SmbAuthException: Logon failure: user not allowed to log on to this computer

[felipecaparelli]

I am having an issue with SMB Authentication after migrating from the jcifs to jcifs-ng. The code below didn't work with the system user, but in fact, it works when I use a personal account.

`public void setAuth(String fullhostname, String user, String pass){

         Properties prop = new Properties();
         prop.setProperty("jcifs.netbios.hostname", fullhostname);
         //prop.setProperty("jcifs.smb.client.enableSMB2", "true");
         //prop.setProperty("jcifs.smb.client.disableSMB1", "true");
         //prop.setProperty("jcifs.smb.client.disablePlainTextPasswords", "false");
         prop.setProperty("jcifs.smb.client.useExtendedSecurity", "false");
         prop.setProperty("jcifs.smb.client.forceExtendedSecurity", "false");
         prop.setProperty("jcifs.smb.useRawNTLM", "true");
         prop.setProperty("jcifs.smb.client.signingPreferred", "false");
         prop.setProperty("jcifs.smb.client.signingEnforced", "false");
         prop.setProperty("jcifs.smb.client.enforceSpnegoIntegrity", "true");
         prop.setProperty("jcifs.smb.client.useNtStatus", "false");
         prop.setProperty("jcifs.smb.client.useNTSmbs", "false");
         //prop.setProperty("jcifs.smb.lmCompatibility", "0");

         try{
                Configuration config = new PropertyConfiguration(prop);

                CIFSContext ctx = new BaseContext(config);
                ctxWithCred = ctx.withCredentials(new NtlmPasswordAuthentication(ctx, DOMAIN, user, pass));

                ctxWithCred.getTransportPool().logon(ctxWithCred, ctxWithCred.getNameServiceClient().getByName(SERVERNAME));

         }catch(Exception ex){
                ex.printStackTrace();
         }      
   }

`

We have tried this code using both SMB1 and SMB2 environment but the result was the same:

jcifs.smb.SmbAuthException: Logon failure: user not allowed to log on to this computer. at jcifs.smb.SmbTransportImpl.checkStatus(SmbTransportImpl.java:1330) at jcifs.smb.SmbTransportImpl.checkStatus(SmbTransportImpl.java:1509) at jcifs.smb.SmbTransportImpl.sendrecv(SmbTransportImpl.java:980) at jcifs.smb.SmbTransportImpl.send(SmbTransportImpl.java:1475) at jcifs.smb.SmbTransportImpl.send(SmbTransportImpl.java:1439) at jcifs.smb.SmbSessionImpl.sessionSetupSMB1(SmbSessionImpl.java:740) at jcifs.smb.SmbSessionImpl.sessionSetup(SmbSessionImpl.java:466) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:358) at jcifs.smb.SmbSessionImpl.send(SmbSessionImpl.java:336) at jcifs.smb.SmbTreeImpl.treeConnect(SmbTreeImpl.java:600) at jcifs.smb.SmbTreeConnection.connectTree(SmbTreeConnection.java:609) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:563) at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:484) at jcifs.smb.SmbTreeConnection.connect(SmbTreeConnection.java:460) at jcifs.smb.SmbTreeConnection.connectWrapException(SmbTreeConnection.java:421) at jcifs.smb.SmbFile.ensureTreeConnected(SmbFile.java:545) at jcifs.smb.SmbEnumerationUtil.doEnum(SmbEnumerationUtil.java:225) at jcifs.smb.SmbEnumerationUtil.listFiles(SmbEnumerationUtil.java:283) at jcifs.smb.SmbFile.listFiles(SmbFile.java:1219) at main.java.JcifsNg206_test.listFilesFromDir(JcifsNg206_test.java:96) at main.java.JcifsNg206_test.main(JcifsNg206_test.java:42)

IMPORTANT: Another point is, when we tried to move to smbj library we didn't have any problem to connect with both accounts, so the limitation is not totally related to the used account (that still works with old library jcifs - SMB1).

Can somebody help me with that? Thanks in advance.

[mbechler]

Unfortunately I don't have much of an idea what could be wrong there. Maybe there is an difference in the host/computer names we send in the NTLM messages.

Can you provide more details? Packet traces of a working/not working setup would be great.

[mbechler]

The changes I commited for testing in #98 right now, allow more control over the hostname sent (by default it won't send any), could you try whether this changes anything?