smb authentication (74 bytes vs 24?)












11















I need to implement a virtual filesystem that will be accessed as a Windows share.



It seems Alfresco JLan is doing the job. So far, I have some promising results starting from this answer: How to setup alfresco jlan file server as a standalone java package?



Now, I can't seem to actually authenticate. My dummy implementation always succeeds, but as soon as I try to validate the password, it just fails.



Some information:




  • It runs on a windows machine with port 445 not being used by Windows itself (Server services disabled etc.)

  • From same Windows 10 client, it seems JLan sees it as ntlmv1 authentication, which looks strange to me (I'd at least expect ntlmv2). alg == NTLM1 in JLan's CifsAuthenticator::validatePassword.

  • It seems the encrypted used password is 74 bytes, vs the 24 it expects, and it fails at that.

  • Had to remove CryptixCrypto that doesn't seem to exist anymore, and replaced getInstance("MD4") by MD4.getInstance() in JLan, as it seems to be the way to go on modern Java platforms (MD4 is not registered by default, as documented in MD4 class itself).


How can I check my password again some plain-text one?






java smb







share|improve this question




















  • 1





    Not sure I can provide much help, but I would suggest that the first curiosity to explore is why JLan (which I know nothing about) sees your Win10 box as NTLM1. Unless you've specifically disabled later versions of it, W10 should be negotiating the later version by default. I'd also wonder about any assumptions JLan makes about the connection itself, eg signed, secured, etc (SMB rules). As I said, not much direct help, but some suggestions of where to look. Lastly, you might peruse some of the SAMBA project's work in this area to see if any similar issues on that side might inspire some ideas

    – David W
    Oct 19 '16 at 13:11








  • 2





    Do you receive any errors when authenticating? Can you perhaps share your customizations on GitHub?

    – MojoJojo
    Oct 20 '16 at 1:47











  • @DavidW didn't disable or force anything, and I'm not sure whether it's really trying to do NTLM1 auth or if it's just jlan that gets it like this. I did try to google all of that, but didn't come up with something useful yet. Thanks for your input anyway.

    – ymajoros
    Oct 21 '16 at 12:01











  • @MojoJojo github.com/Valuya/javadance . It just pretends that authentication failed, and putting breakpoints, I can see that it expectes a 24 bytes hash when it's really 74.

    – ymajoros
    Oct 21 '16 at 12:03






  • 1





    Is there any reason why you're not using JCIFS? JCIFS is and has always been the defacto Java implementation of SMB. I don't think that alfresco thing every really took off.

    – squarewav
    Jan 2 '17 at 19:25
















11















I need to implement a virtual filesystem that will be accessed as a Windows share.



It seems Alfresco JLan is doing the job. So far, I have some promising results starting from this answer: How to setup alfresco jlan file server as a standalone java package?



Now, I can't seem to actually authenticate. My dummy implementation always succeeds, but as soon as I try to validate the password, it just fails.



Some information:




  • It runs on a windows machine with port 445 not being used by Windows itself (Server services disabled etc.)

  • From same Windows 10 client, it seems JLan sees it as ntlmv1 authentication, which looks strange to me (I'd at least expect ntlmv2). alg == NTLM1 in JLan's CifsAuthenticator::validatePassword.

  • It seems the encrypted used password is 74 bytes, vs the 24 it expects, and it fails at that.

  • Had to remove CryptixCrypto that doesn't seem to exist anymore, and replaced getInstance("MD4") by MD4.getInstance() in JLan, as it seems to be the way to go on modern Java platforms (MD4 is not registered by default, as documented in MD4 class itself).


How can I check my password again some plain-text one?






java smb







share|improve this question




















  • 1





    Not sure I can provide much help, but I would suggest that the first curiosity to explore is why JLan (which I know nothing about) sees your Win10 box as NTLM1. Unless you've specifically disabled later versions of it, W10 should be negotiating the later version by default. I'd also wonder about any assumptions JLan makes about the connection itself, eg signed, secured, etc (SMB rules). As I said, not much direct help, but some suggestions of where to look. Lastly, you might peruse some of the SAMBA project's work in this area to see if any similar issues on that side might inspire some ideas

    – David W
    Oct 19 '16 at 13:11








  • 2





    Do you receive any errors when authenticating? Can you perhaps share your customizations on GitHub?

