NT_ACCESS_DENIED on Version 2.3.1 - Domain Account

[rcoleman91]

Hi Yoichiro, We are still receiving the NT_ACCESS_DENIED error when attempting to connect using a domain account on a server 2012 SMB share. I have emailed the wireshark capture logs as Github does not support the file types.

Can confirm no issue when connecting from the ChromeOS client to a non-domain joined ubuntu share.

Regards, Ryan

[yoichiro]

@rcoleman91 Thank you for the feedback. I have already get logs from you via your email. Please give me a few days to investigate the logs and the cause.

[yoichiro]

@rcoleman91 I checked the logs you sent to me. Actually, the packet sent from my apps to connect the tree (equals to shared resource) was rejected. And, the packets which communications were successfully have... for Kerberos authentication. I guess that shared resources you tried to access need the Kerberos authentication, and they reject the NTLM(v2) authentication. However, my app doesn't support the Kerberos authentication. As the result, you faced the NT_STATUS_ACCESS_DENIED error, I think.

Ryan, could you confirm that the shared resources can be accessed by users who are authenticated by NTLM(v2) as the server's setting?

[rcoleman91]

Hi Yoichiro, Can confirm NTLMv2 by viewing the event log on the machine that I am attempting to connect to the SMB share.

[rcoleman91]

Can provide the event log if needed.

[yoichiro]

@rcoleman91 Hmm... OK, I see. Actually, the authentication was successfully, but the next command was rejected from the Win Server.

As the one point, when your server returned the result of the negotiation, the security flag has "signature required: true". That is, perphaps, your server rejects all requests which don't have a signature. In fact, my app doesn't support the signature feature. Therefore, your server rejected the command of after negotiation/authentication, I guess...

[yoichiro]

@rcoleman91 I don't start coding for supporting signature, but I found a bug. It was described at the following post: https://plus.google.com/u/0/+YoichiroTanaka/posts/EEJyicfnSqK I have already released a new version 2.4.0 including code to fix the problem.

Perphaps, the version 2.4.0 will not be able to solve the problem reported by you, I guess. But, could you confirm whether or not the new version works on your environment?

[rcoleman91]

@yoichiro Looks like you have done something very right! App is working well. I am able to mount our file server and open files directly from the app. Security is also followed with my test account unable to see any files it does not have security permissions to access.

[yoichiro]

@rcoleman91 Wow! It's nice news to me and all users. Thank you for this feedback. I could fix a big problem by your contribution. You can close this issue.