CoDev21
commented
1 year ago The same issue occurs using the Example A from README.md.
Switching back to 0.11.5 fixed the problem for me.
Open bodote opened 1 year ago
CoDev21
commented
1 year ago The same issue occurs using the Example A from README.md.
Switching back to 0.11.5 fixed the problem for me.
hierynomus
commented
1 year ago @bodote It seems that the authentication to the main server works fine, and you're traversing to a DFS server. However that server has set signing required. You could try to set SmbConfig.setSigningRequired(true) to see whether that helps.
Octavvianus
commented
11 months ago @bodote @hierynomus I had the same Problem after Upgrading to 12.2. After a little search i found a fix for our case and the commit which introduced the "Problem". First the Fix:
SmbConfig SMB_CONFIG = SmbConfig.builder().withEncryptData(true)
try (SMBClient client = new SMBClient(SMB_CONFIG)){
...The commit which introduced the change in behaviour: https://github.com/hierynomus/smbj/commit/f1c7eaba956773df32df55a41892701fd3486b7c
So prior to 12.0 when using SMB 3.1.1 it always encrypted the packages even with encryptData=false but after v12.0 you have to explizitly set encryptData=true so the SMB2GlobalCapability.SMB2_GLOBAL_CAP_ENCRYPTION is set for the new check in the SMB2NegotiateRequest buildNegotiateContextList Method.
Because if SMB2GlobalCapability.SMB2_GLOBAL_CAP_ENCRYPTION is not present in the capabilities the cipher of the NegotiationContext is set to null. Therefore only sends Signed packages and in our case causes the same error as above happens.
Hope this helps others with the same Problem
bodote
commented
11 months ago I can confirm that adding .withEncryptData(true) also works for me
Grongrilla
commented
11 months ago I have a similar environment as @bodote, and when I try to connect to a share via dfs and .withEncryptedData(true) it works, as suggested here.
However we previiously did not go via dfs, but connected to the actual file server and the actual share. Then .withEncryptedData(true) does nothing. I also tryed .withDfsEnabled(false) and .withDfsEnabled(true), but that did not help.
With 0.11.5 everythin was working fine. Any Ideas @hierynomus ?
2023-10-19 00:51:19,711 DEBUG [http-nio-9092-exec-2] c.h.s.t.PacketReader --- [] Starting PacketReader on thread: Packet Reader for actual_file_server.mycompany.com
2023-10-19 00:51:19,720 DEBUG [http-nio-9092-exec-2] c.h.s.c.SMBProtocolNegotiator --- [] Negotiating dialects [SMB_2_0_2, SMB_2_1, SMB_3_0, SMB_3_0_2, SMB_3_1_1]
2023-10-19 00:51:19,727 DEBUG [http-nio-9092-exec-2] c.h.s.c.Connection --- [] Granted 1 (out of 1) credits to SMB2_NEGOTIATE with message id << 0 >>
2023-10-19 00:51:19,733 TRACE [http-nio-9092-exec-2] c.h.s.t.t.d.DirectTcpTransport --- [] Acquiring write lock to send packet << SMB2_NEGOTIATE with message id << 0 >> >>
2023-10-19 00:51:19,733 DEBUG [http-nio-9092-exec-2] c.h.s.t.t.d.DirectTcpTransport --- [] Writing packet SMB2_NEGOTIATE with message id << 0 >>
2023-10-19 00:51:19,739 TRACE [http-nio-9092-exec-2] c.h.s.t.t.d.DirectTcpTransport --- [] Packet SMB2_NEGOTIATE with message id << 0 >> sent, lock released.