    – MojoJojo
    Oct 20 '16 at 1:47











  • @DavidW didn't disable or force anything, and I'm not sure whether it's really trying to do NTLM1 auth or if it's just jlan that gets it like this. I did try to google all of that, but didn't come up with something useful yet. Thanks for your input anyway.

    – ymajoros
    Oct 21 '16 at 12:01











  • @MojoJojo github.com/Valuya/javadance . It just pretends that authentication failed, and putting breakpoints, I can see that it expectes a 24 bytes hash when it's really 74.

    – ymajoros
    Oct 21 '16 at 12:03






  • 1





    Is there any reason why you're not using JCIFS? JCIFS is and has always been the defacto Java implementation of SMB. I don't think that alfresco thing every really took off.

    – squarewav
    Jan 2 '17 at 19:25














11












11








11


2






I need to implement a virtual filesystem that will be accessed as a Windows share.



It seems Alfresco JLan is doing the job. So far, I have some promising results starting from this answer: How to setup alfresco jlan file server as a standalone java package?



Now, I can't seem to actually authenticate. My dummy implementation always succeeds, but as soon as I try to validate the password, it just fails.



Some information:




  • It runs on a windows machine with port 445 not being used by Windows itself (Server services disabled etc.)

  • From same Windows 10 client, it seems JLan sees it as ntlmv1 authentication, which looks strange to me (I'd at least expect ntlmv2). alg == NTLM1 in JLan's CifsAuthenticator::validatePassword.

  • It seems the encrypted used password is 74 bytes, vs the 24 it expects, and it fails at that.

  • Had to remove CryptixCrypto that doesn't seem to exist anymore, and replaced getInstance("MD4") by MD4.getInstance() in JLan, as it seems to be the way to go on modern Java platforms (MD4 is not registered by default, as documented in MD4 class itself).


How can I check my password again some plain-text one?






java smb







share|improve this question
















I need to implement a virtual filesystem that will be accessed as a Windows share.



It seems Alfresco JLan is doing the job. So far, I have some promising results starting from this answer: How to setup alfresco jlan file server as a standalone java package?



Now, I can't seem to actually authenticate. My dummy implementation always succeeds, but as soon as I try to validate the password, it just fails.



Some information:




  • It runs on a windows machine with port 445 not being used by Windows itself (Server services disabled etc.)

  • From same Windows 10 client, it seems JLan sees it as ntlmv1 authentication, which looks strange to me (I'd at least expect ntlmv2). alg == NTLM1 in JLan's CifsAuthenticator::validatePassword.

  • It seems the encrypted used password is 74 bytes, vs the 24 it expects, and it fails at that.

  • Had to remove CryptixCrypto that doesn't seem to exist anymore, and replaced getInstance("MD4") by MD4.getInstance() in JLan, as it seems to be the way to go on modern Java platforms (MD4 is not registered by default, as documented in MD4 class itself).


How can I check my password again some plain-text one?






java smb




java smb






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 2 at 13:56







ymajoros

















asked Oct 13 '16 at 19:19









ymajorosymajoros

1,08622551




1,08622551








  • 1





    Not sure I can provide much help, but I would suggest that the first curiosity to explore is why JLan (which I know nothing about) sees your Win10 box as NTLM1. Unless you've specifically disabled later versions of it, W10 should be negotiating the later version by default. I'd also wonder about any assumptions JLan makes about the connection itself, eg signed, secured, etc (SMB rules). As I said, not much direct help, but some suggestions of where to look. Lastly, you might peruse some of the SAMBA project's work in this area to see if any similar issues on that side might inspire some ideas

    – David W
    Oct 19 '16 at 13:11








  • 2





    Do you receive any errors when authenticating? Can you perhaps share your customizations on GitHub?

