(SmbSessionImpl.java:451) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:358) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:336) at jcifs.smb.SmbTreeImpl.treeConnect(SmbTreeImpl.java:600) at jcifs.smb.SmbTreeConnection.connectTree(SmbTreeConnection.java:609) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:563) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:484) at jcifs.smb.SmbTreeConnection.connect(SmbTreeConnection.java:460) at jcifs.smb.SmbTreeConnection.connectWrapException(SmbTreeConnection.java:421) at jcifs.smb.SmbFile.ensureTreeConnected(SmbFile.java:545) at jcifs.smb.SmbFile.exists(SmbFile.java:821) at com.---.ods.tools.CopyNasToIngestion.main(CopyNasToIngestion.java:135) 42674 [main] DEBUG jcifs.smb.SmbSessionImpl - sessionSetup: Kerb5Authenticatior[subject=null,user=----@----,realm=----] 42674 [main] DEBUG jcifs.smb.SmbSessionImpl - Extended security negotiated 42674 [main] DEBUG jcifs.smb.SmbSessionImpl - Remote host is ------.----.------ 42885 [main] DEBUG jcifs.smb.Kerb5Authenticator - Have initial token NegTokenInit[flags=0,mechs=[1.2.840.48018.1.2.2, 1.2.840.113554.1.2.2, 1.3.6.1.4.1.311.2.2.10],mic=null] 42885 [main] DEBUG jcifs.smb.Kerb5Context - Found ExtendedGSSContext implementation: com.sun.security.jgss.ExtendedGSSContext Java config name: c:\users------\git\krb5.cnf Loaded from Java config 42932 [main] DEBUG jcifs.smb.Kerb5Context - Service name is cifs@------.----.------ 42932 [main] DEBUG jcifs.smb.SmbSessionImpl - Session setup failed jcifs.smb.SmbException: Context setup failed at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:152) at jcifs.smb.SmbSessionImpl$3.run(SmbSessionImpl.java:795) at jcifs.smb.SmbSessionImpl$3.run(SmbSessionImpl.java:790) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at jcifs.smb.SmbSessionImpl.sessionSetupSMB1(SmbSessionImpl.java:790) at jcifs.smb.SmbSessionImpl.sessionSetup(SmbSessionImpl.java:466) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:358) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:336) at jcifs.smb.SmbTreeImpl.treeConnect(SmbTreeImpl.java:600) at jcifs.smb.SmbTreeConnection.connectTree(SmbTreeConnection.java:609) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:563) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:484) at jcifs.smb.SmbTreeConnection.connect(SmbTreeConnection.java:460) at jcifs.smb.SmbTreeConnection.connectWrapException(SmbTreeConnection.java:421) at jcifs.smb.SmbFile.ensureTreeConnected(SmbFile.java:545) at jcifs.smb.SmbFile.exists(SmbFile.java:821) at com.---.ods.tools.CopyNasToIngestion.main(CopyNasToIngestion.java:135) Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:62) at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) at jcifs.smb.Kerb5Context.(Kerb5Context.java:92) at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:334) at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:149) ... 17 more 42932 [main] DEBUG jcifs.smb.SmbTreeImpl - Disconnect tree on treeConnectFailure jcifs.smb.SmbException: Context setup failed at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:152) at jcifs.smb.SmbSessionImpl$3.run(SmbSessionImpl.java:795) at jcifs.smb.SmbSessionImpl$3.run(SmbSessionImpl.java:790) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at jcifs.smb.SmbSessionImpl.sessionSetupSMB1(SmbSessionImpl.java:790) at jcifs.smb.SmbSessionImpl.sessionSetup(SmbSessionImpl.java:466) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:358) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:336) at jcifs.smb.SmbTreeImpl.treeConnect(SmbTreeImpl.java:600) at jcifs.smb.SmbTreeConnection.connectTree(SmbTreeConnection.java:609) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:563) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:484) at jcifs.smb.SmbTreeConnection.connect(SmbTreeConnection.java:460) at jcifs.smb.SmbTreeConnection.connectWrapException(SmbTreeConnection.java:421) at jcifs.smb.SmbFile.ensureTreeConnected(SmbFile.java:545) at jcifs.smb.SmbFile.exists(SmbFile.java:821) at com.