2023-10-19 00:51:19,742 DEBUG [Packet Reader for actual_file_server.mycompany.com] c.h.s.t.PacketReader --- [] Received packet SMB2_NEGOTIATE with message id << 0 >>
2023-10-19 00:51:19,743 DEBUG [Packet Reader for actual_file_server.mycompany.com] c.h.s.c.p.SMB2CreditGrantingPacketHandler --- [] Server granted us 1 credits for SMB2_NEGOTIATE with message id << 0 >>, now available: 1 credits
2023-10-19 00:51:19,744 TRACE [Packet Reader for actual_file_server.mycompany.com] c.h.s.c.p.SMB2AsyncResponsePacketHandler --- [] Send/Recv of packet SMB2_NEGOTIATE with message id << 0 >> took << 15 ms >>
2023-10-19 00:51:19,860 DEBUG [http-nio-9092-exec-2] c.h.s.c.SMBProtocolNegotiator --- [] Negotiated the following connection settings: ConnectionContext{
serverGuid=fcc7b333-d16b-4a25-8bc0-18d2de538bbe,
serverName='actual_file_server.mycompany.com',
negotiatedProtocol=NegotiatedProtocol{dialect=SMB_3_1_1, maxTransactSize=8388608, maxReadSize=8388608, maxWriteSize=8388608},
clientGuid=f9dddd97-a70a-4593-a615-f3093cfed9a9,
clientCapabilities=[SMB2_GLOBAL_CAP_DFS, SMB2_GLOBAL_CAP_LARGE_MTU, SMB2_GLOBAL_CAP_ENCRYPTION],
serverCapabilities=[SMB2_GLOBAL_CAP_DFS, SMB2_GLOBAL_CAP_LEASING, SMB2_GLOBAL_CAP_LARGE_MTU],
clientSecurityMode=1,
serverSecurityMode=1,
server='com.hierynomus.smbj.server.Server@1df8398b'
}
2023-10-19 00:51:19,860 INFO [http-nio-9092-exec-2] c.h.s.c.PacketEncryptor --- [] Initialized PacketEncryptor with Cipher << AES_128_GCM >>
2023-10-19 00:51:19,870 INFO [http-nio-9092-exec-2] c.h.s.c.Connection --- [] Successfully connected to: actual_file_server.mycompany.com
2023-10-19 00:51:19,903 DEBUG [http-nio-9092-exec-2] c.h.s.a.NtlmAuthenticator --- [] Initialized Authentication of myuser using NTLM
2023-10-19 00:51:19,914 DEBUG [http-nio-9092-exec-2] c.h.s.c.Connection --- [] Granted 1 (out of 1) credits to SMB2_SESSION_SETUP with message id << 1 >>
2023-10-19 00:51:19,915 TRACE [http-nio-9092-exec-2] c.h.s.t.t.d.DirectTcpTransport --- [] Acquiring write lock to send packet << SMB2_SESSION_SETUP with message id << 1 >> >>
2023-10-19 00:51:19,915 DEBUG [http-nio-9092-exec-2] c.h.s.t.t.d.DirectTcpTransport --- [] Writing packet SMB2_SESSION_SETUP with message id << 1 >>
2023-10-19 00:51:19,915 TRACE [http-nio-9092-exec-2] c.h.s.t.t.d.DirectTcpTransport --- [] Packet SMB2_SESSION_SETUP with message id << 1 >> sent, lock released.
2023-10-19 00:51:19,917 DEBUG [Packet Reader for actual_file_server.mycompany.com] c.h.s.t.PacketReader --- [] Received packet SMB2_SESSION_SETUP with message id << 1 >>
2023-10-19 00:51:19,917 DEBUG [Packet Reader for actual_file_server.mycompany.com] c.h.s.c.p.SMB2CreditGrantingPacketHandler --- [] Server granted us 1 credits for SMB2_SESSION_SETUP with message id << 1 >>, now available: 1 credits
2023-10-19 00:51:19,917 TRACE [Packet Reader for actual_file_server.mycompany.com] c.h.s.c.p.SMB2AsyncResponsePacketHandler --- [] Send/Recv of packet SMB2_SESSION_SETUP with message id << 1 >> took << 2 ms >>
2023-10-19 00:51:19,926 DEBUG [http-nio-9092-exec-2] c.h.s.c.SMBSessionBuilder --- [] More processing required for authentication of myuser using com.hierynomus.smbj.auth.NtlmAuthenticator@516696d8
2023-10-19 00:51:19,927 DEBUG [http-nio-9092-exec-2] c.h.s.a.NtlmAuthenticator --- [] Received token: ,redacted>
2023-10-19 00:51:19,938 DEBUG [http-nio-9092-exec-2] c.h.n.m.NtlmChallenge --- [] Windows version = WindowsVersion[WINDOWS_MAJOR_VERSION_10, WINDOWS_MINOR_VERSION_0, 14393, NTLMSSP_REVISION_W2K3]
