NetApp access denied

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

NetApp access denied

Russell_Balast

Dell - Internal Use - Confidential

Using NetApp Release 8.3RC1 

 

Running the jcifs 1.3.18 example code SmbShell to browse a NetApp cifs share, I receive 'Access denied'.

 

The cifs share has packet signing enabled.

 

I have debugged this to line ~150 of NtlmContext.java in jcifs source, which is:

 

ntlmsspFlags &= msg2.getFlags();

 

If I comment out this line, then browsing works.   That is because:

 

ntlmsspFlags=0x60088014

 

and,

 

ms2.getFlags() returns: 0x60088004

 

So the bitwise & turns off the 0x00000010 flag which is (NtlmFlags.java)

 

public static final int NTLMSSP_NEGOTIATE_SIGN = 0x00000010;

 

So, for some reason the NetApp seems to be disabling packet signing during the negotiation.

 

This may be a bug in NetApp.   On the other hand, perhaps it is a

configuration problem or a misunderstanding of the protocol that someone already knows about.

 

Any information appreciated,

Russell

 

 

Reply | Threaded
Open this post in threaded view
|

Re: NetApp access denied

Brett Johnson
This fix for this issue can be found in Google’s
fork of jCIFS here:

https://github.com/googlegsa/filesystem.v3/commit/da4e5a3360dfe6d9a064ffd0f95d17fc133649f1?diff=split


Brett M. Johnson

> On Dec 18, 2015, at 4:00 AM, [hidden email] wrote:
>
> Send jCIFS mailing list submissions to
> [hidden email]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.samba.org/mailman/listinfo/jcifs
> or, via email, send a message with subject or body 'help' to
> [hidden email]
>
> You can reach the person managing the list at
> [hidden email]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of jCIFS digest..."
>
>
> Today's Topics:
>
>   1. NetApp access denied ([hidden email])
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 17 Dec 2015 17:23:28 +0000
> From: <[hidden email]>
> To: <[hidden email]>
> Subject: [jcifs] NetApp access denied
> Message-ID:
> <[hidden email]>
> Content-Type: text/plain; charset="utf-8"
>
> Dell - Internal Use - Confidential
>
> Using NetApp Release 8.3RC1
>
>
>
> Running the jcifs 1.3.18 example code SmbShell to browse a NetApp cifs share, I receive 'Access denied'.
>
>
>
> The cifs share has packet signing enabled.
>
>
>
> I have debugged this to line ~150 of NtlmContext.java in jcifs source, which is:
>
>
>
> ntlmsspFlags &= msg2.getFlags();
>
>
>
> If I comment out this line, then browsing works.   That is because:
>
>
>
> ntlmsspFlags=0x60088014
>
>
>
> and,
>
>
>
> ms2.getFlags() returns: 0x60088004
>
>
>
> So the bitwise & turns off the 0x00000010 flag which is (NtlmFlags.java)
>
>
>
> public static final int NTLMSSP_NEGOTIATE_SIGN = 0x00000010;
>
>
>
> So, for some reason the NetApp seems to be disabling packet signing during the negotiation.
>
>
>
> This may be a bug in NetApp.   On the other hand, perhaps it is a
>
> configuration problem or a misunderstanding of the protocol that someone already knows about.
>
>
>
> Any information appreciated,
>
> Russell
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.samba.org/pipermail/jcifs/attachments/20151217/407a2f20/attachment-0001.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> jCIFS mailing list
> [hidden email]
> https://lists.samba.org/mailman/listinfo/jcifs
>
>
> ------------------------------
>
> End of jCIFS Digest, Vol 154, Issue 1
> *************************************