---.ods.tools.CopyNasToIngestion.main(CopyNasToIngestion.java:135) Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:62) at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) at jcifs.smb.Kerb5Context.(Kerb5Context.java:92) at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:334) at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:149) ... 17 more 42948 [main] DEBUG jcifs.smb.SmbTreeImpl - Usage dropped to zero, release session 42948 [main] DEBUG jcifs.smb.SmbSessionImpl - Usage dropped to zero, release connection Transport4[------.----.------/--.--.--.--:445,state=3,signingEnforced=false,usage=2] 42948 [main] WARN jcifs.smb.SmbTreeConnection - Referral failed, trying next jcifs.smb.SmbException: Context setup failed at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:152) at jcifs.smb.SmbSessionImpl$3.run(SmbSessionImpl.java:795) at jcifs.smb.SmbSessionImpl$3.run(SmbSessionImpl.java:790) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at jcifs.smb.SmbSessionImpl.sessionSetupSMB1(SmbSessionImpl.java:790) at jcifs.smb.SmbSessionImpl.sessionSetup(SmbSessionImpl.java:466) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:358) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:336) at jcifs.smb.SmbTreeImpl.treeConnect(SmbTreeImpl.java:600) at jcifs.smb.SmbTreeConnection.connectTree(SmbTreeConnection.java:609) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:563) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:484) at jcifs.smb.SmbTreeConnection.connect(SmbTreeConnection.java:460) at jcifs.smb.SmbTreeConnection.connectWrapException(SmbTreeConnection.java:421) at jcifs.smb.SmbFile.ensureTreeConnected(SmbFile.java:545) at jcifs.smb.SmbFile.exists(SmbFile.java:821) at com.---.ods.tools.CopyNasToIngestion.main(CopyNasToIngestion.java:135) Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:62) at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) at jcifs.smb.Kerb5Context.(Kerb5Context.java:92) at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:334) at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:149) ... 17 more jcifs.smb.SmbException: Context setup failed at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:152) at jcifs.smb.SmbSessionImpl$3.run(SmbSessionImpl.java:795) at jcifs.smb.SmbSessionImpl$3.run(SmbSessionImpl.java:790) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at jcifs.smb.SmbSessionImpl.sessionSetupSMB1(SmbSessionImpl.java:790) at jcifs.smb.SmbSessionImpl.sessionSetup(SmbSessionImpl.java:466) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:358) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:336) at jcifs.smb.SmbTreeImpl.treeConnect(SmbTreeImpl.java:600) at jcifs.smb.SmbTreeConnection.connectTree(SmbTreeConnection.java:609) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:563) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:484) at jcifs.smb.SmbTreeConnection.connect(SmbTreeConnection.java:460) at jcifs.smb.SmbTreeConnection.connectWrapException(SmbTreeConnection.java:421) at jcifs.smb.SmbFile.ensureTreeConnected(SmbFile.java:545) at jcifs.smb.SmbFile.exists(SmbFile.java:821) at com.---.ods.tools.CopyNasToIngestion.main(CopyNasToIngestion.java:135) Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:62) at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) at jcifs.smb.Kerb5Context.(Kerb5Context.java:92) at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:334) at jcifs.smb.Kerb5Authenticator.createContext(Kerb5Authenticator.java:149) ... 17 more 42951 [Thread-1] DEBUG jcifs.smb.SmbTransportPoolImpl - Closing pool 42951 [Thread-1] DEBUG jcifs.smb.SmbTransportImpl - Disconnecting transport Transport4[------.----.------/--.--.--.--:445,state=5,signingEnforced=false,usage=0] 42951 [Transport4] DEBUG jcifs.util.transport.Transport - recv failed java.net.SocketException: Socket Closed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) at java.net.SocketInputStream.read(SocketInputStream.java:171) at java.net.SocketInputStream.read(SocketInputStream.java:141) at jcifs.util.transport.Transport.readn(Transport.java:70) at jcifs.smb.SmbTransportImpl.peekKey(SmbTransportImpl.java:783) at jcifs.util.transport.Transport.loop(Transport.java:420) at jcifs.util.transport.Transport.run(Transport.java:762) at java.lang.Thread.run(Thread.java:745) 42951 [Thread-1] DEBUG jcifs.smb.SmbTransportPoolImpl - Removing transport connection Transport4[------.