    – MojoJojo
    Oct 20 '16 at 1:47











  • @DavidW didn't disable or force anything, and I'm not sure whether it's really trying to do NTLM1 auth or if it's just jlan that gets it like this. I did try to google all of that, but didn't come up with something useful yet. Thanks for your input anyway.

    – ymajoros
    Oct 21 '16 at 12:01











  • @MojoJojo github.com/Valuya/javadance . It just pretends that authentication failed, and putting breakpoints, I can see that it expectes a 24 bytes hash when it's really 74.

    – ymajoros
    Oct 21 '16 at 12:03






  • 1





    Is there any reason why you're not using JCIFS? JCIFS is and has always been the defacto Java implementation of SMB. I don't think that alfresco thing every really took off.

    – squarewav
    Jan 2 '17 at 19:25














  • 1





    Not sure I can provide much help, but I would suggest that the first curiosity to explore is why JLan (which I know nothing about) sees your Win10 box as NTLM1. Unless you've specifically disabled later versions of it, W10 should be negotiating the later version by default. I'd also wonder about any assumptions JLan makes about the connection itself, eg signed, secured, etc (SMB rules). As I said, not much direct help, but some suggestions of where to look. Lastly, you might peruse some of the SAMBA project's work in this area to see if any similar issues on that side might inspire some ideas

    – David W
    Oct 19 '16 at 13:11








  • 2





    Do you receive any errors when authenticating? Can you perhaps share your customizations on GitHub?

    – MojoJojo
    Oct 20 '16 at 1:47











  • @DavidW didn't disable or force anything, and I'm not sure whether it's really trying to do NTLM1 auth or if it's just jlan that gets it like this. I did try to google all of that, but didn't come up with something useful yet. Thanks for your input anyway.

    – ymajoros
    Oct 21 '16 at 12:01











  • @MojoJojo github.com/Valuya/javadance . It just pretends that authentication failed, and putting breakpoints, I can see that it expectes a 24 bytes hash when it's really 74.

    – ymajoros
    Oct 21 '16 at 12:03






  • 1





    Is there any reason why you're not using JCIFS? JCIFS is and has always been the defacto Java implementation of SMB. I don't think that alfresco thing every really took off.

    – squarewav
    Jan 2 '17 at 19:25








1




1





Not sure I can provide much help, but I would suggest that the first curiosity to explore is why JLan (which I know nothing about) sees your Win10 box as NTLM1. Unless you've specifically disabled later versions of it, W10 should be negotiating the later version by default. I'd also wonder about any assumptions JLan makes about the connection itself, eg signed, secured, etc (SMB rules). As I said, not much direct help, but some suggestions of where to look. Lastly, you might peruse some of the SAMBA project's work in this area to see if any similar issues on that side might inspire some ideas

– David W
Oct 19 '16 at 13:11







Not sure I can provide much help, but I would suggest that the first curiosity to explore is why JLan (which I know nothing about) sees your Win10 box as NTLM1. Unless you've specifically disabled later versions of it, W10 should be negotiating the later version by default. I'd also wonder about any assumptions JLan makes about the connection itself, eg signed, secured, etc (SMB rules). As I said, not much direct help, but some suggestions of where to look. Lastly, you might peruse some of the SAMBA project's work in this area to see if any similar issues on that side might inspire some ideas

– David W
Oct 19 '16 at 13:11






2




2





Do you receive any errors when authenticating? Can you perhaps share your customizations on GitHub?

– MojoJojo
Oct 20 '16 at 1:47





Do you receive any errors when authenticating? Can you perhaps share your customizations on GitHub?

– MojoJojo
Oct 20 '16 at 1:47













@DavidW didn't disable or force anything, and I'm not sure whether it's really trying to do NTLM1 auth or if it's just jlan that gets it like this. I did try to google all of that, but didn't come up with something useful yet. Thanks for your input anyway.

