smb authentication (74 bytes vs 24?)












11















I need to implement a virtual filesystem that will be accessed as a Windows share.



It seems Alfresco JLan is doing the job. So far, I have some promising results starting from this answer: How to setup alfresco jlan file server as a standalone java package?



Now, I can't seem to actually authenticate. My dummy implementation always succeeds, but as soon as I try to validate the password, it just fails.



Some information:




  • It runs on a windows machine with port 445 not being used by Windows itself (Server services disabled etc.)

  • From same Windows 10 client, it seems JLan sees it as ntlmv1 authentication, which looks strange to me (I'd at least expect ntlmv2). alg == NTLM1 in JLan's CifsAuthenticator::validatePassword.

  • It seems the encrypted used password is 74 bytes, vs the 24 it expects, and it fails at that.

  • Had to remove CryptixCrypto that doesn't seem to exist anymore, and replaced getInstance("MD4") by MD4.getInstance() in JLan, as it seems to be the way to go on modern Java platforms (MD4 is not registered by default, as documented in MD4 class itself).


How can I check my password again some plain-text one?










share|improve this question




















  • 1





    Not sure I can provide much help, but I would suggest that the first curiosity to explore is why JLan (which I know nothing about) sees your Win10 box as NTLM1. Unless you've specifically disabled later versions of it, W10 should be negotiating the later version by default. I'd also wonder about any assumptions JLan makes about the connection itself, eg signed, secured, etc (SMB rules). As I said, not much direct help, but some suggestions of where to look. Lastly, you might peruse some of the SAMBA project's work in this area to see if any similar issues on that side might inspire some ideas

    – David W
    Oct 19 '16 at 13:11








  • 2





    Do you receive any errors when authenticating? Can you perhaps share your customizations on GitHub?

    – MojoJojo
    Oct 20 '16 at 1:47











  • @DavidW didn't disable or force anything, and I'm not sure whether it's really trying to do NTLM1 auth or if it's just jlan that gets it like this. I did try to google all of that, but didn't come up with something useful yet. Thanks for your input anyway.

    – ymajoros
    Oct 21 '16 at 12:01











  • @MojoJojo github.com/Valuya/javadance . It just pretends that authentication failed, and putting breakpoints, I can see that it expectes a 24 bytes hash when it's really 74.

    – ymajoros
    Oct 21 '16 at 12:03






  • 1





    Is there any reason why you're not using JCIFS? JCIFS is and has always been the defacto Java implementation of SMB. I don't think that alfresco thing every really took off.

    – squarewav
    Jan 2 '17 at 19:25
















11















I need to implement a virtual filesystem that will be accessed as a Windows share.



It seems Alfresco JLan is doing the job. So far, I have some promising results starting from this answer: How to setup alfresco jlan file server as a standalone java package?



Now, I can't seem to actually authenticate. My dummy implementation always succeeds, but as soon as I try to validate the password, it just fails.



Some information:




  • It runs on a windows machine with port 445 not being used by Windows itself (Server services disabled etc.)

  • From same Windows 10 client, it seems JLan sees it as ntlmv1 authentication, which looks strange to me (I'd at least expect ntlmv2). alg == NTLM1 in JLan's CifsAuthenticator::validatePassword.

  • It seems the encrypted used password is 74 bytes, vs the 24 it expects, and it fails at that.

  • Had to remove CryptixCrypto that doesn't seem to exist anymore, and replaced getInstance("MD4") by MD4.getInstance() in JLan, as it seems to be the way to go on modern Java platforms (MD4 is not registered by default, as documented in MD4 class itself).


How can I check my password again some plain-text one?










share|improve this question




















  • 1





    Not sure I can provide much help, but I would suggest that the first curiosity to explore is why JLan (which I know nothing about) sees your Win10 box as NTLM1. Unless you've specifically disabled later versions of it, W10 should be negotiating the later version by default. I'd also wonder about any assumptions JLan makes about the connection itself, eg signed, secured, etc (SMB rules). As I said, not much direct help, but some suggestions of where to look. Lastly, you might peruse some of the SAMBA project's work in this area to see if any similar issues on that side might inspire some ideas

    – David W
    Oct 19 '16 at 13:11








  • 2





    Do you receive any errors when authenticating? Can you perhaps share your customizations on GitHub?