----.------/--.--.--.--,state=5,signingEnforced=false,usage=0] (1772370013) 42951 [Transport4] DEBUG jcifs.util.transport.Transport - Disconnected 42951 [Thread-1] DEBUG jcifs.smb.SmbTransportImpl - Disconnecting transport Transport3[------.----.------/--.--.--.--:445,state=5,signingEnforced=true,usage=0] 42951 [Thread-1] DEBUG jcifs.smb.SmbSessionImpl - Logging off session on Transport3[------.----.------/--.--.--.--:445,state=5,signingEnforced=true,usage=1] 42951 [Transport4] DEBUG jcifs.util.transport.Transport - Notified clients 42951 [Thread-1] DEBUG jcifs.smb.SmbSessionImpl - Disconnect tree on logoff 42951 [Thread-1] DEBUG jcifs.smb.SmbSessionImpl - Reacquire transport 42951 [Thread-1] DEBUG jcifs.util.transport.Transport - Trying to connect a disconnected transport 42992 [Thread-1] DEBUG jcifs.smb.SmbSessionImpl - Usage dropped to zero, release connection Transport3[------.----.------/--.--.--.--:445,state=5,signingEnforced=true,usage=2] 42992 [Thread-1] DEBUG jcifs.util.transport.Transport - Trying to connect a disconnected transport 43024 [Transport3] DEBUG jcifs.util.transport.Transport - recv failed java.net.SocketException: Socket Closed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) at java.net.SocketInputStream.read(SocketInputStream.java:171) at java.net.SocketInputStream.read(SocketInputStream.java:141) at jcifs.util.transport.Transport.readn(Transport.java:70) at jcifs.smb.SmbTransportImpl.peekKey(SmbTransportImpl.java:783) at jcifs.util.transport.Transport.loop(Transport.java:420) at jcifs.util.transport.Transport.run(Transport.java:762) at java.lang.Thread.run(Thread.java:745) 43024 [Thread-1] DEBUG jcifs.smb.SmbTransportPoolImpl - Removing transport connection Transport3[------.----.------/--.--.--.--:445,state=5,signingEnforced=true,usage=0] (643748130) 43024 [Transport3] DEBUG jcifs.util.transport.Transport - Disconnected 43024 [Transport3] DEBUG jcifs.util.transport.Transport - Notified clients 43024 [Thread-1] DEBUG jcifs.smb.SmbTransportImpl - Disconnecting transport Transport2[------.----.------/--.--.--.--:445,state=5,signingEnforced=false,usage=0] 43024 [Thread-1] DEBUG jcifs.smb.SmbSessionImpl - Logging off session on Transport2[------.----.------/--.--.--.--:445,state=5,signingEnforced=false,usage=1] 43024 [Thread-1] DEBUG jcifs.smb.SmbSessionImpl - Disconnect tree on logoff 43024 [Thread-1] DEBUG jcifs.smb.SmbSessionImpl - Reacquire transport 43024 [Thread-1] DEBUG jcifs.util.transport.Transport - Trying to connect a disconnected transport 43071 [Thread-1] DEBUG jcifs.smb.SmbSessionImpl - Usage dropped to zero, release connection Transport2[------.----.------/--.--.--.--:445,state=5,signingEnforced=false,usage=2] 43071 [Thread-1] DEBUG jcifs.util.transport.Transport - Trying to connect a disconnected transport 43102 [Transport2] DEBUG jcifs.util.transport.Transport - recv failed java.net.SocketException: Socket Closed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) at java.net.SocketInputStream.read(SocketInputStream.java:171) at java.net.SocketInputStream.read(SocketInputStream.java:141) at jcifs.util.transport.Transport.readn(Transport.java:70) at jcifs.smb.SmbTransportImpl.peekKey(SmbTransportImpl.java:783) at jcifs.util.transport.Transport.loop(Transport.java:420) at jcifs.util.transport.Transport.run(Transport.java:762) at java.lang.Thread.run(Thread.java:745) 43102 [Thread-1] DEBUG jcifs.smb.SmbTransportPoolImpl - Removing transport connection Transport2[------.----.------/--.--.--.--:445,state=5,signingEnforced=false,usage=0] (1861247844) 43106 [Transport2] DEBUG jcifs.util.transport.Transport - Disconnected 43106 [Transport2] DEBUG jcifs.util.transport.Transport - Notified clients