– ymajoros
Oct 21 '16 at 12:01





@DavidW didn't disable or force anything, and I'm not sure whether it's really trying to do NTLM1 auth or if it's just jlan that gets it like this. I did try to google all of that, but didn't come up with something useful yet. Thanks for your input anyway.

– ymajoros
Oct 21 '16 at 12:01













@MojoJojo github.com/Valuya/javadance . It just pretends that authentication failed, and putting breakpoints, I can see that it expectes a 24 bytes hash when it's really 74.

– ymajoros
Oct 21 '16 at 12:03





@MojoJojo github.com/Valuya/javadance . It just pretends that authentication failed, and putting breakpoints, I can see that it expectes a 24 bytes hash when it's really 74.

– ymajoros
Oct 21 '16 at 12:03




1




1





Is there any reason why you're not using JCIFS? JCIFS is and has always been the defacto Java implementation of SMB. I don't think that alfresco thing every really took off.

– squarewav
Jan 2 '17 at 19:25





Is there any reason why you're not using JCIFS? JCIFS is and has always been the defacto Java implementation of SMB. I don't think that alfresco thing every really took off.

– squarewav
Jan 2 '17 at 19:25












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f40029231%2fsmb-authentication-74-bytes-vs-24%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f40029231%2fsmb-authentication-74-bytes-vs-24%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Can a sorcerer learn a 5th-level spell early by creating spell slots using the Font of Magic feature?

Image
28 6 $begingroup$ Per the Font of Magic feature, sorcerer can use Flexible Casting to create 5th-level spell slots at level 7, even though they are not typically available until level 9. You can transform unexpended sorcery points into one spell slot as a bonus action on your turn. The Creating Spell Slots table shows the cost of creating a spell slot of [5th level is 7] If such a sorcerer levels up while still having this 5th-level spell slot, can they choose a 5th-level spell as the spell they gain upon levelling up? The Spellcasting feature states: Additionally, when you gain a level in this class, you can choose one of the sorcerer spells you know and replace it with another spell from the sorcerer spell list, which also must be of a level for which you have spell slots.
Read more

Does disintegrating a polymorphed enemy still kill it after the 2018 errata?

Image
up vote 13 down vote favorite 1 After the 2018 errata, the disintegrate spell description now reads: A creature targeted by this spell must make a Dexterity saving throw. On a failed save, the target takes 10d6 + 40 force damage. The target is disintegrated if this damage leaves it with 0 hit points. If you were to polymorph an enemy into a rat and then disintegrate it, would the enemy be disintegrated or would it just return to its original form? I know that for Druids, it’s not an instant kill anymore, but is this the case for polymorph as well? dnd-5e spells polymorph errata share | improve this question edited 18 hours ago
Read more

A Topological Invariant for $pi_3(U(n))$

Image
3 3 $begingroup$ Recently, I saw a construction of topological invariant for $pi_3(U(n))$ with $ngeq 2$ : $$ N=frac{1}{24pi^2}int_{S^3} d^3x epsilon^{ijk} Tr[(U^{-1}partial_{x_i}U)(U^{-1}partial_{x_j}U)(U^{-1}partial_{x_k}U)] , $$ where $Uin U(n)$ depends on $boldsymbol{x}=(x_1,x_2,x_3)in S^3$ , $epsilon^{ijk}$ is the Levi-Civita symbol, $i,j,k=1,2,3$ , and the duplicated indexes are summed over. It is claimed that $N$ is an integer, but why? Update 02/02/2019 I think I got an argument for $n=2$ . In this case, $U=e^{i varphi} q$ with $qin SU(2)$ . Due to the trace and the Levi-Civita symbol in $N$ , $varphi$ does not contribute to $N$ . As $Tr[q^{dagger}partial_i q]=0$ and $(q^{dagger}partial_i q)^{dagger}=-q^{dagger}partial_i q$ , $q^{dagger}partial_i q$ in geneeral has the form $q^{dagger}partia
Read more