    – MojoJojo
    Oct 20 '16 at 1:47











  • @DavidW didn't disable or force anything, and I'm not sure whether it's really trying to do NTLM1 auth or if it's just jlan that gets it like this. I did try to google all of that, but didn't come up with something useful yet. Thanks for your input anyway.

    – ymajoros
    Oct 21 '16 at 12:01











  • @MojoJojo github.com/Valuya/javadance . It just pretends that authentication failed, and putting breakpoints, I can see that it expectes a 24 bytes hash when it's really 74.

    – ymajoros
    Oct 21 '16 at 12:03






  • 1





    Is there any reason why you're not using JCIFS? JCIFS is and has always been the defacto Java implementation of SMB. I don't think that alfresco thing every really took off.

    – squarewav
    Jan 2 '17 at 19:25














11












11








11


2






I need to implement a virtual filesystem that will be accessed as a Windows share.



It seems Alfresco JLan is doing the job. So far, I have some promising results starting from this answer: How to setup alfresco jlan file server as a standalone java package?



Now, I can't seem to actually authenticate. My dummy implementation always succeeds, but as soon as I try to validate the password, it just fails.



Some information:




  • It runs on a windows machine with port 445 not being used by Windows itself (Server services disabled etc.)

  • From same Windows 10 client, it seems JLan sees it as ntlmv1 authentication, which looks strange to me (I'd at least expect ntlmv2). alg == NTLM1 in JLan's CifsAuthenticator::validatePassword.

  • It seems the encrypted used password is 74 bytes, vs the 24 it expects, and it fails at that.

  • Had to remove CryptixCrypto that doesn't seem to exist anymore, and replaced getInstance("MD4") by MD4.getInstance() in JLan, as it seems to be the way to go on modern Java platforms (MD4 is not registered by default, as documented in MD4 class itself).


How can I check my password again some plain-text one?










share|improve this question
















I need to implement a virtual filesystem that will be accessed as a Windows share.



It seems Alfresco JLan is doing the job. So far, I have some promising results starting from this answer: How to setup alfresco jlan file server as a standalone java package?



Now, I can't seem to actually authenticate. My dummy implementation always succeeds, but as soon as I try to validate the password, it just fails.



Some information:




  • It runs on a windows machine with port 445 not being used by Windows itself (Server services disabled etc.)

  • From same Windows 10 client, it seems JLan sees it as ntlmv1 authentication, which looks strange to me (I'd at least expect ntlmv2). alg == NTLM1 in JLan's CifsAuthenticator::validatePassword.

  • It seems the encrypted used password is 74 bytes, vs the 24 it expects, and it fails at that.

  • Had to remove CryptixCrypto that doesn't seem to exist anymore, and replaced getInstance("MD4") by MD4.getInstance() in JLan, as it seems to be the way to go on modern Java platforms (MD4 is not registered by default, as documented in MD4 class itself).


How can I check my password again some plain-text one?







java smb






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 2 at 13:56







ymajoros

















asked Oct 13 '16 at 19:19









ymajorosymajoros

1,08622551




1,08622551








  • 1





    Not sure I can provide much help, but I would suggest that the first curiosity to explore is why JLan (which I know nothing about) sees your Win10 box as NTLM1. Unless you've specifically disabled later versions of it, W10 should be negotiating the later version by default. I'd also wonder about any assumptions JLan makes about the connection itself, eg signed, secured, etc (SMB rules). As I said, not much direct help, but some suggestions of where to look. Lastly, you might peruse some of the SAMBA project's work in this area to see if any similar issues on that side might inspire some ideas

    – David W
    Oct 19 '16 at 13:11








  • 2





    Do you receive any errors when authenticating? Can you perhaps share your customizations on GitHub?

    – MojoJojo
    Oct 20 '16 at 1:47











  • @DavidW didn't disable or force anything, and I'm not sure whether it's really trying to do NTLM1 auth or if it's just jlan that gets it like this. I did try to google all of that, but didn't come up with something useful yet. Thanks for your input anyway.

    – ymajoros
    Oct 21 '16 at 12:01











  • @MojoJojo github.com/Valuya/javadance . It just pretends that authentication failed, and putting breakpoints, I can see that it expectes a 24 bytes hash when it's really 74.

    – ymajoros
    Oct 21 '16 at 12:03






  • 1





    Is there any reason why you're not using JCIFS? JCIFS is and has always been the defacto Java implementation of SMB. I don't think that alfresco thing every really took off.