[mbechler]

Looks to me LoginContext is a tad inconsitent in the arguments it allows. The referenced patch may fix the issue by using another constructor if there is no parent subject.

[wbytebier]

Hi, Thanks for the quick patch! Now I get indeed a subject, but the session setup fails now with a 0xC0000001.

608 [main] DEBUG jcifs.smb.JAASAuthenticator - Got subject: [-------@-----.-------] 608 [main] DEBUG jcifs.smb.SmbSessionImpl - sessionSetup: Kerb5Authenticatior[subject=[-------@-----.-------],user=-------,realm=-----.-------] 608 [main] DEBUG jcifs.smb.SmbSessionImpl - Remote host is --------.-----.------- 609 [main] DEBUG jcifs.smb.Kerb5Authenticator - Have initial token NegTokenInit[flags=0,mechs=[1.2.840.48018.1.2.2, 1.2.840.113554.1.2.2, 1.3.6.1.4.1.311.2.2.10],mic=null] 611 [main] DEBUG jcifs.smb.Kerb5Context - Found ExtendedGSSContext implementation: com.sun.security.jgss.ExtendedGSSContext 619 [main] DEBUG jcifs.smb.Kerb5Context - Service name is cifs@--------.-----.------- Found ticket for -------@-----.------- to go to krbtgt/-----.-------@-----.------- expiring on Thu Mar 01 09:47:33 CET 2018 Entered Krb5Context.initSecContext with state=STATENEW Found ticket for -------@-----.------- to go to krbtgt/-----.-------@-----.------- expiring on Thu Mar 01 09:47:33 CET 2018 Service ticket not found in the subject