2023-10-19 00:51:19,942 TRACE [http-nio-9092-exec-2] c.h.n.m.TargetInfo --- [] NTLM channel contains MsvAvNdDomainName(2) TargetInfo
2023-10-19 00:51:19,943 TRACE [http-nio-9092-exec-2] c.h.n.m.TargetInfo --- [] NTLM channel contains MsvAvNbComputerName(1) TargetInfo
2023-10-19 00:51:19,943 TRACE [http-nio-9092-exec-2] c.h.n.m.TargetInfo --- [] NTLM channel contains MsvAvDnsDomainName(4) TargetInfo
2023-10-19 00:51:19,943 TRACE [http-nio-9092-exec-2] c.h.n.m.TargetInfo --- [] NTLM channel contains MsvAvDnsComputerName(3) TargetInfo
2023-10-19 00:51:19,944 TRACE [http-nio-9092-exec-2] c.h.n.m.TargetInfo --- [] NTLM channel contains MsvAvDnsTreeName(5) TargetInfo
2023-10-19 00:51:19,944 TRACE [http-nio-9092-exec-2] c.h.n.m.TargetInfo --- [] NTLM channel contains MsvAvTimestamp(7) TargetInfo
2023-10-19 00:51:19,944 TRACE [http-nio-9092-exec-2] c.h.n.m.TargetInfo --- [] NTLM channel contains MsvAvEOL(0) TargetInfo
2023-10-19 00:51:19,944 DEBUG [http-nio-9092-exec-2] c.h.s.a.NtlmAuthenticator --- [] Received NTLM challenge from: DOMAIN
2023-10-19 00:51:19,967 DEBUG [http-nio-9092-exec-2] c.h.s.c.Connection --- [] Granted 1 (out of 1) credits to SMB2_SESSION_SETUP with message id << 2 >>
2023-10-19 00:51:19,968 TRACE [http-nio-9092-exec-2] c.h.s.t.t.d.DirectTcpTransport --- [] Acquiring write lock to send packet << SMB2_SESSION_SETUP with message id << 2 >> >>
2023-10-19 00:51:19,968 DEBUG [http-nio-9092-exec-2] c.h.s.t.t.d.DirectTcpTransport --- [] Writing packet SMB2_SESSION_SETUP with message id << 2 >>
2023-10-19 00:51:19,968 TRACE [http-nio-9092-exec-2] c.h.s.t.t.d.DirectTcpTransport --- [] Packet SMB2_SESSION_SETUP with message id << 2 >> sent, lock released.
2023-10-19 00:51:19,977 DEBUG [Packet Reader for actual_file_server.mycompany.com] c.h.s.t.PacketReader --- [] Received packet SMB2_SESSION_SETUP with message id << 2 >>
2023-10-19 00:51:19,977 DEBUG [Packet Reader for actual_file_server.mycompany.com] c.h.s.c.p.SMB2CreditGrantingPacketHandler --- [] Server granted us 1 credits for SMB2_SESSION_SETUP with message id << 2 >>, now available: 1 credits
2023-10-19 00:51:19,977 TRACE [Packet Reader for actual_file_server.mycompany.com] c.h.s.c.p.SMB2AsyncResponsePacketHandler --- [] Send/Recv of packet SMB2_SESSION_SETUP with message id << 2 >> took << 9 ms >>
2023-10-19 00:51:19,978 INFO [http-nio-9092-exec-2] c.h.s.SMBClient --- [] Going to close all remaining connections
2023-10-19 00:51:19,979 DEBUG [http-nio-9092-exec-2] c.h.s.t.PacketReader --- [] Stopping PacketReader...
2023-10-19 00:51:19,979 INFO [http-nio-9092-exec-2] c.h.s.c.Connection --- [] Closed connection to actual_file_server.mycompany.com
2023-10-19 00:51:19,980 INFO [Packet Reader for actual_file_server.mycompany.com] c.h.s.t.PacketReader --- [] Thread[Packet Reader for actual_file_server.mycompany.com,5,main] stopped.
2023-10-19 00:51:19,982 DEBUG [http-nio-9092-exec-2] c.h.s.SMBClient --- [] Connection to << actual_file_server.mycompany.com:445 >> closed
2023-10-19 00:51:19,982 ERROR [http-nio-9092-exec-2] d.d.d.c.SmbFilereaderService --- [] Connect smb
com.hierynomus.mssmb2.SMBApiException: STATUS_LOGON_FAILURE (0xc000006d): Authentication failed for 'myuser' using com.hierynomus.smbj.auth.NtlmAuthenticator@516696d8
this code works with version 0.11.5 but not with 0.12.2
with version 0.12.2 I get:
STATUS_ACCESS_DENIED (0xc0000022): Authentication failed for 'myuser' using com.hierynomus.smbj.auth.NtlmSealerwithout changing anything else (same java source , same SMB - Server) Logs see attached
tmp_error_anonymized.txt