    – squarewav
    Jan 2 '17 at 19:25














  • 1





    Not sure I can provide much help, but I would suggest that the first curiosity to explore is why JLan (which I know nothing about) sees your Win10 box as NTLM1. Unless you've specifically disabled later versions of it, W10 should be negotiating the later version by default. I'd also wonder about any assumptions JLan makes about the connection itself, eg signed, secured, etc (SMB rules). As I said, not much direct help, but some suggestions of where to look. Lastly, you might peruse some of the SAMBA project's work in this area to see if any similar issues on that side might inspire some ideas

    – David W
    Oct 19 '16 at 13:11








  • 2





    Do you receive any errors when authenticating? Can you perhaps share your customizations on GitHub?

    – MojoJojo
    Oct 20 '16 at 1:47











  • @DavidW didn't disable or force anything, and I'm not sure whether it's really trying to do NTLM1 auth or if it's just jlan that gets it like this. I did try to google all of that, but didn't come up with something useful yet. Thanks for your input anyway.

    – ymajoros
    Oct 21 '16 at 12:01











  • @MojoJojo github.com/Valuya/javadance . It just pretends that authentication failed, and putting breakpoints, I can see that it expectes a 24 bytes hash when it's really 74.

    – ymajoros
    Oct 21 '16 at 12:03






  • 1





    Is there any reason why you're not using JCIFS? JCIFS is and has always been the defacto Java implementation of SMB. I don't think that alfresco thing every really took off.

    – squarewav
    Jan 2 '17 at 19:25








1




1





Not sure I can provide much help, but I would suggest that the first curiosity to explore is why JLan (which I know nothing about) sees your Win10 box as NTLM1. Unless you've specifically disabled later versions of it, W10 should be negotiating the later version by default. I'd also wonder about any assumptions JLan makes about the connection itself, eg signed, secured, etc (SMB rules). As I said, not much direct help, but some suggestions of where to look. Lastly, you might peruse some of the SAMBA project's work in this area to see if any similar issues on that side might inspire some ideas

– David W
Oct 19 '16 at 13:11







Not sure I can provide much help, but I would suggest that the first curiosity to explore is why JLan (which I know nothing about) sees your Win10 box as NTLM1. Unless you've specifically disabled later versions of it, W10 should be negotiating the later version by default. I'd also wonder about any assumptions JLan makes about the connection itself, eg signed, secured, etc (SMB rules). As I said, not much direct help, but some suggestions of where to look. Lastly, you might peruse some of the SAMBA project's work in this area to see if any similar issues on that side might inspire some ideas

– David W
Oct 19 '16 at 13:11






2




2





Do you receive any errors when authenticating? Can you perhaps share your customizations on GitHub?

– MojoJojo
Oct 20 '16 at 1:47





Do you receive any errors when authenticating? Can you perhaps share your customizations on GitHub?

– MojoJojo
Oct 20 '16 at 1:47













@DavidW didn't disable or force anything, and I'm not sure whether it's really trying to do NTLM1 auth or if it's just jlan that gets it like this. I did try to google all of that, but didn't come up with something useful yet. Thanks for your input anyway.

– ymajoros
Oct 21 '16 at 12:01





@DavidW didn't disable or force anything, and I'm not sure whether it's really trying to do NTLM1 auth or if it's just jlan that gets it like this. I did try to google all of that, but didn't come up with something useful yet. Thanks for your input anyway.

– ymajoros
Oct 21 '16 at 12:01













@MojoJojo github.com/Valuya/javadance . It just pretends that authentication failed, and putting breakpoints, I can see that it expectes a 24 bytes hash when it's really 74.

– ymajoros
Oct 21 '16 at 12:03





@MojoJojo github.com/Valuya/javadance . It just pretends that authentication failed, and putting breakpoints, I can see that it expectes a 24 bytes hash when it's really 74.

– ymajoros
Oct 21 '16 at 12:03




1




1





Is there any reason why you're not using JCIFS? JCIFS is and has always been the defacto Java implementation of SMB. I don't think that alfresco thing every really took off.

– squarewav
Jan 2 '17 at 19:25





Is there any reason why you're not using JCIFS? JCIFS is and has always been the defacto Java implementation of SMB. I don't think that alfresco thing every really took off.

– squarewav
Jan 2 '17 at 19:25












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f40029231%2fsmb-authentication-74-bytes-vs-24%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f40029231%2fsmb-authentication-74-bytes-vs-24%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

SQL update select statement

'app-layout' is not a known element: how to share Component with different Modules