Credentials acquireServiceCreds: same realm default etypes for default_tgsenctypes: 23. CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbKdcReq send: kdc=---------.-----.------- TCP:88, timeout=3000, number of retries =3, #bytes=2273 KDCCommunication: kdc=---------.-----.------- TCP:88, timeout=3000,Attempt =1, #bytes=2273 DEBUG: TCPClient reading 6696 bytes KrbKdcReq send: #bytes read=6696 KdcAccessibility: remove ---------.-----.------- EType: sun.security.krb5.internal.crypto.ArcFourHmacEType default etypes for default_tgsenctypes: 23. CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbKdcReq send: kdc=---------.-----.------- TCP:88, timeout=3000, number of retries =3, #bytes=2266 KDCCommunication: kdc=---------.-----.------- TCP:88, timeout=3000,Attempt =1, #bytes=2266 DEBUG: TCPClient reading 2242 bytes KrbKdcReq send: #bytes read=2242 KdcAccessibility: remove ---------.-----.------- EType: sun.security.krb5.internal.crypto.ArcFourHmacEType EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbApReq: APOptions are 00100000 00000000 00000000 00000000 EType: sun.security.krb5.internal.crypto.ArcFourHmacEType Krb5Context setting mySeqNumber to: 875996019 Created InitSecContextToken: .. .. Token dump .. 725 [main] DEBUG jcifs.smb.SmbTransportImpl - Error code: 0xC0000001 for Smb2SessionSetupRequest 726 [main] DEBUG jcifs.smb.SmbSessionImpl - Session setup failed jcifs.smb.SmbException: 0xC0000001 at jcifs.smb.SmbTransportImpl.checkStatus2(SmbTransportImpl.java:1424) at jcifs.smb.SmbTransportImpl.checkStatus(SmbTransportImpl.java:1535) at jcifs.smb.SmbTransportImpl.sendrecv(SmbTransportImpl.java:1007) at jcifs.smb.SmbTransportImpl.send(SmbTransportImpl.java:1506) at jcifs.smb.SmbSessionImpl.sessionSetupSMB2(SmbSessionImpl.java:548) at jcifs.smb.SmbSessionImpl.sessionSetup(SmbSessionImpl.java:477) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:363) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:341) at jcifs.smb.SmbTreeImpl.treeConnect(SmbTreeImpl.java:607) at jcifs.smb.SmbTreeConnection.connectTree(SmbTreeConnection.java:609) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:563) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:484) at jcifs.smb.SmbTreeConnection.connect(SmbTreeConnection.java:460) at jcifs.smb.SmbTreeConnection.connectWrapException(SmbTreeConnection.java:421) at jcifs.smb.SmbFile.ensureTreeConnected(SmbFile.java:550) at jcifs.smb.SmbFile.exists(SmbFile.java:826) at com.axa.ods.tools.CopyNasToIngestion.main(CopyNasToIngestion.java:147) 729 [main] DEBUG jcifs.smb.SmbTreeImpl - Disconnect tree on treeConnectFailure jcifs.smb.SmbException: 0xC0000001 at jcifs.smb.SmbTransportImpl.checkStatus2(SmbTransportImpl.java:1424) at jcifs.smb.SmbTransportImpl.checkStatus(SmbTransportImpl.java:1535) at jcifs.smb.SmbTransportImpl.sendrecv(SmbTransportImpl.java:1007) at jcifs.smb.SmbTransportImpl.send(SmbTransportImpl.java:1506) at jcifs.smb.SmbSessionImpl.sessionSetupSMB2(SmbSessionImpl.java:548) at jcifs.smb.SmbSessionImpl.sessionSetup(SmbSessionImpl.java:477) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:363) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:341) at jcifs.smb.SmbTreeImpl.treeConnect(SmbTreeImpl.java:607) at jcifs.smb.SmbTreeConnection.connectTree(SmbTreeConnection.java:609) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:563) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:484) at jcifs.smb.SmbTreeConnection.connect(SmbTreeConnection.java:460) at jcifs.smb.SmbTreeConnection.connectWrapException(SmbTreeConnection.java:421) at jcifs.smb.SmbFile.ensureTreeConnected(SmbFile.java:550) at jcifs.smb.SmbFile.exists(SmbFile.java:826) at com.axa.ods.tools.CopyNasToIngestion.main(CopyNasToIngestion.java:147) 730 [main] DEBUG jcifs.smb.SmbTreeImpl - Usage dropped to zero, release session

[mbechler]

What kind of NAS is that? Maybe #50 is related, but that one looks more NTLM related so far. I you can provide me packet traces of a working alternative client, preferably samba, and the broken session setup attempt that would be great.

[mbechler]

50 turned out to be (or include) a pretty general signing issue. master might have a fix (or rather mitigation) for that, can you please try whether it works?